Lucene search
+L

10524 matches found

cve
cve
added 4 hours ago7 views

CVE-2026-63088

In StoatChat, CVE-2026-63088 affects stoatchat before 0.14.0 with an SSRF flaw. The vulnerability stems from incomplete address validation in url_is_blacklisted, which only inspects the first resolved address while the HTTP client iterates all cached addresses, enabling unauthenticated, network-a...

8.6CVSS6.1AI score
Exploits0References4
nuclei
nuclei
added 11 hours ago20 views

Formidable Forms < 2.05.02 - Cross-Site Scripting

Formidable Form Builder for WordPress versions before 2.05.03 contains a stored cross-site scripting caused by insufficient input sanitization and output escaping in form parameters like 'afterhtml', letting unauthenticated attackers inject and execute arbitrary scripts in victims' browsers id:...

8.3CVSS6.2AI score0.00999EPSS
Exploits2References3
cvelist
cvelist
added 15 hours ago13 views

CVE-2026-12395 WP Job Portal < 2.5.5 - Subscriber+ SQL Injection via Applied Resumes 'ta' Parameter

The WP Job Portal WordPress plugin before 2.5.5 does not properly sanitize and escape a parameter before using it in a SQL query, allowing authenticated users with a subscriber-level self-registerable account to perform SQL injection attacks...

Exploits0References1
nvd
nvd
added yesterday7 views

CVE-2026-33684

WWBN AVideo is an open source video platform. Prior to version 29.0, Privilege Escalation is possible through unguarded permission parameters in signUp API, which allows any user who can solve a CAPTCHA to self-grant elevated permissions during account registration. The setapisignUp method in the...

5.3CVSS
Exploits0References1
attackerkb
attackerkb
added yesterday4 views

CVE-2026-33443

CVE-2026-33443 is a memory management error in Secure Access servers prior to 14.55. Attackers with an intimate knowledge of and total control over the tunnel protocol can create a persistent DoS against the server...

7.1CVSS6.1AI score
Exploits0References2
cve
cve
added yesterday6 views

CVE-2026-40957

CVE-2026-40957 describes a frameable content vulnerability in the Secure Access server login page prior to version 14.55. By controlling a malicious web site, an attacker could potentially steal credentials from an administrator visiting the login page. The connected sources confirm the existence...

7.5CVSS6AI score
Exploits0References1Affected Software1
cve
cve
added yesterday6 views

CVE-2026-40955

CVE-2026-40955 describes an integer underflow in the traffic parsing function of Secure Access clients prior to 14.55. The vulnerability allows attackers with intimate knowledge of and total control over the tunnel protocol to cause a non-persistent Denial of Service against their client. Affecte...

3.7CVSS6.1AI score
Exploits0References1Affected Software1
euvd
euvd
added yesterday6 views

EUVD-2026-44779

CVE-2026-40952 is a privilege misconfiguration in the Secure Access installer for the Windows client and server prior to version 14.55. Attackers with local access to the client or server can use it to elevate privileges to Administrator when Secure Access is installed in a non-default location...

8.5CVSS6.1AI score
Exploits0References1
cve
cve
added yesterday8 views

CVE-2026-45419

DataEase contains an arbitrary file write vulnerability present before version 2.10.23. The flaw resides in template handling: the TemplateManageService#save, StaticResourceServer#saveFilesToServe methods and the /de2api/templateManage/save endpoint accept attacker-controlled staticResource names...

8.5CVSS6.2AI score0.00024EPSS
Exploits0References3
nvd
nvd
added yesterday4 views

CVE-2026-49997

SurrealDB is a scalable, distributed, collaborative, document-graph database for the realtime web. Prior to 3.1.0, Document::purgeedges in surrealdb/core/src/doc/delete.rs automatically removed graph edge records with permissions disabled through opt.clone.withpermsfalse when a connected node was...

5.4CVSS0.00023EPSS
Exploits0References3
nvd
nvd
added yesterday5 views

CVE-2026-61869

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the MIFF encoder that occurs when a memory allocation fails during MIFF image processing, which can lead to denial of service...

2.9CVSS
Exploits0References2
cve
cve
added yesterday11 views

CVE-2026-57832

CVE-2026-57832 concerns the Joomla extension EDocman (versions earlier than 3.9) and describes an unauthenticated blind SQL injection. The CVE entry indicates the vulnerability exists in the EDocman component for Joomla and can be exploited without authentication, with network attack vector, no p...

8.7CVSS6.1AI score0.00228EPSS
Exploits0References2
nvd
nvd
added 2 days ago3 views

CVE-2026-15773

Use after free in Core in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS0.00264EPSS
Exploits0References2
cvelist
cvelist
added 2 days ago32 views

CVE-2026-15768

Insufficient policy enforcement in HTML-in-Canvas in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

0.00256EPSS
Exploits0References2
cve
cve
added 2 days ago8 views

CVE-2026-15736

Snowflake SQLAlchemy

8.3CVSS6.1AI score0.00267EPSS
Exploits0References1
ivanti
ivanti
added 2 days ago3 views

Security Advisory Ivanti Xtraction (CVE-2026-14902, CVE-2026-14903)

Ivanti has released updates for Ivanti Xtraction which addresses one medium and one high vulnerability. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Vulnerability Details: CVE Number | Description | CVSS Score Severity | CVSS Vector | CWE...

7.7CVSS6.2AI score0.01037EPSS
Exploits0
debiancve
debiancve
added 5 days ago5 views

CVE-2026-61465

ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation limit in matrix-backed operations such as -canny. An attacker can supply a crafted image that causes ImageMagick to allocate more memory than permitted by the configured policy, resulting in a denial of...

4.8CVSS6.1AI score0.00173EPSS
Exploits0
cvelist
cvelist
added 6 days ago32 views

CVE-2026-57216 RabbitMQ: AMQP 1.0, AMQP 0-9-1, Stream Protocol loopback enforcement can lead to remote guest sessions due to listener-address loopback checks

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, AMQP 0-9-1, AMQP 1.0, and Stream Protocol authentication can allow a loopback-restricted user such as guest to connect remotely when traffic is accepted through a trusted PROXY-protocol path and the backend...

6.8CVSS0.00468EPSS
Exploits1References6
nvd
nvd
added 6 days ago7 views

CVE-2026-61459

MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools kubectlget, kubectldescribe, kubectldelete that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType and name parameters with leading dashes. Attackers can...

9.8CVSS0.00421EPSS
Exploits0References5
euvd
euvd
added 6 days ago6 views

EUVD-2026-42986

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, POST /api/v1/kits/kitid/licenses checks whether the caller can edit kits but does not authorize access to the referenced license object, allowing a low-privilege user with predefined-kit permissions to bind a license they should n...

5.4CVSS6.1AI score0.00175EPSS
Exploits0References3
Rows per page
Query Builder