Lucene search
K

2969 matches found

Circl
Circl
added 2026/06/10 11:0 a.m.13 views

CVE-2025-6254

creationtimestamp| type| source ---|---|--- 2026-06-10 11:00:43+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnwkntijit26 2026-06-10 11:11:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnwlbd3rzn2c 2026-06-10 12:00:15+00:00| seen|...

9.8CVSS5AI score0.00494EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.12 views

CVE-2026-9185

The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the userId parameter of the sixstoragegetuserinfo and sixstorageupdateprofile AJAX actions. This is due to the sixstoragegetUserInfo and...

7.5CVSS5.5AI score0.00403EPSS
Exploits0References1
Circl
Circl
added 2026/06/10 1:0 a.m.10 views

CVE-2026-46518

creationtimestamp| type| source ---|---|--- 2026-06-10 01:00:03+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnvj3po4ik2r 2026-06-10 02:00:39+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnvmi3n2fb2n...

8.7CVSS5.3AI score0.00208EPSS
Exploits1References2
Circl
Circl
added 2026/06/09 10:1 p.m.11 views

CVE-2026-48303

creationtimestamp| type| source ---|---|--- 2026-06-09 22:01:06+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnv73qzggu2v 2026-06-09 22:12:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnv7picz7l2o 2026-06-10 04:30:30+00:00| seen|...

10CVSS7.2AI score0.00553EPSS
Exploits0References6
NVD
NVD
added 2026/06/09 5:17 p.m.12 views

CVE-2026-49956

Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to...

7.1CVSS0.00272EPSS
Exploits0References5
Circl
Circl
added 2026/06/09 1:57 p.m.12 views

CVE-2026-45447

creationtimestamp| type| source ---|---|--- 2026-06-09 13:57:29+00:00| seen| https://bsky.app/profile/xeiaso.net/post/3mnue2z4hbv2v 2026-06-09 14:00:28+00:00| seen| https://bsky.app/profile/cadey.pony.social.ap.brid.gy/post/3mnue3epkwyc2 2026-06-09 14:48:37+00:00| seen|...

8.8CVSS7.1AI score0.02719EPSS
Exploits0References31
Cvelist
Cvelist
added 2026/06/09 3:41 a.m.35 views

CVE-2026-9185 6Storage Rentals <= 2.22.0 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Disclosure and Modification via 'userId' Parameter

The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the userId parameter of the sixstoragegetuserinfo and sixstorageupdateprofile AJAX actions. This is due to the sixstoragegetUserInfo and...

7.5CVSS0.00403EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.11 views

WordPress plugin 6Storage Rentals 安全漏洞

WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the functionality of WordPress. There is a security vulnerability in WordPress Plugin...

7.5CVSS5.9AI score0.00403EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.12 views

PT-2026-47854

Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to...

7.1CVSS5.5AI score0.00272EPSS
Exploits0References5
Circl
Circl
added 2026/06/08 5:0 p.m.13 views

CVE-2026-46656

creationtimestamp| type| source ---|---|--- 2026-06-08 17:00:25+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mns5t6aszh2s 2026-06-08 17:02:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mns5w7ytr72f...

8.8CVSS5.3AI score0.00294EPSS
Exploits0References2
Circl
Circl
added 2026/06/08 2:57 p.m.8 views

CVE-2026-50131

creationtimestamp| type| source ---|---|--- 2026-06-08 14:57:55+00:00| seen| https://bsky.app/profile/fedify.hollo.social.ap.brid.gy/post/3mnrwxyyvdir2 2026-06-08 15:09:05+00:00| seen| https://bsky.app/profile/hollo.hollo.social.ap.brid.gy/post/3mnrxlz2slhe2 2026-06-09 02:30:30+00:00| seen|...

8.6CVSS4.9AI score0.00269EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2026/06/08 12:0 a.m.7 views

6Storage Rentals <= 2.22.0 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Disclosure and Modification via 'userId' Parameter

Description The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the userId parameter of the sixstoragegetuserinfo and sixstorageupdateprofile AJAX actions. This is due to the sixstoragegetUserIn...

7.5CVSS5.3AI score0.00403EPSS
Exploits0References1
Circl
Circl
added 2026/06/07 4:30 a.m.13 views

CVE-2026-11453

creationtimestamp| type| source ---|---|--- 2026-06-07 04:30:26+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mnodh6oluy2a 2026-06-07 04:30:27+00:00| seen| https://infosec.exchange/users/offseq/statuses/116706942877312373...

6.5CVSS6.5AI score0.00193EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 p.m.18 views

CVE-2026-48907

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution...

10CVSS5.5AI score0.80425EPSS
Exploits18References1
Circl
Circl
added 2026/06/06 1:0 a.m.14 views

CVE-2026-9290

creationtimestamp| type| source ---|---|--- 2026-06-06 01:00:08+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnlha7sokz2g 2026-06-06 01:23:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnlikqk23d2r 2026-06-06 06:00:11+00:00| seen|...

7.5CVSS4.9AI score0.02403EPSS
Exploits1References5
Circl
Circl
added 2026/06/05 10:59 p.m.11 views

CVE-2026-11416

creationtimestamp| type| source ---|---|--- 2026-06-05 22:59:57+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnlajcy3g72l 2026-06-05 22:59:58+00:00| seen| https://bsky.app/profile/potato.software/post/3mnlajecvof2j 2026-06-05 23:30:45+00:00| seen|...

8.1CVSS5.3AI score0.00469EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.12 views

CVE-2026-36748

RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting XSS via Social Media links in user profile...

9CVSS5.5AI score0.00297EPSS
Exploits0References1
CVE
CVE
added 2026/06/05 7:34 p.m.24 views

CVE-2026-25624

CVE-2026-25624 is an administrative cross-site scripting vulnerability in the web UI dashboard layout of Arista Edge Threat Management NGFW. The issue involves unvalidated user-supplied variables echoed back to administrative profiles, enabling XSS when an attacker has administrative UI access. A...

5.8CVSS5.2AI score0.00154EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/05 7:34 p.m.13 views

EUVD-2026-34911

An administrative cross-site scripting XSS vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall NGFW. Unvalidated user-supplied variables are echoed back to administrative profiles, facilitating vector payload processin...

5.8CVSS5.2AI score0.00154EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/05 7:34 p.m.29 views

CVE-2026-25624 Arista Edge Threat Management NGFW UI Administrative Cross-Site Scripting

An administrative cross-site scripting XSS vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall NGFW. Unvalidated user-supplied variables are echoed back to administrative profiles, facilitating vector payload processin...

5.8CVSS0.00154EPSS
Exploits0References1
Rows per page
Query Builder