Lucene search
K

4565 matches found

Nuclei
Nuclei
added 19 hours ago49 views

Joomla! Component Property - Local File Inclusion

A directory traversal vulnerability in the Real Estate Property comproperties component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1875 info: name: Joomla...

7.5CVSS6.2AI score0.15722EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added yesterday7 views

CVE-2026-53877

A flaw was found in Django. Instantiating django.contrib.gis.gdal.GDALRaster with a bytes object representing a raster file can trigger a heap buffer over-read in the vsibuffer property, reading roughly 32 bytes past the end of the allocated buffer. An attacker who can supply crafted raster data...

6.3CVSS6.1AI score0.00291EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added yesterday7 views

CVE-2026-59724

A flaw was found in Engine.IO. When Engine.IO servers have WebTransport enabled, a remote attacker can craft a session ID to resolve an inherited property of the clients object during WebTransport upgrade handling. This can lead to a TypeError, resulting in a denial of service DoS for the server...

7.5CVSS6.1AI score0.00339EPSS
Exploits0References6
NVD
NVD
added 3 days ago10 views

CVE-2026-59724

Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 before 6.6.7, Engine.IO servers with WebTransport enabled can resolve a crafted session ID such as proto through an inherited property of the clients object during WebTransport upgrade handling, causing a...

7.5CVSS0.00339EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-59724 Socket.IO: Engine.IO WebTransport SID DoS

Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 before 6.6.7, Engine.IO servers with WebTransport enabled can resolve a crafted session ID such as proto through an inherited property of the clients object during WebTransport upgrade handling, causing a...

7.5CVSS0.00339EPSS
Exploits0References3
NVD
NVD
added 3 days ago8 views

CVE-2026-56003

A heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to execute code within the X server...

8.8CVSS0.00643EPSS
Exploits0References2
Debian CVE
Debian CVE
added 3 days ago7 views

CVE-2026-56003

A heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to execute code within the X server...

8.8CVSS6.3AI score0.00643EPSS
Exploits0
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-34599 Coolify: Authenticated Remote Code Execution in GetLogs Livewire Component

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, there is an authenticated command injection vulnerability in the GetLogs Livewire component which allows users with team membership lowest privilege member role to execute...

8.8CVSS0.01385EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-34599

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, there is an authenticated command injection vulnerability in the GetLogs Livewire component which allows users with team membership lowest privilege member role to execute...

8.8CVSS6.2AI score0.01385EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 5 days ago5 views

CVE-2026-41716

A flaw was found in Spring Data Commons. An attacker can exploit this vulnerability by sending repeated requests with specially crafted strings, which are then permanently retained in the internal property-lookup cache. This can lead to heap exhaustion, resulting in a Denial of Service DoS for th...

7.5CVSS5.8AI score0.00363EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 5 days ago5 views

CVE-2026-41695

A flaw was found in Spring Data Commons. A remote attacker can exploit this vulnerability by providing specially crafted property path strings to the MappingContext property path resolution. This can lead to resource exhaustion, resulting in a denial of service DoS for affected applications...

7.5CVSS5.9AI score0.00363EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-46591

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Apache Camel Neo4J component. The camel-neo4j producer builds the Cypher WHERE clause for its match/retrieve and delete operations from the CamelNeo4jMatchProperties map. CVE-2025-66169 addressed Cypher injection...

6.1AI score0.00329EPSS
Exploits0References2Affected Software1
OSV
OSV
added 5 days ago4 views

PYSEC-2026-783 aptdaemon Information Disclosure via Improper Input Validation in Transaction class

There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an...

4CVSS6AI score0.0048EPSS
Exploits1References8
OSV
OSV
added 5 days ago4 views

BIT-ACTIVEMQ-2026-53917 Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker: Unbounded memory allocation in OpenWire property unmarshalling

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker. An authenticated user can cause a broker DoS by sending a crafted OpenWire Message with a large encoded size value for the map. OpenWire message...

7.5CVSS5.9AI score0.00796EPSS
Exploits0References3
NVD
NVD
added 2026/07/02 6:16 a.m.8 views

CVE-2026-13357

The Houzez Property Feed plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.5.46 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the prepareitems method...

4.9CVSS0.00288EPSS
Exploits0References6
CVE
CVE
added 2026/07/02 5:35 a.m.15 views

CVE-2026-13357

The Houzez Property Feed WordPress plugin (up to version 2.5.46) is vulnerable to SQL Injection via the 'orderby' parameter. The issue stems from user-controlled $_GET['orderby'] and $_GET['order'] being filtered only with sanitize_text_field() and concatenated into the SQL format string before $...

4.9CVSS5.8AI score0.00288EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/02 5:35 a.m.38 views

CVE-2026-13357 Houzez Property Feed <= 2.5.46 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter

The Houzez Property Feed plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.5.46 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the prepareitems method...

4.9CVSS0.00288EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/02 5:35 a.m.9 views

EUVD-2026-41246

The Houzez Property Feed plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.5.46 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the prepareitems method...

4.9CVSS5.8AI score0.00288EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/02 5:35 a.m.7 views

CVE-2026-13357

The Houzez Property Feed plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.5.46 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the prepareitems method...

4.9CVSS5.8AI score0.00288EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/01 5:8 p.m.7 views

EUVD-2026-41097

Cross-Site Request Forgery CSRF vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows Path Traversal. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.12...

7.4CVSS5.8AI score0.00124EPSS
Exploits0References1
Rows per page
Query Builder