Lucene search
K

1100 matches found

Circl
Circl
added 2026/06/27 12:42 a.m.14 views

GHSA-QRV3-253H-G69C

creationtimestamp| type| source ---|---|--- 2026-06-27 00:42:18+00:00| seen| https://gist.github.com/alon710/ce97a7a2201a10b1242cd90e0ea16a7d...

5.8AI score
Exploits0References1
NVD
NVD
added 2026/06/26 8:17 p.m.9 views

CVE-2026-53309

In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: fix off-by-one in dlmmatchregions region comparison The local-vs-remote region comparison loop uses '=' instead of '', causing it to read one entry past the valid range of qrregions. The other loops in the same functio...

9.8CVSS0.00404EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/06/26 7:41 p.m.8 views

CVE-2026-53309

In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: fix off-by-one in dlmmatchregions region comparison The local-vs-remote region comparison loop uses '=' instead of '', causing it to read one entry past the valid range of qrregions. The other loops in the same functio...

9.8CVSS5.7AI score0.00404EPSS
Exploits0
NVD
NVD
added 2026/06/25 2:16 p.m.6 views

CVE-2026-56023

Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce = 1.6.2 versions...

5.4CVSS0.00203EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:12 p.m.14 views

CVE-2026-56023

The CVE concerns the WordPress plugin “UPI QR Code Payment Gateway for WooCommerce” (versions ≤ 1.6.2). The root cause is Broken Access Control, allowing unauthorized access with low privileges over a network. Metrics indicate a CVSS v3.1 base score of 5.4 (Medium) with Privileges Required: Low, ...

5.4CVSS5.9AI score0.00203EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 4:29 p.m.4 views

EUVD-2026-38911

In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: validate qrnumregions in dlmmatchregions Patch series "ocfs2/dlm: fix two bugs in dlmmatchregions". In dlmmatchregions, the qrnumregions field from a DLMQUERYREGION network message is used to drive loops over the...

5.9AI score0.00521EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51937

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the dlm match regions function, the qr numregions field from a DLM QUERY REGION network message is used to control loops over the qr regions buffer without adequate validation. A...

9.1CVSS5.9AI score0.00521EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51687

Name of the Vulnerable Software and Affected Versions Avalon23 Products Filter for WooCommerce versions prior to 1.1.7 Description Stored Cross-Site Scripting occurs via the avalon23 qr shortcode. The issue stems from insufficient input sanitization and output escaping of user-supplied shortcode...

6.4CVSS6AI score0.00193EPSS
Exploits0References9
OSV
OSV
added 2026/06/20 4:10 p.m.5 views

MINI-QRRM-6F63-Q74J

Bulletin has no description...

5.5CVSS5.7AI score0.00317EPSS
Exploits0
EUVD
EUVD
added 2026/06/06 9:31 a.m.4 views

EUVD-2025-26342

Cross-Site Request Forgery CSRF vulnerability in Akınsoft QR Menü allows Cross Site Request Forgery. This issue affects QR Menü: from s1.05.06 before v1.05.12...

8.6CVSS5.4AI score0.00157EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.18 views

CVE-2026-11205

An insufficient validation of untrusted input flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505290253...

6.5CVSS5.4AI score0.00147EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/05 11:28 p.m.38 views

CVE-2026-8608 Event Monster <= 2.1.0 - Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass via em_capture_payment AJAX Action

The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This is due to the capturepayment AJAX handler registered via wpajaxnoprivemcapturepayment trusting...

5.3CVSS0.00165EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.9 views

CVE-2026-3208

The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mppiximage' WooCommerce API endpoint in all versions up to, and including, 8.7.11. This makes it possible for unauthenticated attackers to retrieve...

5.3CVSS5.7AI score0.00499EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.10 views

CVE-2025-13479

Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and Consulting Ltd. QR Menu allows Exploitation of Trusted Identifiers. This issue affects QR Menu: through 21052026. NOTE: The vendor was contacted early about this disclosure but did not respond in any w...

7.5CVSS5.4AI score0.00251EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.10 views

CVE-2026-24545

Missing Authorization vulnerability in Nikki Blight QR Redirector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects QR Redirector: from n/a through 2.0.3...

4.3CVSS5.4AI score0.002EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 12:31 a.m.13 views

EUVD-2026-34666

Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted QR code. Chromium security severity: Medium...

6AI score0.00147EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.12 views

PT-2026-49250

A vulnerability classified as problematic was found in OpenCV wechat qrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decoded bit stream parser.cpp. The manipulation leads to null pointer dereference. Th...

4.5AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.18 views

PT-2026-47070

Name of the Vulnerable Software and Affected Versions The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress versions prior to 2.1.1 Description The software is affected by Insufficient Verification of Data Authenticity. The capture payment AJAX handler, registered vi...

5.3CVSS5.6AI score0.00165EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-11205

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to...

6.1CVSS5.6AI score0.00147EPSS
Exploits0References2
OSV
OSV
added 2026/06/04 11:17 p.m.7 views

DEBIAN-CVE-2026-11205

Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted QR code. Chromium security severity: Medium...

6.1CVSS5.6AI score0.00147EPSS
Exploits0References1
Rows per page
Query Builder