Lucene search
K

1145 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-61460

Krayin CRM through 2.2.3 contains an insecure direct object reference vulnerability in LeadController, PersonController, OrganizationController, QuoteController, and ActivityController that allows authenticated users to edit, update, or delete records owned by other users. Attackers can modify CR...

8.8CVSS0.0028EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42981

Krayin CRM through 2.2.3 contains an insecure direct object reference vulnerability in LeadController, PersonController, OrganizationController, QuoteController, and ActivityController that allows authenticated users to edit, update, or delete records owned by other users. Attackers can modify CR...

8.8CVSS6.1AI score0.0028EPSS
Exploits0References3
OSV
OSV
added 4 days ago2 views

CVE-2025-30007 HestiaCP < 1.9.5 Authenticated OS Command Injection via DNS Record Management

HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerability that allows low-privilege authenticated users to execute arbitrary commands as root by injecting a single-quote character into unvalidated DNS record types. Attackers can exploit insufficient input validation in...

8.7CVSS6.6AI score0.02077EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 4 days ago8 views

CVE-2026-58225 SQL injection via unescaped dollar-quote in Postgrex.Notifications reconnect replay causes notification denial of service

SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing a denial of service of the notification connection. Postgrex.Notifications sanitizes channel names with quotechannel/1, which doubl...

2.1CVSS6.3AI score0.00163EPSS
Exploits0References4
CVE
CVE
added 4 days ago13 views

CVE-2026-58225

This CVE affects postgrex (specifically Postgrex.Notifications) used with elixir-ecto. The root cause is a SQL injection-like flaw in the reconnect replay: on (re)connect, handle_connect/1 concatenates LISTEN statements and wraps them in a dollar-quoted block (DO $$ ... $$). quote_channel/1 doubl...

2.1CVSS6.3AI score0.00163EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-58225 SQL injection via unescaped dollar-quote in Postgrex.Notifications reconnect replay causes notification denial of service

SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing a denial of service of the notification connection. Postgrex.Notifications sanitizes channel names with quotechannel/1, which doubl...

2.1CVSS0.00163EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago11 views

PT-2026-57246

Name of the Vulnerable Software and Affected Versions HestiaCP versions prior to 1.9.5 Description An authenticated OS command injection allows low-privilege users to execute arbitrary commands as root. The issue stems from insufficient input validation in the is dns record format valid function...

8.8CVSS6.6AI score0.02077EPSS
Exploits0References6
NVD
NVD
added 5 days ago6 views

CVE-2026-9021

The Easy Invoice plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.19. This is due to the plugin registering the easyinvoiceacceptquote and easyinvoicedeclinequote AJAX actions via wpajaxnopriv hooks and relying solely on a quote-scoped nonce that i...

5.3CVSS0.00297EPSS
Exploits0References10
CVE
CVE
added 5 days ago11 views

CVE-2026-9021

The CVE concerns the WordPress plugin Easy Invoice (WordPress plugin) with vulnerability in versions up to 2.1.19. The root cause is Missing Authorization via AJAX actions easy_invoice_accept_quote and easy_invoice_decline_quote , registered with wp_ajax_nopriv_ hooks and relying on a quote-scope...

5.3CVSS6AI score0.00297EPSS
Exploits0References10
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-9021 Easy Invoice <= 2.1.19 - Unauthenticated Arbitrary Quote Accept/Decline and Invoice Creation via easy_invoice_accept_quote / easy_invoice_decline_quote AJAX Actions

The Easy Invoice plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.19. This is due to the plugin registering the easyinvoiceacceptquote and easyinvoicedeclinequote AJAX actions via wpajaxnopriv hooks and relying solely on a quote-scoped nonce that i...

5.3CVSS0.00297EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-9021

The Easy Invoice plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.19. This is due to the plugin registering the easyinvoiceacceptquote and easyinvoicedeclinequote AJAX actions via wpajaxnopriv hooks and relying solely on a quote-scoped nonce that i...

5.3CVSS6AI score0.00297EPSS
Exploits0References11
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42567

The Easy Invoice plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.19. This is due to the plugin registering the easyinvoiceacceptquote and easyinvoicedeclinequote AJAX actions via wpajaxnopriv hooks and relying solely on a quote-scoped nonce that i...

5.3CVSS6AI score0.00297EPSS
Exploits0References10
OSV
OSV
added last week4 views

DEBIAN-CVE-2026-58472

GNU Wget through 1.25.0, fixed in commit dd692d9, contains a heap buffer overflow vulnerability in the htmlquotestring function in src/convert.c that allows a remote attacker to trigger memory corruption by supplying a crafted HTML attribute with a large number of characters requiring entity...

7.1CVSS6.3AI score0.00221EPSS
Exploits0References1
OSV
OSV
added 2026/07/07 4:52 p.m.5 views

GO-2026-5496 Improper single-quote escaping in go-git SSH transport in github.com/go-git/go-git

Improper single-quote escaping in go-git SSH transport in github.com/go-git/go-git...

9.6CVSS5.9AI score0.00365EPSS
Exploits0References1
OSV
OSV
added 2026/07/07 4:11 p.m.13 views

ROOT-APP-NPM-CVE-2021-42740 CVE-2021-42740 in @rootio/shell-quote - Patched by Root

Root has patched CVE-2021-42740 in the @rootio/shell-quote package for Root:npm. Multiple fixed versions available...

9.8CVSS7.3AI score0.0434EPSS
Exploits0
OSV
OSV
added 2026/07/07 4:11 p.m.11 views

ROOT-APP-NPM-CVE-2026-9277 CVE-2026-9277 in @rootio/shell-quote - Patched by Root

Root has patched CVE-2026-9277 in the @rootio/shell-quote package for Root:npm. Multiple fixed versions available...

9.2CVSS5.3AI score0.00848EPSS
Exploits1
Cvelist
Cvelist
added 2026/07/07 3:28 a.m.34 views

CVE-2026-34158 Coolify: Command injection via single-quote breakout in Docker Compose custom commands

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker helper wraps user-controlled commands in single quotes without escaping embedded single quotes. Attackers who can edit application settings can inject a...

8.8CVSS0.00363EPSS
Exploits0References1
CVE
CVE
added 2026/07/07 3:28 a.m.16 views

CVE-2026-34158

Coolify (open-source self-hosted) prior to version 4.0.0-beta.469 is affected by a command-injection in the executeInDocker() helper. The function wraps user-controlled commands in single quotes, but fails to escape embedded single quotes, enabling an attacker who can edit application settings to...

8.8CVSS6.2AI score0.00363EPSS
Exploits0References1
OSV
OSV
added 2026/07/07 3:28 a.m.3 views

CVE-2026-34158 Coolify: Command injection via single-quote breakout in Docker Compose custom commands

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker helper wraps user-controlled commands in single quotes without escaping embedded single quotes. Attackers who can edit application settings can inject a...

8.8CVSS6.2AI score0.00363EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/07/02 11:3 a.m.5 views

WordPress Request a Quote – Quote Forms for Any WordPress Site plugin <= 2.5.5 - Unauthenticated Code Injection vulnerability

Unauthenticated Code Injection vulnerability discovered by Mitchell in WordPress Plugin Request a Quote versions = 2.5.5...

7.5CVSS5.8AI score0.00333EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder