Lucene search
K

1751 matches found

CVE
CVE
added 4 hours ago8 views

CVE-2026-12512

CVE-2026-12512 affects the Quotes llama WordPress plugin prior to 3.1.6. The issue is due to improper sanitization/escaping of a user-supplied parameter used in a SQL query, allowing unauthenticated attackers to perform UNION-based SQL injections and read arbitrary data from the database, includi...

6.2AI score
Exploits0References1
Cvelist
Cvelist
added 4 hours ago6 views

CVE-2026-12512 Quotes Llama < 3.1.6 - Unauthenticated SQL Injection via sc Parameter

The Quotes llama WordPress plugin before 3.1.6 does not properly sanitize and escape a user-supplied parameter before using it in a SQL query, allowing unauthenticated attackers to perform UNION-based SQL injection and read arbitrary data from the database, including password hashes...

Exploits0References1
Nuclei
Nuclei
added yesterday8 views

WordPress Stray Random Quotes <= 1.9.9 - Cross-Site Scripting

Stray Random Quotes WordPress plugin = 1.9.9 contains a reflected cross-site scripting caused by a lack of sanitization and escaping of a parameter before output, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL...

6.1CVSS7AI score0.00571EPSS
Exploits1References2
Snyk
Snyk
added 6 days ago4 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the VALUE regex pattern within the selector parsing process. An attacker can cause excessive CPU consumption and block server threads by submitting specially crafted attribute selectors with...

8.7CVSS6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-56840

Name of the Vulnerable Software and Affected Versions soupsieve affected versions not specified Description The CSS selector parser in soupsieve contains a regular expression vulnerable to catastrophic backtracking, which occurs when the regex engine takes an exponential amount of time to process...

7.5CVSS6.1AI score
Exploits0References4
NVD
NVD
added 2026/07/07 5:16 a.m.9 views

CVE-2026-34158

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker helper wraps user-controlled commands in single quotes without escaping embedded single quotes. Attackers who can edit application settings can inject a...

8.8CVSS0.00363EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/07 3:28 a.m.5 views

EUVD-2026-41998

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker helper wraps user-controlled commands in single quotes without escaping embedded single quotes. Attackers who can edit application settings can inject a...

8.8CVSS6.2AI score0.00363EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/07 3:28 a.m.6 views

CVE-2026-34158

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker helper wraps user-controlled commands in single quotes without escaping embedded single quotes. Attackers who can edit application settings can inject a...

8.8CVSS6.2AI score0.00363EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2026/06/30 7:38 a.m.16 views

Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth

A critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attacker execute arbitrary commands as root on the appliance by sending a crafted request to its API. The flaw, tracked as CVE-2026-8037 , carries a CVSS score of 9.8 according to ZDI. A patch is available. If you run...

9.6CVSS7.8AI score0.4343EPSS
Exploits3
OSV
OSV
added 2026/06/29 5:22 p.m.3 views

CVE-2026-57955 SigNoz 0.130.1 - SQL Injection in Alert History Endpoints via Rule ID Parameter

SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers to execute arbitrary ClickHouse queries by injecting URL-encoded quotes into the rule ID path parameter of the alert-history endpoints. Attackers can manipulate the unsanitized rule ID interpolated...

8.3CVSS6.2AI score0.00235EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-350 External Control of File Name or Path in h2oai/h2o-3

Remote unauthenticated attackers can overwrite arbitrary server files with attacker-controllable data. The data that the attacker can control is not entirely arbitrary. h2o writes a CSV/XLS/etc file to disk, so the attacker data is wrapped in quotations and starts with "C1", if they're exporting ...

9.3CVSS7.5AI score0.00715EPSS
Exploits1References6
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-56062

Unauthenticated SQL Injection in Quotes llama = 3.1.5 versions...

9.3CVSS0.00236EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.43 views

CVE-2026-56062 WordPress Quotes llama plugin <= 3.1.5 - SQL Injection vulnerability

Unauthenticated SQL Injection in Quotes llama = 3.1.5 versions...

9.3CVSS0.00236EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.13 views

CVE-2026-56062

The CVE identifies an unauthenticated SQL injection in the WordPress Quotes llama plugin, affecting versions up to and including 3.1.5. The vulnerability arises in Quotes llama’s handling of input data, allowing unauthenticated attackers to potentially execute SQL commands. The CVSS base score is...

9.3CVSS5.8AI score0.00236EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.6 views

EUVD-2026-39716

Unauthenticated SQL Injection in Quotes llama = 3.1.5 versions...

9.3CVSS5.8AI score0.00236EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 5:16 p.m.8 views

CVE-2026-54025

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, there is a vulnerability in LibreChat's markdown artifact preview pipeline. The marked library v15.0.12 does not HTML-escape double-quote characters in image alt text when a custom renderer falls throu...

5.4CVSS0.0014EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/25 3:53 p.m.6 views

EUVD-2026-39463

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, there is a vulnerability in LibreChat's markdown artifact preview pipeline. The marked library v15.0.12 does not HTML-escape double-quote characters in image alt text when a custom renderer falls throu...

5.4CVSS6AI score0.0014EPSS
Exploits1References1
OSV
OSV
added 2026/06/25 3:53 p.m.4 views

CVE-2026-54025 LibreChat: Stored XSS via unescaped image alt text in markdown artifact preview

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, there is a vulnerability in LibreChat's markdown artifact preview pipeline. The marked library v15.0.12 does not HTML-escape double-quote characters in image alt text when a custom renderer falls throu...

5.4CVSS6.2AI score0.0014EPSS
Exploits1References3
CVE
CVE
added 2026/06/25 3:53 p.m.9 views

CVE-2026-54025

LibreChat suffers a stored XSS in its Markdown artifact preview prior to version 0.8.4-rc1. The vulnerability arises because lib re uses marked v15.0.12 to render image alt text without HTML-escaping double quotes when the custom image renderer defers to the default renderer. LibreChat’s generate...

5.4CVSS6AI score0.0014EPSS
Exploits1References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/25 3:16 p.m.14 views

CVE-2026-57456

Vim is an open source, command line text editor. Prior to 9.2.0699, Vim's Python omni-completion runtime/autoload/python3complete.vim and the legacy pythoncomplete.vim executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion...

8.4CVSS6.1AI score0.00144EPSS
Exploits0References3
Rows per page
Query Builder