Lucene search
K

257 matches found

Nuclei
Nuclei
added 12 hours ago12 views

Registrations for The Events Calendar < 2.7.5 - Authenticated Reflected Cross-Site Scripting

The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting id: CVE-2021-24876 info: name: Registrations for The Events Calendar 2.7.5 - Authenticated Reflected...

6.1CVSS6.4AI score0.01165EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday277 views

Keycloak 10.0.0 - 18.0.0 - Cross-Site Scripting

Keycloak 10.0.0 to 18.0.0 contains a cross-site scripting vulnerability via the client-registrations endpoint. On a POST request, the application does not sanitize an unknown attribute name before including it in the error response with a 'Content-Type' of text/hml. Once reflected, the response i...

6.1CVSS6.6AI score0.37246EPSS
Exploits3References6
NVD
NVD
added 4 days ago7 views

CVE-2026-12276

The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has...

5.3CVSS0.00182EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-12276

The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has...

5.3CVSS6AI score0.00182EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: dpll: Duplicate registrations are prevented. The internal registration helper function dpllxarefdpll,pinadd has been modified to reject duplicate registration attempts. Previously, if a caller attempted to register the same pin...

5.5CVSS5.8AI score0.00115EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50555

Name of the Vulnerable Software and Affected Versions Steeltoe.Discovery.Eureka versions prior to 3.4.0 Steeltoe.Discovery.Eureka versions prior to 4.2.0 Description The DataCenterInfo.FromJson function throws an ArgumentException when it encounters any name value other than "MyOwn" or "Amazon"...

7.5CVSS5.9AI score0.00339EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/06/12 6:21 p.m.18 views

CVE-2026-50244 Naxclow IoT Platform Missing Authorization

The Naxclow platform exposes a registration endpoint that accepts signed requests containing a batch prefix and an arbitrary caller-supplied account identifier, without validating any ownership relationship. Each call mints a new sequential device identifier and returns the current high-water...

6.9CVSS5.4AI score0.00221EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.10 views

CVE-2026-7780

A weakness has been identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function udmstateoperational of the file /src/udm/udm-sm.c of the component smf-registrations Endpoint. Executing a manipulation can lead to denial of service. The attack can be executed remotely. The...

5.3CVSS5.1AI score0.00276EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.10 views

CVE-2026-42236

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could exhaust server memor...

8.7CVSS5.4AI score0.00487EPSS
Exploits0References1
Veracode
Veracode
added 2026/06/05 12:14 p.m.11 views

Denial Of Service (DoS)

Spring Cloud Function is vulnerable to Denial of Service DoS. The vulnerability is due to insufficient restrictions on function registration within the Function Registry, allowing an attacker to register an unbounded number of functions and trigger excessive memory consumption, potentially...

6.5CVSS5.5AI score0.00211EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/04 9:29 a.m.21 views

CVE-2026-50225

CVE-2026-50225: The registration endpoint /v1/account/register is documented as lacking bot mitigation, enabling automated flood of the database. The provided sources consistently describe the issue as an API path exposure with no mitigation, but there are no explicit details on affected products...

9.1CVSS5.8AI score0.00243EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.19 views

PT-2026-43870

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description The nameserver in the Qualcomm Router qrtr network subsystem does not limit the number of nodes it handles. A malicious clie...

5.5CVSS6AI score0.00123EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the qtrr server does not limit the number of nodes. This could allow malicious...

5.8AI score0.00123EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: dpll: Fixed the dpllxarefdel function for multiple registrations. Currently, if there are multiple registrations of the same pin on the same dpll device, the following warnings are observed: WARNING: CPU: 5 PID: 2212 at...

5.5CVSS5.8AI score0.00264EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: cfg80211: Fixing management registration locking issues The issue with management registration locking was addressed. The list was locked for each wdev, but the cfg80211mgmtregistrationsupdate function iterated over it without...

5.5CVSS5.2AI score0.00162EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: Fix for duplicate devices in netdev hooks When handling NETDEVREGISTER notifications, duplicate device registrations must be avoided, as the device might have been added by nftnetdevhookalloc during the...

7.8CVSS5.8AI score0.00119EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/20 2:28 a.m.11 views

SUSE CVE-2026-43491

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the number of servers added per node. A malicious client can flood NEWSERVER messages and exhaust memory. Fix this issue by...

6.2CVSS5.8AI score0.00144EPSS
Exploits0References12
NVD
NVD
added 2026/05/19 12:16 p.m.10 views

CVE-2026-43491

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the number of servers added per node. A malicious client can flood NEWSERVER messages and exhaust memory. Fix this issue by...

5.5CVSS0.00144EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/05/19 12:16 p.m.15 views

CVE-2026-43491

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the number of servers added per node. A malicious client can flood NEWSERVER messages and exhaust memory. Fix this issue by...

5.8AI score0.00144EPSS
Exploits0References7
OSV
OSV
added 2026/05/19 12:16 p.m.9 views

UBUNTU-CVE-2026-43491

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the number of servers added per node. A malicious client can flood NEWSERVER messages and exhaust memory. Fix this issue by...

6.8CVSS5.7AI score0.00144EPSS
Exploits0References12
Rows per page
Query Builder