Lucene search
K

1278 matches found

CVE
CVE
added yesterday5 views

CVE-2026-59874

node-tar is a Node.js tar archive library. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 encoded entry size, causing the archive scanner to loop on the same header and make no progress; this is fixed in version 7.5.18. Upgrade to 7.5.18 to remediate. Th...

8.7CVSS5.9AI score
Exploits0References3
Nuclei
Nuclei
added last week19 views

Better Search Replace < 1.4.5 - PHP Object Injection

The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. I...

9.8CVSS7.5AI score0.68047EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/07/01 10:20 p.m.5 views

CVE-2026-50283

Craft CMS is a content management system CMS. Versions 5.0.0-RC1 through 5.9.20, and 4.0.0-RC1 through 4.17.13 contain an authorization issue in the AssetsController::actionReplaceFile that can delete a source asset without source delete permission by supplying both assetId and sourceAssetId...

5.3CVSS5.8AI score0.00265EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/07/01 6:16 p.m.10 views

CVE-2026-57722

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ShortPixel Enable Media Replace allows Stored XSS. This issue affects Enable Media Replace: from n/a through 4.2.1...

5.9CVSS0.00148EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 5:7 p.m.5 views

CVE-2026-57722

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ShortPixel Enable Media Replace allows Stored XSS. This issue affects Enable Media Replace: from n/a through 4.2.1...

5.9CVSS5.8AI score0.00148EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 5:7 p.m.7 views

EUVD-2026-41096

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ShortPixel Enable Media Replace allows Stored XSS. This issue affects Enable Media Replace: from n/a through 4.2.1...

5.9CVSS5.8AI score0.00148EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 5:7 p.m.34 views

CVE-2026-57722 WordPress Enable Media Replace plugin <= 4.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ShortPixel Enable Media Replace allows Stored XSS. This issue affects Enable Media Replace: from n/a through 4.2.1...

5.9CVSS0.00148EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 5:7 p.m.12 views

CVE-2026-57722

The CVE-2026-57722 entry concerns the WordPress plugin Enable Media Replace (versions up to and including 4.2.1). The vulnerability is described as a Stored Cross-Site Scripting (XSS) caused by improper neutralization of input during web page generation. Affected component: the Enable Media Repla...

5.9CVSS5.8AI score0.00148EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/01 5:6 p.m.5 views

WordPress Enable Media Replace plugin <= 4.2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Enable Media Replace versions = 4.2.1...

5.9CVSS5.8AI score0.00148EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.5 views

PT-2026-54889

Name of the Vulnerable Software and Affected Versions ShortPixel Enable Media Replace versions prior to 4.2.1 Description Improper neutralization of input during web page generation leads to a Stored Cross-site Scripting XSS issue. Stored XSS occurs when an application receives data from a user a...

5.9CVSS5.7AI score0.00148EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-58012

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in GLib. A buffer over-read can occur in the gregexreplace function when used with the GREGEXRAW compile flag and case-change replacement escap...

8.2CVSS6.1AI score0.00322EPSS
Exploits1References4
NVD
NVD
added 2026/06/30 1:19 p.m.10 views

CVE-2026-58012

A flaw was found in GLib. A buffer over-read can occur in the gregexreplace function when used with the GREGEXRAW compile flag and case-change replacement escapes because the stringappend function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the stri...

8.2CVSS0.00322EPSS
Exploits1References3
OSV
OSV
added 2026/06/25 9:16 a.m.6 views

UBUNTU-CVE-2026-53145

In the Linux kernel, the following vulnerability has been resolved: drm/gem: Try to fix changehandle ioctl, attempt 4 airlied: just added some comments on how to reenable On-list because the cat is out of the bag and we're clearly not good enough to figure this out in private. The story thus far:...

7.8CVSS5.8AI score0.00102EPSS
Exploits0References6
NVD
NVD
added 2026/06/23 9:16 p.m.7 views

CVE-2026-47377

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the client-side hashRedirect plugin called window.location.replace on a path extracted from the URL hash fragment after only checking hashPath.startsWith'/'. Protocol-relative URLs //attacker.com/… also satisfy that...

5.1CVSS0.00239EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 4:17 p.m.8 views

CVE-2026-54313

n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before being passed to MongoDB as a query filter, allowing...

7.7CVSS0.0026EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 3:31 p.m.6 views

EUVD-2026-38459

n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before being passed to MongoDB as a query filter, allowing...

6.5CVSS5.8AI score0.0026EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 3:31 p.m.11 views

CVE-2026-54313

n8n: NoSQL Injection in MongoDB Node Find And Replace Operation (CVE-2026-54313). Affected software: n8n open-source workflow automation platform. Vulnerable component: MongoDB node’s Find And Replace operation prior to version 2.24.0. Root cause: An authenticated user with workflow edit access c...

7.7CVSS5.8AI score0.0026EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/23 3:31 p.m.36 views

CVE-2026-54313 n8n: NoSQL Injection in MongoDB Node Find And Replace Operation

n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before being passed to MongoDB as a query filter, allowing...

6.5CVSS0.0026EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 12:31 a.m.11 views

EUVD-2026-38197

A weakness has been identified in kortix-ai suna up to 0.8.38. Affected by this issue is the function router.replace/router.push of the file apps/frontend/src/app/auth/page.tsx of the component Auth Endpoint. Executing a manipulation of the argument returnURL can lead to cross site scripting. The...

5.3CVSS4AI score0.00288EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51300

Name of the Vulnerable Software and Affected Versions ArubaSign versions prior to 4.6.6 Description Incorrect default permissions are assigned during the installation of the software. The main executable and other program files located in "C:Program Files" have excessive permissions for the...

8.8CVSS6.2AI score0.00122EPSS
Exploits0References6
Rows per page
Query Builder