Lucene search
K

189 matches found

Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-006301)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006301 advisory. An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allo...

5.3CVSS7.1AI score0.006EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.11 views

WordPress plugin LuxeDrive 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.1CVSS5.8AI score0.00512EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.8 views

WordPress plugin Emaurri 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.1CVSS5.8AI score0.00512EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.7 views

PT-2026-26494

Name of the Vulnerable Software and Affected Versions Query Monitor versions prior to 3.20.4 Description The Query Monitor plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to...

7.2CVSS6.1AI score0.00302EPSS
Exploits0References11
OSV
OSV
added 2026/03/09 4:16 a.m.5 views

CVE-2026-3798

A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub44AC14 of the file /cgi-bin/mbox-config?method=SET&section=pingconfig of the component Request Path Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is no...

7.2CVSS5.6AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.7 views

PT-2026-24006

A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub 44AC14 of the file /cgi-bin/mbox-config?method=SET&section=ping config of the component Request Path Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is...

5.8CVSS5.6AI score0.13485EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.7 views

WordPress plugin Daiquiri 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.8 views

WordPress plugin Conquerors 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/01 12:56 p.m.2 views

CVE-2021-47921 Free Photo & Video Vault 0.0.2 Directory Traversal Vulnerability via Web Request

Free Photo & Video Vault 0.0.2 contains a directory traversal web vulnerability that allows remote attackers to manipulate application path requests and access sensitive system files. Attackers can exploit the vulnerability without privileges to retrieve environment variables and access...

7.1CVSS5.5AI score0.00694EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/28 5:35 p.m.5 views

CVE-2020-36963 Intelbras Router RF 301K 1.1.2 - Authentication Bypass

Intelbras Router RF 301K firmware version 1.1.2 contains an authentication bypass vulnerability that allows unauthenticated attackers to download router configuration files. Attackers can send a specific HTTP GET request to /cgi-bin/DownloadCfg/RouterCfm.cfg to retrieve sensitive router...

8.7CVSS5.9AI score0.00364EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.7 views

WordPress plugin Powerlift has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.8AI score0.00504EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.9 views

WordPress plugin “Photography” security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
OSV
OSV
added 2026/01/20 4:34 p.m.3 views

GHSA-CXRG-G7R8-W69P Fastify Middie Middleware Path Bypass

Summary A security vulnerability exists in @fastify/middie where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. While the middleware engine fails to match the encoded path and skips execution, the underlying Fastify...

8.4CVSS5.8AI score0.00457EPSS
Exploits1References6
Hacker One
Hacker One
added 2026/01/13 1:30 p.m.19 views

curl: Digest Authentication Header Injection

Summary The Digest authentication implementation in libcurl fails to properly escape the uri parameter in the Authorization header. While other parameters like username, realm, and nonce are correctly escaped using authdigeststringquoted, the uri is inserted raw into the header. This allows an...

7.5AI score
Exploits0
CNNVD
CNNVD
added 2026/01/12 12:0 a.m.4 views

WorkDo HRM SaaS HR and Payroll Tool 跨站脚本漏洞

WorkDo HRM SaaS HR and Payroll Tool is a human resource management software from WorkDo, Inc. WorkDo HRM SaaS HR and Payroll Tool suffers from a cross-site scripting vulnerability that stems from insufficient validation of user input for the description parameter when sending a POST request to...

5.1CVSS5.9AI score0.00251EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/12 12:0 a.m.7 views

PT-2026-1799

Name of the Vulnerable Software and Affected Versions WorkDo's TicketGo affected versions not specified Description A stored Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data. The issue involves sending a POST request to the ''/ticketgo-saas/home'' API...

5.1CVSS5.8AI score0.00251EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/09 11:24 a.m.6 views

CVE-2021-31226

An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to lack of size validation. This vulnerability requires the attacker to send a crafted HTTP POST request with a URI longer than 50 bytes. This leads...

9.8CVSS7.5AI score0.03155EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:57 a.m.3 views

CVE-2022-38794

Zaver through 2020-12-15 allows directory traversal via the GET /.. substring...

7.5CVSS8.3AI score0.03599EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/19 12:0 a.m.2 views

CVE-2025-66905

The Takes web framework's TkFiles take thru 2.0-SNAPSHOT fails to canonicalize HTTP request paths before resolving them against the filesystem. A remote attacker can include ../ sequences in the request path to escape the configured base directory and read arbitrary files from the host system...

6.6AI score0.0051EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/12/17 10:2 a.m.3 views

CVE-2025-67735

A flaw was found in Netty netty-codec-http. This vulnerability allows request smuggling via CRLF Carriage Return Line Feed injection with the request URI when constructing a request. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Re...

6.5CVSS6.4AI score0.00292EPSS
Exploits1References4
Rows per page
Query Builder