Lucene search
K

4338 matches found

Nuclei
Nuclei
added yesterday49 views

WordPress Restrict User Access <= 2.5 - Cross-Site Scripting

WordPress Restrict User Access – Membership Plugin with Force versions before 2.6 is vulnerable to Reflected Cross-Site Scripting via the 'ruasection' parameter in the admin level edit page. id: CVE-2024-29138 info: name: WordPress Restrict User Access = 2.5 - Cross-Site Scripting author: Shivam...

7.1CVSS7AI score0.00622EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added last week4 views

CVE-2026-54786

A flaw was found in Wasmtime, a runtime for WebAssembly. Its native implementation of WASIp1, a system interface for WebAssembly, contains a resource leak in the fdrenumber function. A malicious guest program can repeatedly call this function, causing the host system to exhaust its file descripto...

5CVSS5.9AI score0.00217EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/07/07 3:47 p.m.5 views

CVE-2026-14969

A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext block...

4.4CVSS5.9AI score0.00077EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:53 p.m.5 views

CVE-2026-42341

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have an unauthenticated payment bypass vulnerability in FOSSBilling's IPN callback endpoint. When the Custom payment adapter is enabled, an attacker can mark any unpaid invoice as paid and credit...

9.2CVSS6AI score0.00184EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/07/06 1:15 p.m.7 views

CVE-2026-14788

A flaw was found in radare2. A local attacker could trigger a use-after-free vulnerability within the rcorebinload function. This issue can lead to memory corruption, resulting in a denial of service DoS for the application. Mitigation To mitigate this issue, ensure that only trusted users have...

7.8CVSS5.9AI score0.00135EPSS
Exploits1References10
OSV
OSV
added 2026/07/02 4:45 p.m.13 views

GHSA-GP79-M99V-GJMH OpenClaw: Mattermost handlers could fall open when channel type was missing

Summary Mattermost handlers could fall open when channel type was missing. In affected versions, a Mattermost event missing channel type metadata could continue without applying the intended DM policy decision. This advisory is scoped to the named feature and configuration. It does not change...

6.3CVSS6AI score0.00189EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/02 12:22 p.m.6 views

CVE-2026-14363

A flaw was found in the Mediawiki Cargo Extension. This vulnerability, identified as SQL Injection, allows an attacker to execute malicious SQL commands. By exploiting improper handling of special characters in SQL commands, an attacker can potentially access, modify, or delete sensitive data...

9.8CVSS5.8AI score0.00294EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54848

Name of the Vulnerable Software and Affected Versions Wasmtime versions prior to 24.0.10 Wasmtime versions 25.0.0 through 36.0.10 Wasmtime versions 37.0.0 through 44.0.2 Wasmtime versions 45.0.0 through 45.1 Description A resource leak exists in the native implementation of WASIp1 within the fd...

5CVSS5.8AI score0.00217EPSS
Exploits0References5
CVE
CVE
added 2026/06/30 8:59 a.m.16 views

CVE-2025-7406

CVE-2025-7406 affects Nokia MantaRay NM. A local privilege escalation allows an admin with local privileges to gain root access, yielding root filesystem control and full actions as root. Mitigation mentioned: temporarily restrict the set of commands permitted via sudo for affected accounts. No s...

7.8CVSS5.9AI score0.00128EPSS
Exploits0References1Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:10 a.m.6 views

ipv4: restrict IPOPT_SSRR and IPOPT_LSRR options

...

7CVSS5.8AI score0.00128EPSS
Exploits0
Snyk
Snyk
added 2026/06/22 11:7 p.m.4 views

Improper Handling of Length Parameter Inconsistency

Overview zeroconf is a Pure Python Multicast DNS Service Discovery Library Bonjour/Avahi compatible Affected versions of this package are vulnerable to Improper Handling of Length Parameter Inconsistency via the readcharacterstring and readstring functions. An attacker can inject malicious...

7.1CVSS5.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/16 3:52 p.m.11 views

CVE-2026-10649

A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By sending a specially crafted compressed remote message before authentication, an attacker can cause memory corruption, leading to a denial...

8.6CVSS5.3AI score0.0044EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/12 9:0 p.m.5 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the orderkey parameter in the labels host-listing endpoint. An attacker can extract sensitive enrollment secrets by manipulating the sort order and leveraging a cursor-based binary search oracle. This is only exploitab...

7.1CVSS6AI score0.00032EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/12 2:35 p.m.23 views

CVE-2026-44631

A flaw was found in Apache HTTP Server. This buffer underwrite vulnerability occurs when processing crafted regular expressions in the server's configuration. An attacker could potentially exploit this to cause a denial of service. Mitigation Only loadtrustedApache configuration; the bug triggers...

9.8CVSS5.4AI score0.00486EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/10 7:56 p.m.34 views

CVE-2026-50127 Weblate SSRF: outbound URL guard misses the NAT64 well-known prefix (64:ff9b::/96)

Weblate is a web based localization tool. From version 5.15 to before version 2026.6, Weblate's VCSRESTRICTPRIVATE did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions...

5.9CVSS0.00291EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Weblate 代码问题漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 2026.6 had code-related vulnerabilities. These vulnerabilities stemmed from the improper handling of some transition IPv6 ranges, multicast addresses, and partially...

5.9CVSS5.3AI score0.00291EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/08 2:13 p.m.13 views

CVE-2026-50292

A flaw was found in libinput. A local attacker with access to /dev/uinput can inject arbitrary udev properties through the libinput-device-group helper. This injection can lead to root code execution, for example, by exploiting REMOVECMD properties that are executed when a device is removed. This...

9.8CVSS5.7AI score0.00498EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.9 views

CVE-2026-32244

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4,...

5.3CVSS5.4AI score0.00233EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.12 views

CVE-2025-71210

A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. Please note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via...

9.8CVSS8.3AI score0.03811EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/04 8:33 a.m.10 views

CVE-2026-44417

A flaw was found in Apache CXF. Untrusted users, if allowed to configure Java Message Service JMS for Apache CXF, can exploit this vulnerability to achieve remote code execution RCE. This issue arises from an incomplete fix for a prior security flaw, indicating an alternative path that could lead...

7.5CVSS6.4AI score0.0064EPSS
Exploits0References4
Rows per page
Query Builder