Lucene search
K

18019 matches found

OSV
OSV
added 8 hours ago3 views

ROOT-OS-UBUNTU-2204-CVE-2026-23447 CVE-2026-23447 in rootio-linux - Patched by Root

Root has patched CVE-2026-23447 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

6.6CVSS5.8AI score0.00129EPSS
Exploits0
OSV
OSV
added 8 hours ago5 views

ROOT-OS-UBUNTU-2204-CVE-2025-21944 CVE-2025-21944 in rootio-linux - Patched by Root

Root has patched CVE-2025-21944 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

5.5CVSS7.6AI score0.00144EPSS
Exploits0
OSV
OSV
added 8 hours ago6 views

ROOT-OS-UBUNTU-2204-CVE-2025-37796 CVE-2025-37796 in rootio-linux - Patched by Root

Root has patched CVE-2025-37796 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

7.8CVSS7.2AI score0.00166EPSS
Exploits0
OSV
OSV
added 9 hours ago9 views

ROOT-OS-DEBIAN-13-CVE-2025-71133 CVE-2025-71133 in rootio-linux - Patched by Root

Root has patched CVE-2025-71133 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

3.1CVSS5.4AI score0.00153EPSS
Exploits0
OSV
OSV
added 9 hours ago8 views

ROOT-OS-DEBIAN-11-CVE-2026-31754 CVE-2026-31754 in rootio-linux - Patched by Root

Root has patched CVE-2026-31754 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

5.5CVSS5.8AI score0.00123EPSS
Exploits0
OSV
OSV
added 9 hours ago7 views

ROOT-OS-DEBIAN-11-CVE-2026-31787 CVE-2026-31787 in rootio-linux - Patched by Root

Root has patched CVE-2026-31787 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

7.8CVSS5.8AI score0.00183EPSS
Exploits0
OSV
OSV
added 10 hours ago4 views

ROOT-OS-DEBIAN-12-CVE-2026-53230 CVE-2026-53230 in rootio-linux - Patched by Root

Root has patched CVE-2026-53230 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...

8.7CVSS5.8AI score0.00131EPSS
Exploits0
OSV
OSV
added 10 hours ago3 views

ROOT-OS-DEBIAN-12-CVE-2026-53107 CVE-2026-53107 in rootio-linux - Patched by Root

Root has patched CVE-2026-53107 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...

5.8AI score0.00155EPSS
Exploits0
Nuclei
Nuclei
added 12 hours ago129 views

WordPress My Calendar <3.4.22 - SQL Injection

WordPress My Calendar plugin versions before 3.4.22 are vulnerable to an unauthenticated SQL injection within the 'from' and 'to' parameters of the '/my-calendar/v1/events' REST route. id: CVE-2023-6360 info: name: WordPress My Calendar 3.4.22 - SQL Injection author: xxcdd severity: critical...

9.8CVSS7.1AI score0.63141EPSS
Exploits1References5
Nuclei
Nuclei
added 12 hours ago86 views

Stable Diffusion Webui 1.10.0 - Open Redirect

An open redirect vulnerability exists in Stable-Diffusion-Webui 1.10.0, where the file parameter in the /file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs. id: CVE-2024-11044...

6.1CVSS6.4AI score0.00816EPSS
Exploits1References1
Nuclei
Nuclei
added 12 hours ago33 views

WooCommerce Ultimate Gift Card ≤ 2.6.0 - Arbitrary File Upload

The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwbwgmpreviewmail' and 'mwbwgmwoocommerceaddcartitemdata' functions in all versions up to, and including, 2.6.0. This makes it possible for...

9.8CVSS7.6AI score0.03858EPSS
Exploits1References3
Nuclei
Nuclei
added 12 hours ago157 views

Navidrome <=0.54.5 - Authentication Bypass in Subsonic API

Navidrome is an open source web-based music collection server and streamer. Starting in version 0.52.0 and prior to version 0.54.5, in certain Subsonic API endpoints, a flaw in the authentication check process allows an attacker to specify any arbitrary username that does not exist on the system,...

6.9CVSS6.2AI score0.00936EPSS
Exploits1References1
Nuclei
Nuclei
added 12 hours ago51 views

Ruckus vRioT IoT Controller - Authentication Bypass

Ruckus vRioT through 1.5.1.0.21 contains an API backdoor caused by a hardcoded token in validatetoken.py,letting unauthenticated attackers interact with the API without authentication. id: CVE-2020-26879 info: name: Ruckus vRioT IoT Controller - Authentication Bypass author: DhiyaneshDk severity:...

10CVSS7AI score0.42479EPSS
Exploits1References6
Nuclei
Nuclei
added 12 hours ago69 views

Users Ultra <= 3.1.0 - SQL Injection

The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the datatarget parameter before it is being interpolated in an SQL statement and then executed via the ratingvote AJAX action available to both unauthenticated and authenticated users, leading to an SQL Injection...

9.8CVSS7.1AI score0.0854EPSS
Exploits2References5
NVD
NVD
added 12 hours ago6 views

CVE-2026-15676

A security flaw has been discovered in code-projects Online Job Portal up to 1.0. The impacted element is an unknown function of the file /Admin/DeleteUser.php. Performing a manipulation results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the...

7.5CVSS
Exploits0References6
Zero Science Lab
Zero Science Lab
added 19 hours ago22 views

SIP Sustainable Irrigation Platform 5.x (cv) Settings Mass Assignment

Summary SIP is a free Raspberry Pi based Python program for controlling irrigation systems sprinkler, drip, hydroponic, etc. It uses web technology to provide an intuitive user interface UI in several languages. The UI can be accessed in your favorite browser on desktop, laptop, and mobile device...

8.8CVSS6.1AI score
Exploits1
CVE
CVE
added yesterday5 views

CVE-2026-57377

CVE-2026-57377 describes a missing authorization vulnerability in the WordPress WowAddons plugin (product-addons) affecting versions up to 1.6.8. The underlying issue is broken access control, i.e., incorrectly configured access control security levels, which can allow unauthorized actions. The v...

6.5CVSS6.1AI score0.00332EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-15537

A security flaw has been discovered in SourceCodester Online Book Store System 1.0. This vulnerability affects unknown code of the file admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit has been released to the...

7.5CVSS0.00263EPSS
Exploits0References6
Nuclei
Nuclei
added yesterday63 views

WordPress Toolbar <= 2.2.6 - Open Redirect

The plugin redirects to any URL via the "wptbto" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. id: CVE-2023-6389 info: name: WordPress Toolbar = 2.2.6 - Open Redirect...

6.1CVSS6.7AI score0.25679EPSS
Exploits2References2
NVD
NVD
added 2 days ago9 views

CVE-2026-15499

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.25.2. Affected is the function FutureTaskTool.call of the file astrbot/core/tools/crontools.py of the component Scheduled Task Handler. Performing a manipulation of the argument payload"note" results in improper authorization...

6.5CVSS0.00201EPSS
Exploits0References5
Rows per page
Query Builder