53515 matches found
Mage AI - Insecure Default Authentication Setup
A vulnerability was found in Mage AI 0.9.75. It has been classified as problematic. This affects an unknown part. The manipulation leads to insecure default initialization of resource. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability i...
Relevanssi <= 4.24.4 (Free) - Unauthenticated SQL Injection
The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 Free and = 2.27.4 Premium due to insufficient escaping on the user supplied parameter and lack of sufficient...
Wordpress Email Subscribers by Icegram Express - SQL Injection
The Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IGESSubscribersQuery' class in all versions up to, and including, 5.7.14 due to insufficient escaping ...
eyoucms v.1.6.5 - Cross-Site Scripting
Cross Site Scripting XSS vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. id: CVE-2024-22927 info: name: eyoucms v.1.6.5 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross Site Scripting XSS...
CVE-2026-46483 vulnerabilities
Vulnerabilities for packages: vim...
ROOT-OS-UBUNTU-2404-CVE-2025-38500 CVE-2025-38500 in rootio-linux - Patched by Root
Root has patched CVE-2025-38500 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2025-23148 CVE-2025-23148 in rootio-linux - Patched by Root
Root has patched CVE-2025-23148 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2025-39826 CVE-2025-39826 in rootio-linux - Patched by Root
Root has patched CVE-2025-39826 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover
The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to chan...
Roundcube Webmail - Remote Code Execution
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization. id: CVE-2025-49113 info: name: Roundcube Webmail - Remote...
UBUNTU-CVE-2026-48682
FastNetMon Community Edition through 1.2.9 contains an out-of-bounds r...
CVE-2026-35443
NamelessMC (website software for Minecraft servers) is affected in version 2.2.4. The vulnerability lies in modules/Forum/classes/ForumPostReactionContext.php, where topic-level view_other_topics authorization is not re-enforced, allowing reactions on other users’ topics to be read and modified. ...
ROOT-OS-DEBIAN-13-CVE-2026-31516 CVE-2026-31516 in rootio-linux - Patched by Root
Root has patched CVE-2026-31516 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2026-23038 CVE-2026-23038 in rootio-linux - Patched by Root
Root has patched CVE-2026-23038 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...
EUVD-2026-33827
Memory corruption while using Strongbox due to buffer overflow...
DeepAI.org CSRF
RISK EVALUATION The DeepAI.org endpoint https://api.deepai.org/changeuseremail accepts POST requests without any CSRF protection. If a logged-in user is tricked into visiting a malicious HTML page, an attacker can change the user's email address to their own and take over the account via...
CVE-2026-10153
A flaw has been found in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is the function Search of the file org/springframework/cache/support/AbstractCacheManager.java. This manipulation of the argument s causes cross site scripting. Remote exploitation of the attack i...
CVE-2026-10246
creationtimestamp| type| source ---|---|--- 2026-06-01 13:06:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mna5i6uzyz2w...
CVE-2026-10227
creationtimestamp| type| source ---|---|--- 2026-06-01 07:47:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mn7lolmwz42n...
PT-2026-45529
Name of the Vulnerable Software and Affected Versions Nextcloud versions 32.0.0 through 32.0.8 Nextcloud versions 33.0.0 through 33.0.2 Description When a user shares a folder or file with a Nextcloud Team containing an external member a person added via email without a Nextcloud account, the...