Lucene search
K

28053 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/06 1:40 p.m.10 views

CVE-2025-31983

HCL BigFix Service Management SM is affected by a security misconfiguration vulnerability due to CSP header. This could allow attackers to inject malicious scripts increasing the risk of cross-site scripting XSS and potential exposure of sensitive information...

3.7CVSS5.7AI score0.00118EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/06 12:50 p.m.9 views

WordPress Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin <= 1.51.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Information Disclosure vulnerability discovered by anhcd05 - VNPT Cyber Immunity in WordPress Plugin Forminator versions = 1.51.1...

5.3CVSS5.8AI score0.00425EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/06 8:31 a.m.28 views

CVE-2026-43646 Apache Wicket: crafted URLs can bypass PackageResourceGuard

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...

0.00394EPSS
Exploits0References1
NVD
NVD
added 2026/05/06 4:16 a.m.11 views

CVE-2026-5753

The All-in-One WP Migration Unlimited Extension plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.83. This is due to the 'Ai1wmveSchedulesController::save' handler for 'adminpostai1wmscheduleeventsave' not verifying user capabilities before saving...

6.5CVSS0.00266EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/06 3:27 a.m.8 views

EUVD-2026-27522

The All-in-One WP Migration Unlimited Extension plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.83. This is due to the 'Ai1wmveSchedulesController::save' handler for 'adminpostai1wmscheduleeventsave' not verifying user capabilities before saving...

6.5CVSS5.7AI score0.00266EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/06 12:0 a.m.7 views

CVE-2026-34474

Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling...

5.8AI score0.24681EPSS
Exploits3References3
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.9 views

Cisco ISE 安全漏洞

Cisco ISE is a NAC solution developed by the American company Cisco. It is used to manage access to network resources for endpoints, users, and devices in a zero-trust architecture. Cisco ISE has a security vulnerability that stems from improper role-based access control permissions on the RADIUS...

4.3CVSS5.8AI score0.00232EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.11 views

PT-2026-38218

Name of the Vulnerable Software and Affected Versions ZTE ZXHN H298A version 1.1 ZTE H108N version 2.6 Description A crafted request to the router web interface can cause sensitive data exposure. This issue may leak device and account information, including the administrator password and WLAN...

7.5CVSS5.8AI score0.24681EPSS
Exploits3References8
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.7 views

HCL BigFix Service Management 日志信息泄露漏洞

HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. HCL BigFix Service Management has a vulnerability related to log information leakage. This vulnerability stems from ineffective access control, which may lead to unauthoriz...

8.3CVSS5.8AI score0.00248EPSS
Exploits0References1
CNVD
CNVD
added 2026/05/06 12:0 a.m.12 views

Ollama GGUF Model Loader Heap Out-of-Bounds Read Vulnerability

Ollama is an open source large language model deployment and inference tool, mainly providing model loading, quantization and API interface services. The Ollama GGUF model loader suffers from a heap out-of-bounds read vulnerability that stems from the /api/create interface failing to properly...

9.1CVSS5.8AI score0.01001EPSS
Exploits3
Cvelist
Cvelist
added 2026/05/06 12:0 a.m.32 views

CVE-2026-34474

Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling...

0.24681EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/05 8:2 p.m.7 views

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer due to improper handling of namespace deletion retries. An attacker can cause residual data, such as outstanding leases and unrelated storage entries, to remain after ...

7.5CVSS5.8AI score0.00248EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/05/05 6:27 p.m.9 views

USN-8234-1: Mako vulnerability

It was discovered that Mako incorrectly handled URIs with double-slash prefixes in TemplateLookup. A remote attacker could possibly use this issue to obtain sensitive information...

8.7CVSS5.8AI score0.00361EPSS
Exploits0
Snyk
Snyk
added 2026/05/05 5:30 p.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the fileName parameter during a file upload operation. An attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process by supplyi...

10CVSS6.5AI score0.03678EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/05 6:21 a.m.3 views

CVE-2026-6418 PaperCut NG/MF: Path Traversal in Shared Account Synchronization

An issue was discovered in the Shared Account Synchronization component of PaperCut MF version 25.0.4. The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with...

4.6CVSS5.9AI score0.00376EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.10 views

PT-2026-38083

Name of the Vulnerable Software and Affected Versions Mako versions prior to 1.1.0+ds1-1ubuntu2.1+esm1 Description Mako incorrectly handles URIs with double-slash prefixes in TemplateLookup. A remote attacker could potentially exploit this behavior to obtain sensitive information. Recommendations...

8.7CVSS5.8AI score0.00361EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.8 views

RHCOS 4 : OpenShift Container Platform 4.13.z (RHSA-2024:7941)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:7941 advisory. - containers/image: digest type does not guarantee valid type CVE-2024-3727 - webob: WebOb's location header normalization during...

8.3CVSS6.7AI score0.01279EPSS
Exploits1References7
WPVulnDB
WPVulnDB
added 2026/05/05 12:0 a.m.6 views

12 Step Meeting List < 3.19.10 - Unauthenticated Information Exposure

Description The 12 Step Meeting List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.19.9. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/04 7:50 p.m.8 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the authorization process. An attacker can gain unauthorized access to sensitive site, user, and role information by sending authenticated requests as a Panel user. This is only exploitable if the site is...

7.1CVSS5.8AI score0.00231EPSS
Exploits0References2
CVE
CVE
added 2026/05/04 5:39 p.m.11 views

CVE-2026-32834

Summary: CVE-2026-32834 affects the WordPress plugin Easy PayPal Events & Tickets (version 1.3 and earlier). The vulnerability is a hardcoded authentication bypass in the QR code scanning functionality, allowing unauthenticated remote attackers to bypass hash verification by sending the hash para...

8.7CVSS5.9AI score0.00448EPSS
Exploits0References3
Rows per page
Query Builder