Lucene search
K

852 matches found

CVE
CVE
added yesterday19 views

CVE-2026-55628

ImageMagick (CVE-2026-55628) is affected by a policy bypass in the -concatenate operation present in versions prior to 7.1.2-26he, due to missing security policy checks. This could allow reading and writing to paths disallowed by policy. The issue has been fixed in version 7.1.2-26he. Remediation...

5.5CVSS5.7AI score
Exploits0References1
OSV
OSV
added yesterday7 views

ROOT-OS-UBUNTU-2404-CVE-2025-71192 CVE-2025-71192 in rootio-linux - Patched by Root

Root has patched CVE-2025-71192 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

5.4AI score0.00156EPSS
Exploits0
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-40378

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability...

3.5CVSS5.8AI score0.00151EPSS
Exploits0References1
NVD
NVD
added 3 days ago8 views

CVE-2026-57338

Unauthenticated Cross Site Scripting XSS in ARForms = 7.1.2 versions...

7.1CVSS0.00146EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-40109

Unauthenticated Cross Site Scripting XSS in ARForms = 7.1.2 versions...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
NVD
NVD
added 6 days ago8 views

CVE-2026-57660

Unauthenticated Broken Access Control in Booking and Rental Manager = 2.7.1 versions...

5.3CVSS0.00176EPSS
Exploits0References1
CVE
CVE
added 6 days ago7 views

CVE-2026-56060

The CVE concerns the WordPress plugin Print Invoice & Delivery Notes for WooCommerce . Affected: WooCommerce plugin versions up to and including 7.1.1 . Vulnerability: Unauthenticated Sensitive Data Exposure when generating prints for invoices and delivery notes, allowing access to confidential d...

7.5CVSS5.8AI score0.00303EPSS
Exploits0References1
Patchstack
Patchstack
added last week5 views

WordPress Gravity Bookings plugin <= 2.7.1 - Authenticated (Subscriber+) Time-Based SQL Injection vulnerability

Authenticated Subscriber+ Time-Based SQL Injection vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Gravity Forms Bookings premium versions = 2.7.1...

6.5CVSS6AI score0.00241EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/25 3:42 a.m.8 views

EUVD-2026-39167

The Gravity Forms Booking plugin for WordPress is vulnerable to time-based SQL Injection via the ‘staffid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS6AI score0.00241EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 4:17 a.m.9 views

CVE-2026-3652

The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the value parameter of the arfsaveincompleteformdata AJAX action in all versions up to, and including, 7.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS0.0019EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51650

Name of the Vulnerable Software and Affected Versions ARForms versions prior to 7.1.4 Description Insufficient input sanitization and output escaping in the ARForms plugin allow unauthenticated attackers to perform Stored Cross-Site Scripting XSS. By exploiting the value parameter of the arf save...

7.2CVSS6AI score0.0019EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/22 1:20 p.m.7 views

EUVD-2025-210300

IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...

5.4CVSS5.5AI score0.00139EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.6 views

Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2026-1861)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1861 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, an infinite loop in the subimage-search operation can...

7.5CVSS6AI score0.00353EPSS
Exploits0References18
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In btrfsgetrootref in fs/btrfs/disk-io.c within the Linux kernel, up to version 6.7.1, there may be an assertion failure and a crash occurring because a subvolume can be read out too early after its root item is inserted during subvolume creation...

5.5CVSS6.2AI score0.00305EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in LibreOffice

LibreOffice supports digital signatures for ODF documents and macros within documents. It provides visual indicators that confirm that the document has not been altered since the last signature, and that the signature is valid. A vulnerability in certificate validation in LibreOffice allowed...

7.5CVSS7.5AI score0.00709EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux

A issue was discovered in the kernel of NetBSD 7.1. An Access Point AP forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated with the AP. This could be exploited in Wi-Fi networks to launch denial-of-service attacks against connected clients, and it...

5.3CVSS6.9AI score0.06487EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel up to version 6.7.1, there is a use-after-free in cecqueuemsgfh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c...

5.5CVSS6.6AI score0.00254EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.14 views

CVE-2026-48869

Unauthenticated Cross Site Scripting XSS in Enfold = 7.1.4 versions...

7.1CVSS0.00186EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 9:30 p.m.6 views

EUVD-2026-36917

Unauthenticated Broken Access Control in Simple Membership = 4.7.1 versions...

7.5CVSS5.1AI score0.00251EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.5 views

EUVD-2026-36913

Unauthenticated PHP Object Injection in Broadcast Live Video 7.1.3 versions...

9.8CVSS5.3AI score0.00386EPSS
Exploits0References2
Rows per page
Query Builder