Lucene search
K

411 matches found

CVE
CVE
added yesterday6 views

CVE-2026-15096

The CVE concerns the Themify Builder WordPress plugin. A Stored Cross-Site Scripting (XSS) flaw exists in the Map Module’s b_width_map field across all versions up to 7.7.6, caused by insufficient input sanitization and output escaping. Authenticated attackers with contributor-level access or hig...

6.4CVSS6.2AI score0.00193EPSS
Exploits0References5
NVD
NVD
added 4 days ago10 views

CVE-2026-59877

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.6.5 and 8.6.6, protobufjs parsed option names by advancing through schema tokens until reaching an = token without checking for end of input, so a crafted .proto schema that opens an option declaration and ends...

7.5CVSS0.0037EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 6 days ago4 views

CVE-2026-54765

Traefik is an open source HTTP reverse proxy and load balancer. From v3.7.0 prior to v3.7.6, Traefik's Kubernetes Gateway API provider may resolve two accepted HTTPRoutes that target the same backend Service:port but configure different backendRef filters to the same child service and apply only...

6.3CVSS5.9AI score0.00346EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/07/03 6:50 a.m.16 views

CVE-2026-9148

The Comments – wpDiscuz plugin for WordPress (affected: versions up to 7.6.56) is vulnerable to Stored XSS via the guest commenter field Website. The root cause is insufficient output escaping in getCommentAuthor(), which interpolates the stored comment_author_url directly into single-quoted HTML...

7.2CVSS6.1AI score0.00305EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.9 views

PT-2026-55508

Name of the Vulnerable Software and Affected Versions wpDiscuz versions prior to 7.6.57 Description Stored Cross-Site Scripting occurs when the plugin fails to properly escape output in the getCommentAuthor function. This happens because the comment author url value, provided in the guest comment...

7.2CVSS6AI score0.00305EPSS
Exploits0References16
EUVD
EUVD
added 2026/06/29 1:36 p.m.6 views

EUVD-2026-40103

Subscriber Broken Access Control in Wallet System for WooCommerce = 2.7.6 versions...

7.1CVSS5.8AI score0.00256EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.6 views

EUVD-2026-39703

Unauthenticated Cross Site Scripting XSS in Responsive Lightbox = 2.7.6 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 8:16 p.m.8 views

CVE-2026-10852

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server...

7.5CVSS0.00271EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 7:32 p.m.4 views

EUVD-2026-38346

IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server, and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server...

5.9CVSS5.8AI score0.00271EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 7:32 p.m.37 views

CVE-2026-10852

CVE-2026-10852 affects IBM WebSphere Application Server and IBM WebSphere Application Server Liberty via the WebSphere WebServer Plug-in. The IBM and NVD entries describe a denial-of-service vulnerability triggered by crafted requests to the web server. Affected versions include IBM WebSphere App...

7.5CVSS5.8AI score0.00271EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.9 views

PT-2026-51346

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server affected versions not specified IBM WebSphere Application Server Liberty affected versions not specified IBM i versions 7.3 through 7.6 Description The WebSphere Web Server Plug-in component is susceptible to...

8.8CVSS6.4AI score0.0026EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.19 views

PT-2026-49606

Name of the Vulnerable Software and Affected Versions squid-cache Squid affected versions not specified Description A heap-based buffer overflow occurs during the processing of cache digests. A heap-based buffer overflow is a memory corruption issue where a program writes more data to a buffer...

6.4AI score
Exploits0References11
CVE
CVE
added 2026/06/11 2:34 p.m.37 views

CVE-2026-7870

CVE-2026-7870 affects IBM i 7.3–7.6 (5770-SS1). Root cause: an unqualified library call (CWE-427) could let a user’s code run with administrator privileges, enabling privilege escalation. Impact: allows elevated rights, with CVSSv3.1 base score 8.8 (HIGH) — attack vector: network, complexity: low...

8.8CVSS5.5AI score0.00343EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.18 views

PT-2026-48675

IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege...

8.8CVSS5.5AI score0.00343EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/31 12:0 a.m.10 views

Open5GS 授权问题漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Versions of Open5GS 2.7.6 and earlier contained vulnerabilities related to authorization. These vulnerabilities were caused by an unknown function in the file...

7.5CVSS7AI score0.00419EPSS
Exploits0References7
CVE
CVE
added 2026/05/28 6:45 a.m.23 views

CVE-2026-6427

The WordPress plugin a3 Lazy Load (versions ≤ 2.7.6) is vulnerable to Stored XSS via crafted markup. A regex bug in _filter_videos() misquotes HTML attributes and, with unescaped output in admin/views/form-data.php, allows an authenticated Contributor to inject a script that executes in any view...

6.4CVSS5.8AI score0.00291EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43980

Name of the Vulnerable Software and Affected Versions IBM i versions 7.3 through 7.6 Description A denial-of-service issue exists in the Integrated Language Environment ILE compiler due to uncontrolled recursion. An authenticated attacker can trigger this by compiling specially crafted source cod...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References3
NVD
NVD
added 2026/05/25 8:16 p.m.12 views

CVE-2026-24546

Missing Authorization vulnerability in Ruben Garcia GamiPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GamiPress: from n/a through 7.6.3...

5.3CVSS0.00295EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 6:30 p.m.13 views

EUVD-2025-209802

A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 allows attacker to execute unauthorized code or commands via specially crafted packets...

8.8CVSS6AI score0.00564EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Fortinet FortiOS 缓冲区错误漏洞

Fortinet FortiOS is a security operating system developed by Fortinet Corporation, specifically for use on the FortiGate network security platform. This system provides users with various security features, including firewalls, antivirus protection, IPSec/SSLVPN, web content filtering, and...

8.8CVSS6.2AI score0.00564EPSS
Exploits0References1
Rows per page
Query Builder