Lucene search
K

6414 matches found

Patchstack
Patchstack
added 2026/06/18 9:43 a.m.9 views

WordPress Ocean Product Sharing plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Ocean Product Sharing versions = 2.2.2...

5.9CVSS5.2AI score0.00143EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/17 10:16 p.m.8 views

CVE-2026-48989

Windows-MCP is an open-source project that integrates AI agents with Windows. In versions prior to 0.7.5, certain HTTP modes exposed the MCP control plane without authentication while enabling wildcard CORS alloworigins=, allowmethods=, allowheaders=. Because the same server also exposed a...

9.3CVSS0.00397EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 9:2 p.m.16 views

CVE-2026-48989 Windows-MCP: HTTP transports expose unauthenticated PowerShell control with wildcard CORS

Windows-MCP is an open-source project that integrates AI agents with Windows. In versions prior to 0.7.5, certain HTTP modes exposed the MCP control plane without authentication while enabling wildcard CORS alloworigins=, allowmethods=, allowheaders=. Because the same server also exposed a...

9.3CVSS0.00397EPSS
Exploits0References2
Veracode
Veracode
added 2026/06/17 6:36 p.m.13 views

Cross-Origin Resource Sharing (CORS) Misconfiguration

hono is vulnerable to Cross-Origin Resource Sharing CORS Misconfiguration. The vulnerability is due to reflecting arbitrary Origin headers while allowing credentials when no explicit origin is configured, which allows an attacker-controlled website to make authenticated cross-origin requests and...

7.1CVSS5.4AI score0.00248EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/17 1:20 a.m.4 views

kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions

A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges...

7.8CVSS5.3AI score0.00353EPSS
Exploits4References7
Patchstack
Patchstack
added 2026/06/16 2:15 p.m.4 views

NPM: hono: CORS Middleware reflects any Origin with credentials when `origin` defaults to the wildcard

NPM: hono: CORS Middleware reflects any Origin with credentials when origin defaults to the wildcard vulnerability discovered by ? in WordPress Npm hono versions 4.12.25...

7.1CVSS5.8AI score0.00248EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/16 8:16 a.m.11 views

CVE-2026-10093

The File Sharing & Download Manager – User Private Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fldrttl' parameter in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00235EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/16 7:46 a.m.9 views

EUVD-2026-37041

The File Sharing & Download Manager – User Private Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fldrttl' parameter in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.5AI score0.00235EPSS
Exploits0References9
CVE
CVE
added 2026/06/16 7:46 a.m.17 views

CVE-2026-10093

The CVE-2026-10093 describes a Stored Cross-Site Scripting vulnerability in the WordPress plugin File Sharing & Download Manager – User Private Files . Affected versions are all up to and including 2.1.6 . The issue stems from insufficient input sanitization and output escaping in the fldr_ttl pa...

6.4CVSS5.5AI score0.00235EPSS
Exploits0References9
GithubExploit
GithubExploit
added 2026/06/15 9:57 p.m.67 views

Exploit for CVE-2026-54597

CVE-2026-54597 — ITFlow Time-Based Blind SQL Injection Seve...

5.9AI score
Exploits1
The Hacker News
The Hacker News
added 2026/06/15 11:30 a.m.15 views

The Onboarding Password Mistake That Creates Unnecessary Risk

Employee onboarding is a busy time for IT teams. New starters need devices, accounts, access permissions, and passwords, all delivered within a tight timeframe. That usually means sharing a temporary "first-day" password so employees can access systems for the first time. The issue is that these...

5.7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/15 2:29 a.m.7 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.8CVSS6.5AI score0.00353EPSS
Exploits4References4
EUVD
EUVD
added 2026/06/13 12:34 a.m.10 views

EUVD-2026-36603

An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions to assign a MISP object, or attributes contained within an object, to a sharing group that the user was not authorized to use or view. When editing objects, the sharing group...

5.3CVSS5.4AI score0.0022EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 10:16 p.m.12 views

CVE-2026-54398

An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions to assign a MISP object, or attributes contained within an object, to a sharing group that the user was not authorized to use or view. When editing objects, the sharing group...

5.3CVSS0.0022EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 9:53 p.m.10 views

GHSA-239W-M3H6-CH8V File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope

Summary File Browser enforces per-user scope with afero.NewBasePathFsafero.NewOsFs, scope, set up in users/users.go. This blocks lexical ../ traversal, but it does not stop the HTTP file handlers from following symbolic links before they open, serve, write, share, or list a file. As a result, a...

6.8CVSS5.2AI score0.0046EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/12 9:48 p.m.32 views

CVE-2026-41155 GPU DDK - SharedSecMem mapped into all GPU virtual address spaces

An attacker could cooperatively pass data from one secure GPU process to another secure GPU process through shared secure memory allocations in the kernel module. Additionally, an attacker could disrupt the operation of another secure GPU process leading to image corruption / GPU hardware recover...

0.00106EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 9:16 p.m.12 views

CVE-2026-54397

A vulnerability in MISP’s non-REST event editing path allowed an authenticated user with event edit permissions to manipulate the submitted form data and set an event’s sharinggroupid to a sharing group they were not authorized to use. When distribution was set to sharing group distribution, the...

6.1CVSS0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 9:8 p.m.29 views

CVE-2026-54398 MISP object edit authorization bypass allows unauthorized sharing group assignment

An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions to assign a MISP object, or attributes contained within an object, to a sharing group that the user was not authorized to use or view. When editing objects, the sharing group...

5.3CVSS0.0022EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 9:8 p.m.14 views

CVE-2026-54398

CVE-2026-54398 describes an authorization flaw in MISP's object add/edit handling where an authenticated user with object editing permissions can assign objects or their attributes to a sharing group they are not authorized to view. The root cause is that during object edits the sharing group val...

5.3CVSS5.4AI score0.0022EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 9:8 p.m.8 views

CVE-2026-54398 MISP object edit authorization bypass allows unauthorized sharing group assignment

An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions to assign a MISP object, or attributes contained within an object, to a sharing group that the user was not authorized to use or view. When editing objects, the sharing group...

5.3CVSS5.4AI score0.0022EPSS
Exploits0References1
Rows per page
Query Builder