Lucene search
K

334 matches found

CVE
CVE
added 6 days ago16 views

CVE-2026-9639

CVE-2026-9639 describes a nil-pointer dereference in LXD’s CreateCustomVolumeFromBackup. On Linux, affected versions are up to 6.8 and 5.21. An authenticated user with the ability to can_create_storage_volumes can trigger a denial of service by supplying a specially crafted custom-volume backup t...

6.5CVSS5.7AI score0.00376EPSS
Exploits0References3
Patchstack
Patchstack
added 6 days ago6 views

WordPress Abandoned Cart Lite for WooCommerce plugin <= 6.8.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Abandoned Cart Lite for WooCommerce versions = 6.8.0...

4.3CVSS5.8AI score0.00107EPSS
Exploits0Affected Software1
NVD
NVD
added last week4 views

CVE-2026-54838

Subscriber SQL Injection in WC Vendors Marketplace = 2.6.8 versions...

8.5CVSS0.0027EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

Ubuntu Linux 6.8 GA retains the legacy AFUNIX garbage collector, but the upstream commit 8594d9b85c07 "afunix: Do not call skbget for OOB skb" addresses this issue. When orphaned MSGOOB sockets reach unixgc, the garbage collector still calls kfreeskb, assuming that OOB SKBs hold two references...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Puma

Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, Puma exhibited incorrect behavior when parsing chunked transfer encoding bodies, allowing HTTP request smuggling. The fixed versions limit the size of chunk extensions. Without this limitation, an...

7.5CVSS6.1AI score0.00958EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/18 9:44 a.m.7 views

WordPress WC Vendors Marketplace plugin <= 2.6.8 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hhhai in WordPress Plugin WC Vendors Marketplace versions = 2.6.8...

8.5CVSS6AI score0.0027EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/06/16 7:27 p.m.20 views

CVE-2026-46894

...

8CVSS0.00168EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/16 8:27 a.m.5 views

WordPress WP Review Slider Pro plugin <= 12.6.8 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.6.8...

8.1CVSS5.2AI score0.00516EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/08 4:16 p.m.10 views

CVE-2026-29170

A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

6.1CVSS0.00504EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 3:7 p.m.309 views

CVE-2026-29167

CVE-2026-29167 is a Use After Free vulnerability in Apache HTTP Server when using mod_ldap in per-directory configuration. The issue affects Apache HTTP Server versions 2.4.0 through 2.4.67. The CVSS base score is 9.8 (Network, N), with high impact on confidentiality, integrity, and availability....

9.8CVSS5.4AI score0.00663EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/05 8:9 p.m.53 views

EUVD-2026-32920

TinyMCE Cross-Site Scripting XSS vulnerability using sanitization bypass through nested SVGs...

8.7CVSS5.4AI score0.00191EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.8 views

CVE-2026-6891

Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8 or earlier may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of files for which they would not normally have...

5.1CVSS5.5AI score0.00123EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.8 views

CVE-2026-33384

QuickCMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in a patch to version...

4.8CVSS5.3AI score0.00154EPSS
Exploits0References1
CVE
CVE
added 2026/05/31 2:28 a.m.19 views

CVE-2026-8382

The CVE-2026-8382 entry describes an authorization bypass in the WordPress plug‑in Advanced Custom Fields (ACF) for all versions up to 6.8.1. The vulnerability arises because the plugin does not properly verify that a user is authorized to perform an action, enabling unauthenticated attackers to ...

5.3CVSS5.8AI score0.00402EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/31 12:0 a.m.13 views

PT-2026-45169

The Advanced Custom Fields ACF® plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrit...

5.3CVSS5.8AI score0.00402EPSS
Exploits0References4
NVD
NVD
added 2026/05/29 4:16 p.m.13 views

CVE-2026-33386

QuickCMS is vulnerable to Cross-Site Scripting XSS through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑Middle MITM attack by impersonating the opensolution.org server and serving arbitrary HTML or JavaScript at the plugin list endpoint. When a...

2.3CVSS0.00185EPSS
Exploits0References2
NVD
NVD
added 2026/05/29 4:16 p.m.10 views

CVE-2026-33384

QuickCMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in a patch to version...

4.8CVSS0.00154EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/29 3:12 p.m.9 views

CVE-2026-33386

QuickCMS is vulnerable to Cross-Site Scripting XSS through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑Middle MITM attack by impersonating the opensolution.org server and serving arbitrary HTML or JavaScript at the plugin list endpoint. When a...

4.8CVSS5.9AI score0.00185EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 3:12 p.m.14 views

EUVD-2026-33339

QuickCMS is vulnerable to Cross-Site Scripting XSS through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑Middle MITM attack by impersonating the opensolution.org server and serving arbitrary HTML or JavaScript at the plugin list endpoint. When a...

4.8CVSS5.9AI score0.00185EPSS
Exploits0References2
CVE
CVE
added 2026/05/29 3:12 p.m.13 views

CVE-2026-33386

CVE-2026-33386 affects QuickCMS. An attacker can exploit an insecure HTTP-based plugin-fetching mechanism to perform a Cross-Site Scripting (XSS) via a MITM that impersonates the opensolution.org server and serves arbitrary HTML/JavaScript at the plugin list endpoint. When a user visits the plugi...

2.3CVSS5.9AI score0.00185EPSS
Exploits0References2
Rows per page
Query Builder