Lucene search
K

826 matches found

ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-15285

The Plus Addons for Elementor plugin for WordPress was vulnerable to Authenticated Contributor+ Stored Cross-Site Scripting via the Button widget's customattributes setting in versions up to and including 6.4.11. The render function in modules/widgets/tpbutton.php passed the raw customattributes...

6.4CVSS5.9AI score0.00261EPSS
Exploits0References6
NVD
NVD
added 5 days ago9 views

CVE-2026-59817

Ghost is a Node.js content management system. From 6.27.0 before 6.44.0, Ghost's public donation checkout flow allowed an unauthenticated attacker to control donation checkout metadata and obtain full paid gift memberships for a minimal payment without exposing customer or member data or stealing...

5.3CVSS0.00257EPSS
Exploits0References5
NVD
NVD
added 6 days ago10 views

CVE-2026-59731

Astro is a web framework for content-driven websites. Version 6.4.7 performs authorization decisions on a partially decoded pathname after reaching the iterative URL decoder limit, while later rewrite route matching performs an additional decodeURI operation and can resolve the request to a...

8.2CVSS0.00267EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 6 days ago5 views

PT-2026-56516

Name of the Vulnerable Software and Affected Versions Astro version 6.4.7 Description Astro performs authorization decisions on a partially decoded pathname after reaching the iterative URL decoder limit. Subsequently, rewrite route matching performs an additional decodeURI operation, which can...

8.2CVSS6.1AI score0.00267EPSS
Exploits0References11
OSV
OSV
added 2026/07/07 11:45 a.m.5 views

PYSEC-2026-1494 Kinto Attachment's attachments can be replaced on read-only records

Impact The attachment file of an existing record can be replaced if the user has "read" permission on one of the parent collection or bucket. And if the "read" permission is given to "system.Everyone" on one of the parent, then the attachment can be replaced on a record using an anonymous request...

8.6CVSS5.9AI score0.00702EPSS
Exploits0References7
Rockylinux
Rockylinux
added 2026/07/05 12:5 p.m.8 views

galera and mariadb11.8 security, bug fix, and enhancement update

An update is available for mariadb11.8, galera. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list MariaDB is a community developed fork from MySQL - a multi-user,...

10CVSS6.5AI score0.00998EPSS
Exploits0
NVD
NVD
added 2026/07/02 12:17 p.m.6 views

CVE-2026-57671

Unauthenticated Cross Site Scripting XSS in perfmatters = 2.6.4 versions...

7.1CVSS0.00191EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/02 7:10 a.m.7 views

WordPress Perfmatters plugin <= 2.6.4 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by daroo in WordPress Plugin perfmatters versions = 2.6.4...

7.5CVSS5.8AI score0.0082EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/07/02 5:23 a.m.10 views

Important: Red Hat Security Advisory: Red Hat AI Base Images 3.2.2 (ROCm 6.4)

Red Hat AI Base Images 3.2.2 ROCm 6.4 is now available. Red Hat® AI Base Images...

8CVSS5.8AI score0.0032EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/02 5:20 a.m.10 views

Important: Red Hat Security Advisory: Red Hat AI Base Images 3.3.2 (ROCm 6.4)

Red Hat AI Base Images 3.3.2 ROCm 6.4 is now available. Red Hat® AI Base Images...

8CVSS5.8AI score0.0032EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 12:2 p.m.8 views

RLSA-2026:33464 Important: mariadb:10.11 security, bug fix, and enhancement update

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mariadb: MariaDB Server: Arbitrary code execution via wsrepnotifycmd CVE-2026-49261 Bug Fixes and Enhancements: Rocky Linux8tracker Rebase Galera to 26.4.27 MariaDB:10.11 JIRA:Rocky...

9CVSS6.3AI score0.00998EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/29 1:36 p.m.8 views

EUVD-2026-40110

Unauthenticated Broken Access Control in Business Directory = 6.4.23 versions...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 1:36 p.m.6 views

CVE-2026-57339

Unauthenticated Broken Access Control in Business Directory = 6.4.23 versions...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/29 1:36 p.m.31 views

CVE-2026-57328 WordPress Business Directory plugin <= 6.4.22 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

6.5CVSS0.00211EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 6:53 a.m.3 views

MINI-464W-FR2W-JPRG

Bulletin has no description...

6.1CVSS5.7AI score0.00178EPSS
Exploits0
NVD
NVD
added 2026/06/22 7:17 p.m.12 views

CVE-2026-54298

Astro is a web framework. Prior to 6.4.6, the spreadAttributes function in Astro's server-side rendering pipeline iterates over object keys and passes them directly to addAttribute, which interpolates the key into the HTML output without escaping. When a developer uses the spread syntax ...props ...

6.1CVSS0.0016EPSS
Exploits1References1
CVE
CVE
added 2026/06/22 5:33 p.m.30 views

CVE-2026-54299

Summary of CVE-2026-54299 (Astro) : Astro SSR apps that prerender error pages (e.g., 404/500 with prerender = true) fetch those pages over HTTP using a URL derived from request.url, which is based on the Host header. If Host is not validated against allowedDomains, an attacker can direct the fetc...

7.5CVSS6AI score0.00196EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/22 5:33 p.m.20 views

CVE-2026-54298

Astro, prior to 6.4.6, is vulnerable to XSS via unescaped attribute names when spreading props onto HTML elements. The spreadAttributes path iterates over object keys and passes them to addAttribute, which interpolates the key into the HTML output without escaping, allowing attackers to inject ev...

6.1CVSS6AI score0.0016EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/06/22 1:27 p.m.5 views

MINI-VG67-5V64-VR6M

Bulletin has no description...

8CVSS5.7AI score0.00472EPSS
Exploits0
NVD
NVD
added 2026/06/18 4:16 p.m.11 views

CVE-2025-52465

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pass arbitrary file names to the Master Password Dump web pa...

7.2CVSS0.00353EPSS
Exploits0References4
Rows per page
Query Builder