Lucene search
K

47 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Puma

Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, Puma exhibited incorrect behavior when parsing chunked transfer encoding bodies, allowing HTTP request smuggling. The fixed versions limit the size of chunk extensions. Without this limitation, an...

7.5CVSS6.1AI score0.00958EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/15 5:18 p.m.4 views

NPM: launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows

NPM: launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows vulnerability discovered by ? in WordPress Npm vite versions = 6.4.2...

5.5CVSS5.8AI score0.00322EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.14 views

RockyLinux 9 : nginx:1.24 (RLSA-2026:19371)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19371 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the RockyLinux security...

9.2CVSS6.1AI score0.61469EPSS
Exploits40References3
Cvelist
Cvelist
added 2026/06/02 9:32 p.m.31 views

CVE-2021-4481 Dräger Protector Software Local Privilege Escalation via Insecure File Permissions

Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execu...

8.3CVSS0.00107EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

Dräger Protector Software 安全漏洞

Dräger Protector Software is a gas detection and safety monitoring management platform developed by the German company Dräger. Versions of Dräger Protector Software prior to version 6.4.2 contained security vulnerabilities. These vulnerabilities were due to insecure file system permissions, which...

8.3CVSS6AI score0.00107EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.12 views

PT-2026-45861

Name of the Vulnerable Software and Affected Versions Dräger Protector Software versions prior to 6.4.2 Description Insecure file system permissions allow local attackers to execute arbitrary code with elevated privileges. This is achieved by replacing binaries or loaded modules on the host syste...

8.3CVSS6.2AI score0.00107EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/11 8:21 p.m.11 views

EUVD-2026-29295

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by systemd pihole-FTL-prestart.sh and pihole-FTL-poststop.sh read the files.pid path from this config...

8.8CVSS5.9AI score0.00132EPSS
Exploits0References1
NVD
NVD
added 2026/04/07 8:16 p.m.22 views

CVE-2026-39365

Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, the dev server’s handling of .map requests for optimized dependencies resolves file paths and calls readFile without restricting ../ segments in the URL. As a result, it is possible to bypass the...

6.3CVSS0.00914EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/07 7:13 p.m.5 views

EUVD-2026-19875

Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, the dev server’s handling of .map requests for optimized dependencies resolves file paths and calls readFile without restricting ../ segments in the URL. As a result, it is possible to bypass the...

6.3CVSS5.9AI score0.00914EPSS
Exploits1References1
CVE
CVE
added 2026/02/18 4:35 a.m.20 views

CVE-2026-2576

The CVE-2026-2576 entry concerns the WordPress plugin “Business Directory Plugin – Easy Listing Directories” (Business Directory Plugin). The vulnerability is a time-based SQL Injection exploitable via the payment parameter in all versions up to and including 6.4.2. It arises from insufficient es...

7.5CVSS5.9AI score0.00432EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.8 views

WordPress plugin Business Directory Plugin – Easy Listing Directories SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

7.5CVSS5.9AI score0.00432EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/05 6:47 a.m.27 views

CVE-2026-1246 ShortPixel Image Optimizer <= 6.4.2 - Authenticated (Editor+) Arbitrary File Read via 'loadFile' Parameter

The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Arbitrary File Read via path traversal in the 'loadFile' parameter in all versions up to, and including, 6.4.2 due to insufficient path validation and sanitization in the 'loadLogFile' AJAX action. This makes it possible for...

4.9CVSS0.00519EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2026/01/18 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-4443

The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

9.8CVSS5.9AI score0.10272EPSS
In wildExploits1References62
CVE
CVE
added 2026/01/08 2:21 a.m.17 views

CVE-2019-25296

The CVE-2019-25296 entry concerns the WP Cost Estimation WordPress plugin up to version 9.642, where missing file type validation in the lfb_upload_form and lfb_removeFile AJAX actions allows unauthenticated arbitrary file uploads and deletions. This can enable uploading arbitrary files to the se...

9.8CVSS7.2AI score0.00597EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.4 views

PT-2026-1590

Name of the Vulnerable Software and Affected Versions Recras WordPress plugin versions prior to 6.4.2 Description The Recras WordPress plugin is susceptible to Stored Cross-Site Scripting through the recrasname shortcode attribute. Insufficient input sanitization and output escaping allow...

6.4CVSS5.4AI score0.00243EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/10/16 6:33 a.m.3 views

CVE-2025-55089 Eclipse ThreadX FileX RAM disk driver buffer overflow

In FileX before 6.4.2, the file support module for Eclipse Foundation ThreadX, there was a possible buffer overflow in the FileX RAM disk driver. It could cause a remote execurtion after receiving a crafted sequence of packets...

9.2CVSS6.9AI score0.00466EPSS
Exploits1References1
CVE
CVE
added 2025/10/16 6:33 a.m.15 views

CVE-2025-55089

Eclipse ThreadX FileX RAM disk driver (FileX) prior to version 6.4.2 contains a buffer overflow in the RAM disk path that can be triggered by crafted network packets via NetX Duo HTTP PUT handling. The overflow arises when the RAM-disk buffer is written without validating that the destination poi...

9.8CVSS6.9AI score0.00466EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/10/16 12:0 a.m.5 views

Eclipse ThreadX FileX 缓冲区错误漏洞

Eclipse ThreadX FileX is a high-performance, FAT-compatible file system from the Eclipse ThreadX open source. A buffer error vulnerability exists in Eclipse ThreadX FileX versions prior to 6.4.2, which stems from a buffer overflow in the FileX RAM disk driver that could lead to remote code...

9.8CVSS8.1AI score0.00466EPSS
Exploits1References1
CBLMariner
CBLMariner
added 2025/10/01 7:21 p.m.5 views

CVE-2025-39689 affecting package kernel for versions less than 6.6.104.2-1

CVE-2025-39689 affecting package kernel for versions less than 6.6.104.2-1. An upgraded version of the package is available that resolves this issue...

7.8CVSS6.8AI score0.00168EPSS
Exploits0
NVD
NVD
added 2025/09/02 2:15 p.m.3 views

CVE-2025-46047

A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter...

6.5CVSS0.00331EPSS
Exploits3References2
Rows per page
Query Builder