Lucene search
K

24 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.11 views

CVE-2026-45055

CubeCart is an ecommerce software solution. Prior to 6.7.2, CubeCart 6.6.x – 6.7.1 builds CCSTOREURL directly from the Host request header at bootstrap, with no allowlist. The constant is embedded verbatim into transactional email links, most critically the password-reset link in...

8.1CVSS5.5AI score0.00147EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/04/15 1:31 a.m.122 views

ps459

Multi-Firmware PS4 WebKit & Kernel Exploit Chain An exploit c...

5.9AI score
Exploits0
CVE
CVE
added 2026/03/27 8:41 p.m.44 views

CVE-2026-33887

Statamic CMS (Laravel/Git) contains a vulnerability in revision controllers: before versions 5.73.16 and 6.7.2, authenticated Control Panel users could view entry revisions for any collection with revisions enabled, bypassing collection permissions and exposing entry field values and blueprint da...

5.4CVSS5.8AI score0.00142EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/27 8:40 p.m.1 views

CVE-2026-33886

Statamic is a Laravel and Git powered content management system CMS. Starting in version 5.7.12 and prior to versions 5.73.16 and 6.7.2, a control panel user with access to Antlers-enabled fields could access sensitive application configuration values by inserting config variables into their...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/25 4:9 p.m.5 views

pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. Patches This has been fixed in pypdf==6.7.2. Workarounds If users cannot upgrade yet, consider applying the changes from PR 3655...

7.5CVSS5.3AI score0.00346EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/02/25 3:16 a.m.12 views

CVE-2026-27628

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually...

7.5CVSS0.00346EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/25 2:45 a.m.7 views

CVE-2026-27628

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually...

7.5CVSS5.3AI score0.00346EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/02/17 6:19 p.m.9 views

CVE-2026-2630

CVE-2026-2630 is a command‑injection vulnerability affecting the Tenable Security Center. An authenticated, remote attacker could execute arbitrary code on the underlying server hosting Security Center. The CVSS metrics indicate network access, low attack complexity, and that privileges are requi...

8.8CVSS6.2AI score0.01165EPSS
Exploits0References1
CNVD
CNVD
added 2026/02/05 12:0 a.m.4 views

ChurchCRM SQL Injection Vulnerability (CNVD-2026-12565)

ChurchCRM is ChurchCRM open source an open source CRM system for churches. A SQL injection vulnerability exists in ChurchCRM versions prior to 6.7.2, which stems from the lack of validation of external input SQL statements in the PerID parameter in the /PaddleNumEditor.php endpoint. An attacker c...

8.8CVSS5.9AI score0.00352EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/31 3:21 p.m.6 views

CVE-2026-24854

ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in endpoint /PaddleNumEditor.php in ChurchCRM prior to version 6.7.2. Any authenticated user, including one with zero assigned permissions, can exploit SQL injection through the PerID parameter. Version 6.7...

8.8CVSS5.9AI score0.00352EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/31 3:21 p.m.8 views

CVE-2026-24855

ChurchCRM is an open-source church management system. Versions prior to 6.7.2 have a Stored Cross-Site Scripting XSS vulnerability occurs in Create Events in Church Calendar. Users with low privileges can create XSS payloads in the Description field. This payload is stored in the database, and wh...

8.5CVSS5.9AI score0.00209EPSS
Exploits1References1
NVD
NVD
added 2026/01/30 4:16 p.m.5 views

CVE-2026-24855

ChurchCRM is an open-source church management system. Versions prior to 6.7.2 have a Stored Cross-Site Scripting XSS vulnerability occurs in Create Events in Church Calendar. Users with low privileges can create XSS payloads in the Description field. This payload is stored in the database, and wh...

8.5CVSS0.00209EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/30 3:5 p.m.5 views

CVE-2026-24854 Church CRM has SQL injection in PaddleNumEditor.php

ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in endpoint /PaddleNumEditor.php in ChurchCRM prior to version 6.7.2. Any authenticated user, including one with zero assigned permissions, can exploit SQL injection through the PerID parameter. Version 6.7...

8.8CVSS5.9AI score0.00352EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.6 views

PT-2026-5407

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.7.2 Description ChurchCRM is an open-source church management system. A SQL Injection issue exists in the /PaddleNumEditor.php endpoint. Any authenticated user, even with limited permissions, can exploit SQL...

8.8CVSS5.9AI score0.00352EPSS
Exploits2References11
Exploit DB
Exploit DB
added 2025/12/03 12:0 a.m.159 views

RosarioSIS 6.7.2 - Cross-Site Scripting (XSS)

Exploit Title: RosarioSIS 6.7.2 - Cross-Site Scripting XSS Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://gitlab.com/francoisjacquet/rosariosis Software Link: https://gitlab.com/francoisjacquet/rosariosis Version: 6.7.2 Tested on: Windows CVE : CVE-2020-15718 Proof Of Concep...

6.1CVSS6.3AI score0.06325EPSS
Exploits2
CNNVD
CNNVD
added 2025/06/19 12:0 a.m.3 views

PowSyBl Core 安全漏洞

PowSyBl Core is a PowSyBl open source software building framework for power systems. A security vulnerability exists in PowSyBl Core versions prior to 6.7.2 that stems from XML parsing vulnerability to XML external entity attacks and server-side request forgery attacks...

6.9CVSS6.5AI score0.00371EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 2:54 a.m.3 views

CVE-2023-1634

A vulnerability was found in OTCMS 6.72. It has been classified as critical. Affected is the function UseCurl of the file /admin/infodeal.php of the component URL Parameter Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

9.8CVSS7.3AI score0.00744EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/05/15 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel versions 6.7.2 and earlier, which stems from the presence of an untrusted hypervisor that can inject a virtual...

7.1CVSS6.4AI score0.00247EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.7 views

PT-2024-25555 · WordPress · Wp Media Cleaner

Name of the Vulnerable Software and Affected Versions: WP Media Cleaner versions through 6.7.2 Description: The issue is related to the insertion of sensitive information into log files. This could potentially expose sensitive data. There is no information provided about the estimated number of...

5.3CVSS6.5AI score0.00447EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/03/25 12:0 a.m.4 views

OTCMS 代码问题漏洞

OTCMS Nettie CMS is a content management system CMS for article-based websites. A security vulnerability exists in OTCMS version 6.72. An attacker could exploit this vulnerability to perform server-side request forgery attacks...

9.8CVSS7AI score0.00744EPSS
Exploits1References4
Rows per page
Query Builder