Lucene search
K

551 matches found

OSV
OSV
added 2026/07/02 7:39 p.m.3 views

GHSA-4FC2-H7JH-287C zebrad has mempool transaction admission denial via single-peer inbound queue saturation

Am I affected You are affected if: 1. You run zebrad up to and including v4.4.1. 2. Your node accepts inbound P2P connections network.listenaddr is set, which is the default. 3. Your node's mempool is active node is synced near the chain tip. All default configurations are affected. Summary A...

5.3CVSS5.7AI score
Exploits0References3
NVD
NVD
added 2026/07/01 7:16 a.m.12 views

CVE-2026-11823

The BookingPress Appointment Booking Pro plugin for WordPress is vulnerable to SQL Injection via the 'storeservicedate' parameter of the bpaassignstaffmembertoslots function in versions up to and including 5.7.1. This is due to the explicit use of stripslashesdeep on user-supplied POST data befor...

7.5CVSS0.00285EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 5:35 a.m.40 views

CVE-2026-11823 BookingPress Appointment Booking Pro <= 5.7.1 - Unauthenticated SQL Injection via 'store_service_date' Parameter

The BookingPress Appointment Booking Pro plugin for WordPress is vulnerable to SQL Injection via the 'storeservicedate' parameter of the bpaassignstaffmembertoslots function in versions up to and including 5.7.1. This is due to the explicit use of stripslashesdeep on user-supplied POST data befor...

7.5CVSS0.00285EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 4:28 p.m.1 views

CVE-2026-52969 KVM: Reject wrapped offset in kvm_reset_dirty_gfn()

In the Linux kernel, the following vulnerability has been resolved: KVM: Reject wrapped offset in kvmresetdirtygfn kvmresetdirtygfn guards the gfn range with if !memslot || offset + flsmask = memslot-npages return; but offset is u64 and the addition is unchecked. The check can be silently bypasse...

7CVSS5.8AI score0.00147EPSS
Exploits0References13
EUVD
EUVD
added 2026/06/15 9:30 p.m.8 views

EUVD-2026-36994

Unauthenticated Cross Site Scripting XSS in WP Time Slots Booking Form = 1.2.46 versions...

7.1CVSS5.1AI score0.0021EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:17 p.m.9 views

CVE-2026-48882

Subscriber SQL Injection in WP Time Slots Booking Form = 1.2.50 versions...

8.5CVSS0.00332EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.8 views

CVE-2026-40791

Unauthenticated Cross Site Scripting XSS in WP Time Slots Booking Form = 1.2.46 versions...

7.1CVSS0.0021EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:19 p.m.18 views

CVE-2026-48882

CVE-2026-48882 is a SQL Injection vulnerability in WordPress Plugin WP Time Slots Booking Form (versions

8.5CVSS5.7AI score0.00332EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:19 p.m.9 views

EUVD-2026-36857

Subscriber SQL Injection in WP Time Slots Booking Form = 1.2.50 versions...

8.5CVSS5.7AI score0.00332EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:19 p.m.29 views

CVE-2026-48882 WordPress WP Time Slots Booking Form plugin <= 1.2.50 - SQL Injection vulnerability

Subscriber SQL Injection in WP Time Slots Booking Form = 1.2.50 versions...

8.5CVSS0.00332EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:19 p.m.7 views

CVE-2026-48882 WordPress WP Time Slots Booking Form plugin <= 1.2.50 - SQL Injection vulnerability

Subscriber SQL Injection in WP Time Slots Booking Form = 1.2.50 versions...

8.5CVSS5.7AI score0.00332EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.28 views

CVE-2026-40791 WordPress WP Time Slots Booking Form plugin <= 1.2.46 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in WP Time Slots Booking Form = 1.2.46 versions...

7.1CVSS0.0021EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:18 p.m.8 views

CVE-2026-40791 WordPress WP Time Slots Booking Form plugin <= 1.2.46 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in WP Time Slots Booking Form = 1.2.46 versions...

7.1CVSS5.1AI score0.0021EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.16 views

CVE-2026-40791

CVE-2026-40791 affects the WordPress plugin WP Time Slots Booking Form (versions

7.1CVSS5.1AI score0.0021EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49487

Subscriber SQL Injection in WP Time Slots Booking Form = 1.2.50 versions...

8.5CVSS5.7AI score0.00332EPSS
Exploits0References2
OSV
OSV
added 2026/06/05 4:40 p.m.8 views

GHSA-FW38-PC54-JVX9 Klever-Go KVM: Throttler slot leak in trie account-data sync causes epoch bootstrap / state sync DoS

Summary The account-data trie syncers leak bounded throttler slots on error paths in syncDataTrie. Each failed trie sync permanently consumes one slot from the NumGoRoutinesThrottler, and the slot is never returned unless the sync succeeds or the root hash was already present. I confirmed this on...

5.9CVSS5.7AI score0.0005EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/05 4:40 p.m.21 views

Klever-Go KVM: Throttler slot leak in trie account-data sync causes epoch bootstrap / state sync DoS

Summary The account-data trie syncers leak bounded throttler slots on error paths in syncDataTrie. Each failed trie sync permanently consumes one slot from the NumGoRoutinesThrottler, and the slot is never returned unless the sync succeeds or the root hash was already present. I confirmed this on...

5.7AI score0.0005EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/04 5:40 p.m.13 views

Klever-Go P2P MultiDataInterceptor leaks global throttler slots on malformed compressed batches (DoS)

Publisher note Fixed in v1.7.17. Operators running v1.7.17 should upgrade. The decompression-error path in MultiDataInterceptor.ProcessReceivedMessage now releases the global throttler slot before returning guarded defer after StartProcessing, disabled when the asynchronous goroutine takes...

5.8AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/02 2:13 p.m.8 views

WordPress WP Time Slots Booking Form plugin <= 1.2.50 - SQL Injection vulnerability

SQL Injection vulnerability discovered by xwii in WordPress Plugin WP Time Slots Booking Form versions = 1.2.50...

8.5CVSS5.9AI score0.00332EPSS
Exploits0Affected Software1
Oracle linux
Oracle linux
added 2026/05/28 12:0 a.m.14 views

cockpit security update

310.8-1.0.1 - Fixed cockpitwst selinux issue for tmpfs Orabug: 36013589 - Move update-motd out of cockpitwst context Orabug: 36013589 - Update documentation links Orabug: 34706402 - Drop subscription-manager-cockpit requirement for ol Orabug: 34681110 - Remove duplicate reference to server in...

8CVSS5.8AI score0.01016EPSS
Exploits0
Rows per page
Query Builder