Lucene search
K

3986 matches found

EUVD
EUVD
added yesterday11 views

EUVD-2026-36132

Fedify has an incomplete SSRF mitigation after GHSA-p9cg-vqcc-grcx: validatePublicUrl allows special-use IPv4 ranges...

8.6CVSS6.1AI score0.00269EPSS
Exploits1References2
NVD
NVD
added 2 days ago5 views

CVE-2026-57810

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affects APIExperts Square for WooCommerce: from n/a through = 4.7.4...

8.5CVSS0.00211EPSS
Exploits0References1
NVD
NVD
added 2 days ago4 views

CVE-2026-57707

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows SQL Injection.This issue affects Simple Business Directory Pro: from n/a through = 15.9.4...

9.3CVSS0.00291EPSS
Exploits0References1
EUVD
EUVD
added last week6 views

EUVD-2026-42370

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

6.4CVSS5.9AI score0.00258EPSS
Exploits0References1
NVD
NVD
added last week13 views

CVE-2026-6818

The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'specialrequests' parameter in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS0.00236EPSS
Exploits0References4
Cvelist
Cvelist
added last week36 views

CVE-2026-6818 VikBooking Hotel Booking Engine & PMS <= 1.8.8 - Unauthenticated Stored Cross-Site Scripting via 'special_requests' Parameter

The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'specialrequests' parameter in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS0.00236EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/04 12:50 a.m.16 views

Security Bulletin: Due to the use of IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities

Summary Vulnerabilities found in IBM Db2 LUW that affect Foundation and IBM Tivoli Monitoring ITM pattern Types pTypes shipped with IBM Cloud Pak System. Vulnerabilities were addressed in IBM Cloud Pak System. IBM Cloud Pak System v2.3.6.1 has updated Foundation and ITM pTypes to Foundation versi...

7.8CVSS7.4AI score0.02112EPSS
Exploits1Affected Software3
Snyk
Snyk
added 2026/07/01 9:19 p.m.5 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via improper handling of user-supplied input in the Special:Drilldown process. An attacker can execute arbitrary SQL commands by injecting crafted input. Remediation Upgrade mediawiki/cargo to version 3.9.1 or higher...

9.8CVSS6.2AI score0.00294EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 7:22 p.m.15 views

CVE-2026-14363

The CVE-2026-14363 issue affects the MediaWiki Cargo Extension for MediaWiki, where improper neutralization of special elements in SQL queries (notably in Special:Drilldown) enables SQL injection. Reported impacts include unauthorized access, modification, or deletion of data in the database. Aff...

9.8CVSS5.8AI score0.00294EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/07/01 7:22 p.m.36 views

CVE-2026-14363 Cargo Extension: SQLi in Special:Drilldown

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This issue affects Mediawiki - Cargo Extension: from before 1.43.9,1.44.6,1.45.4...

6.9CVSS0.00294EPSS
Exploits0References3
NVD
NVD
added 2026/07/01 4:16 p.m.38 views

CVE-2026-58029

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiChangeAuthenticationData.Php, includes/Api/ApiLinkAccount.Php, includes/Api/ApiRemoveAuthenticationData.Php, includes/Specials/SpecialLinkAccounts.Php,...

6.5CVSS0.00351EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 3:19 p.m.9 views

CVE-2026-58029

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiChangeAuthenticationData.Php, includes/Api/ApiLinkAccount.Php, includes/Api/ApiRemoveAuthenticationData.Php, includes/Specials/SpecialLinkAccounts.Php,...

5.3CVSS5.8AI score0.00351EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 3:19 p.m.29 views

CVE-2026-58029

CVE-2026-58029 affects Wikimedia Foundation MediaWiki and enables a full account takeover via BotPasswords and OAuth through action=changeauthenticationdata. Affected versions are MediaWiki: before 1.46.0, 1.45.4, 1.44.6, 1.43.9. The issue involves the API and Special pages: ApiChangeAuthenticati...

6.5CVSS5.8AI score0.00351EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/01 2:17 p.m.19 views

CVE-2026-58035

CVE-2026-58035 : In Wikimedia Foundation MediaWiki, the vulnerability is an improper neutralization of input during web page generation (XSS) tied to the file resources/src/mediawiki.Special.Block/SpecialBlock.Vue. The available sources confirm a cross-site scripting risk but do not provide concr...

4.8CVSS5.8AI score0.00142EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.6 views

PT-2026-54904

Name of the Vulnerable Software and Affected Versions MediaWiki affected versions not specified Description An issue exists involving improper neutralization of input during web page generation, leading to Cross-site Scripting XSS, where malicious scripts are injected into trusted websites. This...

4.8CVSS6.1AI score0.00142EPSS
Exploits0References7
CVE
CVE
added 2026/06/30 1:37 p.m.11 views

CVE-2026-35097

The CVE affects KTM System e-BOK, where the password policy allows only numeric passwords up to six digits. Root cause is a restricted character set and short max length, resulting in weak credential requirements. The issue has been addressed by a patch published in June 2026. Remediation recomme...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 5:16 p.m.12 views

CVE-2026-54636

Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku user. An app.json cron command utilizing special shell characters - including, but not limited to, or ; - can break out of the Docker container and...

9.9CVSS0.00274EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 4:23 p.m.7 views

EUVD-2026-39806

Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku user. An app.json cron command utilizing special shell characters - including, but not limited to, or ; - can break out of the Docker container and...

9.9CVSS5.9AI score0.00274EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52854

Name of the Vulnerable Software and Affected Versions Dokku versions prior to 0.38.7 Description The cron plugin uses commands defined in the app.json file to manage system cron tasks running as the Dokku user. If a cron command in app.json contains special shell characters, such as or ;, it can...

9.9CVSS6.1AI score0.00274EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 7:25 p.m.12 views

Security Bulletin: Due to the use of IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities

Summary Vulnerabilities found in IBM Db2 LUW that affect Foundation and IBM Tivoli Monitoring ITM pattern Types pTypes shipped with IBM Cloud Pak System. Vulnerabilities were addressed in IBM Cloud Pak System. IBM Cloud Pak System v2.3.6.0 has updated Foundation and ITM pTypes to Foundation versi...

7.5CVSS6AI score0.00384EPSS
Exploits0Affected Software3
Rows per page
Query Builder