Lucene search
K

121 matches found

NVD
NVD
added 2026/06/15 9:16 p.m.5 views

CVE-2026-39447

Unauthenticated Cross Site Scripting XSS in Simply Schedule Appointments = 1.6.10.6 versions...

7.1CVSS0.00237EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 3:16 p.m.13 views

CVE-2026-4290

The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-travel/v1/travel-guide/userid REST API endpoint in all versions up to, and including, 10.6.0. This is due to the checkpermission callback unconditionally returning true and the Database::delete...

9.1CVSS0.00258EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/29 1:31 p.m.12 views

WordPress WP Travel Pro plugin <= 10.6.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion Including Administrators vulnerability

Missing Authorization to Unauthenticated Arbitrary User Deletion Including Administrators vulnerability discovered by Ren Voza in WordPress Plugin WP Travel Pro versions = 10.6.0...

9.1CVSS5.8AI score0.00258EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2026/05/19 10:44 a.m.13 views

Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare

Drupal has issued an alert stating that it intends to release a "core security release" for all supported branches on May 20, 2026, from 5-9 p.m. UTC. "The Drupal Security Team urges you to reserve time for core updates at that time because exploits might be developed within hours or days," the...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.14 views

Flexense VX Search 安全漏洞

Flexense VX Search is a rule-based automatic file search solution provided by Flexense Corporation. It allows users to search for files based on file type, category, file name, size, location, extension, regular expressions, text and binary patterns, creation, modification, and last access dates,...

8.6CVSS6.2AI score0.00148EPSS
Exploits0References2
CVE
CVE
added 2026/05/14 1:52 p.m.24 views

CVE-2026-21730

CVE-2026-21730 affects Verba. A stored XSS exists in the login logging path: when an unauthenticated attacker logs in with an incorrect username, the username is recorded without sanitization and can execute in the admin’s browser via the log viewer. Impact aligned to CVSS v4.0 metrics (base scor...

6.1CVSS5.8AI score0.00205EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/06 4:21 p.m.9 views

CVE-2026-21661 AC2000 Uncontrolled Search Path Element

Uncontrolled Search Path Element vulnerability in JohnsonControls AC2000 on Windows allows Leveraging/Manipulating Configuration File Search Paths. This issue affects AC2000: from 10.6 before release 10, from 11.0 before release 9, from 12 before release 3...

8.4CVSS5.8AI score0.00108EPSS
Exploits0References1
OSV
OSV
added 2026/05/04 9:30 p.m.8 views

GHSA-V4GP-HF5J-4566 IKUS Rdiffweb allows an attacker with any valid or stolen access token to act as other users

IKUS Rdiffweb version 2.10.5 and below have an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. The API does not enforce binding between the authenticated subject and the targeted user/tenant, so crafted requests can read or modify...

8.1CVSS5.8AI score0.00245EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/04 6:16 p.m.10 views

CVE-2026-37459

An integer underflow in FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

7.5CVSS5.8AI score0.00371EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/04 12:0 a.m.5 views

CVE-2025-67796

IKUS Rdiffweb before 2.10.5 has an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. The API does not enforce binding between the authenticated subject and the targeted user/tenant, so crafted requests can read or modify other users...

5.8AI score0.00245EPSS
Exploits0References2
NVD
NVD
added 2026/04/01 11:17 p.m.4 views

CVE-2025-36375

IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and...

8.8CVSS0.00167EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/01 10:50 p.m.18 views

CVE-2025-36375 IBM DataPower Gateway vulnerable to CSRF

IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and...

6.5CVSS0.00167EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/01 10:50 p.m.3 views

CVE-2025-36375 IBM DataPower Gateway vulnerable to CSRF

IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and...

6.5CVSS5.8AI score0.00167EPSS
Exploits0References1
CVE
CVE
added 2026/04/01 10:50 p.m.11 views

CVE-2025-36375

CVE-2025-36375 affects IBM DataPower Gateway with a CSRF vulnerability. Affected versions include: 10.6CD 10.6.1.0–10.6.5.0 , 10.5.0 10.5.0.0–10.5.0.20 , and 10.6.0 10.6.0.0–10.6.0.8 . Root cause: failure to properly validate the source of a request, enabling an attacker to induce a user to perfo...

8.8CVSS5.9AI score0.00167EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/19 10:46 p.m.19 views

CVE-2026-32721 LuCI luci-mod-network: Possible XSS attack in WiFi scan on Joining Wireless Client modal

LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passe...

8.6CVSS0.00239EPSS
Exploits0References3
CVE
CVE
added 2026/03/11 4:5 p.m.17 views

CVE-2026-1090

GitLab CE/EE versions before 18.7.6 (specifically 10.6–18.7.x), 18.8 before 18.8.6, and 18.9 before 18.9.2 were affected by an issue where, with the markdown_placeholders feature flag enabled, an authenticated user could inject JavaScript in a browser due to improper sanitization of placeholder c...

8.7CVSS5.8AI score0.00231EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/17 10:12 a.m.12 views

RHSA-2026:2725 Red Hat Security Advisory: pki-deps:10.6 security update

Bulletin has no description...

7.5CVSS5.1AI score0.66535EPSS
Exploits5References14
CVE
CVE
added 2026/02/06 7:23 p.m.15 views

CVE-2026-25642

CVE-2026-25642 affects HedgeDoc; prior to version 1.10.6, the security policy for files served under /uploads/ was insufficient, resulting in a too open Content-Security-Policy and enabling hosting of malicious interactive content (e.g., fake login forms) via SVG files. The issue is fixed in 1.10...

6.1CVSS5.4AI score0.00194EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 11:20 a.m.6 views

CVE-2021-22197

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other...

4.3CVSS6.6AI score0.00845EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:45 a.m.3 views

CVE-2025-40800

A vulnerability has been identified in COMOS V10.6 All versions V10.6.1, COMOS V10.6 All versions V10.6.1, NX V2412 All versions V2412.8700, NX V2506 All versions V2506.6000, Simcenter 3D All versions V2506.6000, Simcenter Femap All versions V2506.0002, Solid Edge SE2025 All versions V225.0 Updat...

9.1CVSS7.2AI score0.00185EPSS
Exploits0References1
Rows per page
Query Builder