Lucene search
+L

28890 matches found

cve
cve
added 2026/06/16 9:4 a.m.48 views

CVE-2026-49772

CVE-2026-49772 affects WordPress plugin The Events Calendar (Liquid Web / StellarWP) versions 6.15.12–6.16.2. The issue is an SQL Injection due to improper neutralization of special elements, enabling blind SQL injection. CVSS 3.1 base score 9.3 (CRITICAL) with AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L...

9.3CVSS5.6AI score0.00229EPSS
Exploits1References1
cvelist
cvelist
added 2026/06/16 9:4 a.m.43 views

CVE-2026-49772 WordPress The Events Calendar plugin 6.15.12-6.16.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2...

9.3CVSS0.00229EPSS
Exploits1References1
githubexploit
githubexploit
added 2026/06/16 3:45 a.m.82 views

Mr-Robot-CTF-Automation-Scripts

No d...

5.3AI score
Exploits0
osv
osv
added 2026/06/15 11:39 p.m.8 views

MAL-2026-5844 Malicious code in numdifftools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c6d98d619244a4f34ba9c2ed85023e35f4064b0a45871edac806d1e8cdeff11 The npm package numdifftools is an empty shell zero-byte index.js that exists solely to fire a preinstall lifecycle hook. The hook runs node -e to...

5.5AI score
Exploits0References3
osv
osv
added 2026/06/15 5:24 p.m.8 views

USN-8431-1 ruby2.3, ruby2.5 vulnerabilities

It was discovered that Ruby's Net::IMAP library did not properly verify that Transport Layer Security TLS encryption was started after issuing a STARTTLS command. A remote attacker could possibly use this issue to perform a machine-in-the-middle attack and silently bypass TLS encryption...

9.8CVSS5.6AI score0.00429EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/15 10:2 a.m.11 views

CVE-2026-34022 Weak custom cryptography and hard-coded keys in Wertheim SafeController 65000 allow traffic decryption

The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An attacker in an adversary-in-the-middle position can decrypt the data traffic. During reassessment...

7.1CVSS5.4AI score0.00116EPSS
Exploits0References2
euvd
euvd
added 2026/06/15 10:2 a.m.14 views

EUVD-2026-36705

The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An attacker in an adversary-in-the-middle position can decrypt the data traffic. During reassessment...

7.1CVSS5.5AI score0.00116EPSS
Exploits0References2
githubexploit
githubexploit
added 2026/06/15 9:35 a.m.85 views

Cyber-Arena

CyberArena - Cybersecurity Challenge Platform CyberArena is a...

5.4AI score
Exploits0
ossf
ossf
added 2026/06/12 9:31 p.m.24 views

Malicious code in ect-472839-ctf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a67248cb7373817da18e0edf4a019e2e6c9ded239e93a2e477ac168f7f45eeaa package.json declares a preinstall hook "preinstall": "node index.js" that auto-executes on npm install. index.js issues an HTTP GET to the hardcoded...

5.9AI score
Exploits0References2
cvelist
cvelist
added 2026/06/12 2:52 p.m.30 views

CVE-2026-44967 opentelemetry-cpp: OTLP HTTP exporters read unbounded HTTP response

OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to release 1.27.0, the OTLP HTTP exporters traces/metrics/logs read the full HTTP response into an in-memory vector of bytes without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is...

5.3CVSS0.00206EPSS
Exploits0References4
euvd
euvd
added 2026/06/12 2:52 p.m.13 views

EUVD-2026-36466

OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to release 1.27.0, the OTLP HTTP exporters traces/metrics/logs read the full HTTP response into an in-memory vector of bytes without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is...

5.3CVSS5.3AI score0.00206EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/06/12 2:29 p.m.13 views

CVE-2026-40677

The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution...

7.7CVSS5.7AI score0.00435EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/12 2:29 p.m.34 views

CVE-2026-40677

The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution...

7.7CVSS0.00435EPSS
Exploits0References1
circl
circl
added 2026/06/12 12:57 a.m.65 views

CVE-2026-11846

creationtimestamp| type| source ---|---|--- 2026-06-12 00:57:00+00:00| seen| https://www.twcert.org.tw/en/cp-139-10970-e4b21-2.html 2026-06-12 11:00:22+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mo3ll2uhvd2u 2026-06-12 13:11:57+00:00| seen|...

8.1CVSS5.8AI score0.00401EPSS
Exploits0References3
nessus
nessus
added 2026/06/12 12:0 a.m.14 views

SAP NetWeaver AS Java Apache Log4j Vulnerability (3726899)

The version of SAP NetWeaver Application Server Java detected on the remote host is affected by a vulnerability in the Apache Log4j library as referenced in SAP Security Note 3726899: - The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname...

6.3CVSS6.1AI score0.00743EPSS
Exploits1References2
nvd
nvd
added 2026/06/11 5:16 p.m.18 views

CVE-2026-44494

Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into a full Man-in-the-Middle MIT...

8.7CVSS0.01041EPSS
Exploits1References35
vulnrichment
vulnrichment
added 2026/06/11 3:32 p.m.10 views

CVE-2026-44494 Axios: Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`

Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into a full Man-in-the-Middle MIT...

8.7CVSS5.4AI score0.01041EPSS
Exploits1References1
circl
circl
added 2026/06/11 12:0 a.m.15 views

CVE-2026-53461

creationtimestamp| type| source ---|---|--- 2026-06-11 00:00:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnxwaarvuq2v 2026-06-11 01:46:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mny45o6kxl2d...

7.5CVSS5.3AI score0.00353EPSS
Exploits0References2
nvd
nvd
added 2026/06/10 10:16 p.m.18 views

CVE-2026-10143

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In scram.py, ScramClient.processserverfirstmessage...

8.7CVSS0.00517EPSS
Exploits0References10
redhatcve
redhatcve
added 2026/06/10 9:2 p.m.8 views

CVE-2026-45595

Protection mechanism failure in Windows Mark of the Web MOTW allows an unauthorized attacker to bypass a security feature over a network...

5.4CVSS5.4AI score0.00423EPSS
Exploits0References1
Rows per page
Query Builder