Lucene search
+L

237 matches found

NVD
NVD
added 6 days ago4 views

CVE-2026-57382

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mitchell Bennis Simple File List simple-file-list allows Reflected XSS.This issue affects Simple File List: from n/a through = 6.3.8...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 6 days ago6 views

CVE-2026-57382

CVE-2026-57382 is a reflected XSS vulnerability in the WordPress plugin Simple File List (version range: affected up to 6.3.8). The issue arises in the plugin’s web page generation and input handling, enabling a reflected cross-site scripting payload. CVSSv3.1 metrics indicate Network attack vect...

7.1CVSS6.1AI score0.0018EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/12 12:0 a.m.8 views

PT-2026-57577

Name of the Vulnerable Software and Affected Versions Leantime versions prior to 3.8.1 Description An improper authorization issue exists in the API component within the Setting::saveSetting function. This flaw allows a remote attacker to manipulate settings due to insufficient authorization...

6.5CVSS6.7AI score0.00333EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/25 1:12 p.m.8 views

EUVD-2026-39372

Unauthenticated Local File Inclusion in MDTF = 1.3.8 versions...

8.1CVSS5.8AI score0.00274EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 6:35 p.m.12 views

EUVD-2026-37633

Unauthenticated Cross Site Scripting XSS in JetEngine = 3.8.10 versions...

7.1CVSS5.2AI score0.00146EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.10 views

CVE-2026-42658

Unauthenticated Cross Site Scripting XSS in Classified Listing = 5.3.8 versions...

7.1CVSS0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.9 views

EUVD-2026-36823

Unauthenticated Cross Site Scripting XSS in Classified Listing = 5.3.8 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.14 views

CVE-2026-42658

The CVE-2026-42658 entry concerns the WordPress Classified Listing plugin, affected versions

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:18 p.m.9 views

CVE-2026-42658 WordPress Classified Listing plugin <= 5.3.8 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Classified Listing = 5.3.8 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.8 views

EUVD-2026-36816

Unauthenticated Broken Access Control in Classified Listing = 5.3.8 versions...

6.5CVSS5.1AI score0.00188EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49442

Unauthenticated Broken Access Control in Classified Listing = 5.3.8 versions...

6.5CVSS5.1AI score0.00188EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.10 views

PT-2026-49449

Unauthenticated Cross Site Scripting XSS in Classified Listing = 5.3.8 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/15 12:0 a.m.10 views

Security update for cyrus-imapd (important)

openSUSE Security Update: Security update for cyrus-imapd Announcement ID: openSUSE-SU-2026:0204-1 Rating: important References: 1241536 1241543 1246165 1251788 Cross-References: CVE-2025-23394 CVE-2025-49812 CVSS scores: CVE-2025-49812 SUSE: 8.3...

8.3CVSS5.5AI score0.00512EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/12 2:27 a.m.10 views

CVE-2026-48613

SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. Only applies to phpBB forums that had been updated from versions prior to phpBB 3.3.8 and have not been updated ...

5.9CVSS6.5AI score0.00155EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 5:17 p.m.18 views

CVE-2026-42679

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Mamunur Rashid Classified Listing allows Path Traversal. This issue affects Classified Listing: from n/a through 5.3.8...

6.5CVSS0.00295EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/01 3:13 p.m.32 views

CVE-2026-42679 WordPress Classified Listing plugin <= 5.3.8 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Mamunur Rashid Classified Listing allows Path Traversal. This issue affects Classified Listing: from n/a through 5.3.8...

6.5CVSS0.00295EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.19 views

PT-2026-45466

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Mamunur Rashid Classified Listing allows Path Traversal. This issue affects Classified Listing: from n/a through 5.3.8...

6.5CVSS5.8AI score0.00295EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/14 8:32 p.m.14 views

CVE-2026-44666 HRConvert2: Missing Sanitization enables Unauthenticated Remote Command Execution

HRConvert2 is a self-hosted, drag-and-drop & nosql file conversion server & share tool. Prior to 3.3.8, the sanitizeString function in convertCore.php is missing backtick and tab \t from its strip list. User input then reaches shellexec, where the shell interprets these characters and commands...

9.3CVSS5.8AI score0.00297EPSS
Exploits0References2
OSV
OSV
added 2026/05/06 2:44 p.m.7 views

BIT-JAVA-MIN-2024-20922

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated...

2.5CVSS6.8AI score0.00303EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/06 2:21 p.m.12 views

CVE-2026-42220

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, an authenticated user can call GET /api/settings and retrieve sensitive configuration values, including node.secret. The same node.secret is accepted by AuthRequired through the X-Node-Secret header or nodesecret...

6.5CVSS5.7AI score0.00299EPSS
Exploits1References1
Rows per page
Query Builder