Lucene search
K

651 matches found

EUVD
EUVD
added 2026/07/03 1:28 a.m.12 views

EUVD-2026-41469

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 4.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS5.8AI score0.00301EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.9 views

PT-2026-55053

Name of the Vulnerable Software and Affected Versions WPIDE – File Manager & Code Editor versions prior to 3.5.7 Description An unauthenticated Cross Site Request Forgery CSRF issue exists. CSRF is a flaw that allows an attacker to trick a victim into performing actions they did not intend to do ...

8.8CVSS6AI score0.00142EPSS
Exploits0References5
CVE
CVE
added 2026/06/30 8:53 a.m.12 views

CVE-2026-6953

CVE-2026-6953 describes an HTML injection in Intermark IT's WebControl CMS v3.5. The vulnerability allows an attacker to send HTML-containing content to a victim via the contact form by crafting a request to /processContact.do with parameters such as nombreApellidos, dirección, and comentarios. A...

5.1CVSS5.8AI score0.0036EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 12:8 p.m.7 views

EUVD-2026-38425

Totolink EX1200L router is vulnerable to Buffer Overflow in the login functionality in cgi-bin/cstecgi.cgi endpoint. This vulnerability could be exploited to cause the program to crash and to execute code remotely. This allows the attacker to perform actions as root including reading and editing...

9.4CVSS5.9AI score0.0023EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 10:16 p.m.15 views

CVE-2026-48997

e107 is a content management system CMS. Versions 2.3.5 and earlier contain a command injection vulnerability in the ImageMagick resize destination path. In resizeimage, the source path is escaped with escapeshellarg, but the destination path is inserted inside raw double quotes in the convert...

7.1CVSS0.00747EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.11 views

CVE-2026-22339

Unauthenticated Cross Site Scripting XSS in WPJobster = 6.3.5 versions...

7.1CVSS0.0023EPSS
Exploits0References1
Circl
Circl
added 2026/06/16 9:0 p.m.9 views

CVE-2026-35327

creationtimestamp| type| source ---|---|--- 2026-06-16 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1923 2026-06-17 05:31:59+00:00| seen| https://www.acn.gov.it/portale/w/critical-patch-update-di-oracle-8...

7.6CVSS4.9AI score0.0027EPSS
Exploits0References2
CVE
CVE
added 2026/06/16 7:27 p.m.18 views

CVE-2026-35319

Technical details for CVE-2026-35319 are not provided in the supplied documents; no affected products, versions, or exploit information are disclosed here. Monitor for updates.

9.8CVSS5.2AI score0.00483EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/16 7:26 p.m.16 views

CVE-2026-35282

Technical details for CVE-2026-35282 are not publicly provided in the supplied documents. Monitor for updates from Oracle security alerts and CVE records.

9.9CVSS5.3AI score0.00402EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49518

Unauthenticated SQL Injection in eCommerce Product Catalog = 3.5.5 versions...

9.3CVSS5.7AI score0.00289EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 8:16 p.m.18 views

CVE-2026-47260

Koel is a free, open-source music streaming solution. Prior to version 9.3.5, Koel validates the podcast feed URL via the SafeUrl rule DNS resolution + public IP check, but the individual episode values extracted from the RSS XML are stored directly into the database without any SSRF validation...

7.7CVSS0.00263EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 4:16 p.m.23 views

CVE-2026-50011

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, RedisArrayAggregator pre-allocates ArrayList with initial capacity equal to the RESP array element count declared in an array header. That count is taken fro...

7.5CVSS0.0038EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/12 2:0 p.m.12 views

EUVD-2026-36432

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then...

7.5CVSS5.4AI score0.00594EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/05/30 12:0 a.m.34 views

Quality-Diversity Evolution for Discovering Diverse Vulnerabilities in LLM Safety

Current approaches to LLM adversarial testing suffer from coverage gaps: manual red-teaming does not scale, LLM-as-attacker methods exhibit mode collapse, and gradient-based approaches produce uninterpretable gibberish. We introduce a quality-diversity evolutionary framework that operates at the...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/05/28 4:25 p.m.22 views

EUVD-2026-32947

EspoCRM is an open source customer relationship management application. Prior to 9.3.5, the POST /api/v1/EmailTemplate/:id/prepare endpoint accepts an emailAddress parameter and resolves the owning entity Contact, Lead, Account, or User without performing an ACL check. An authenticated user with...

6.5CVSS5.8AI score0.00346EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 4:24 p.m.31 views

CVE-2026-41160 EspoCRM: Broken Access Control / IDOR in Note Pinning API allows unauthorized modification of notes

EspoCRM is an open source customer relationship management application. Prior to 9.3.5, a business logic flaw Broken Access Control in EspoCRM 9.3.3 allows low-privileged users to pin arbitrary notes without having the required edit permissions for the parent object. Due to a "write first,...

4.3CVSS0.00292EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 4:24 p.m.23 views

CVE-2026-41160

CVE-2026-41160 describes a Broken Access Control (IDOR) in EspoCRM prior to 9.3.5 where low-privilege users could pin notes without proper edit permissions due to a write-first, authorize-later flaw in the POST /api/v1/Note/{id}/pin path. The root cause is in application/Espo/Tools/Stream/Api/Pos...

4.3CVSS6AI score0.00292EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/27 8:13 p.m.12 views

CVE-2026-46620

e107 is a content management system CMS. Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how sessionhandler::check handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validates...

6.5CVSS5.8AI score0.00133EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 9:27 p.m.10 views

CVE-2026-44903

Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...

5.1CVSS5.9AI score0.00182EPSS
Exploits0References3Affected Software1
Microsoft KB
Microsoft KB
added 2026/05/26 12:0 a.m.64 views

May 26, 2026-KB5092430 Cumulative Update Preview for .NET Framework 3.5 and 4.8.1 for Windows 11, version 24H2

None None...

6.1AI score
Exploits0
Rows per page
Query Builder