Lucene search
+L

346 matches found

redhat
redhat
added 2 days ago5 views

Important: Red Hat Security Advisory: python3.9 security, bug fix, and enhancement update

An update for python3.9 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

8.7CVSS6.1AI score0.00553EPSS
Exploits0References3
cve
cve
added 4 days ago10 views

CVE-2026-12274

CVE-2026-12274 affects the Tutor LMS WordPress plugin prior to 3.9.13. The underlying issue is that content-builder save handlers do not verify that the requesting user is authorized to edit the target post, instead authenticating only against an unrelated identifier. This allows authenticated us...

6.5CVSS6.1AI score0.00184EPSS
Exploits0References1
osv
osv
added 2026/07/08 3:44 p.m.7 views

CVE-2026-59880 Immutable.js: Hash-collision algorithmic complexity denial of service in Immutable.Map/Set

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immutable.Map and Immutable.Set keep keys that share the same 32-bit hash in a HashCollisionNode collision bucket that is scanned linearly, allowing an attacker who controls keys inserted into a Map, such a...

8.7CVSS6.1AI score0.0037EPSS
Exploits1References7
patchstack
patchstack
added 2026/07/06 2:18 p.m.5 views

WordPress Tutor LMS plugin <= 3.9.13 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by TristanInSec in WordPress Plugin Tutor LMS versions = 3.9.13...

6.5CVSS5.9AI score0.00237EPSS
Exploits0Affected Software1
cve
cve
added 2026/07/02 11:15 a.m.14 views

CVE-2026-57684

CVE-2026-57684 describes a Cross Site Scripting (XSS) vulnerability in WordPress TheFox theme (versions

6.5CVSS5.8AI score0.00171EPSS
Exploits0References1
nvd
nvd
added 2026/06/26 3:16 p.m.7 views

CVE-2026-54847

Unauthenticated Broken Access Control in Stylish Cost Calculator = 8.3.9 versions...

7.5CVSS0.00278EPSS
Exploits0References1
cve
cve
added 2026/06/26 2:52 p.m.17 views

CVE-2026-54847

The CVE-2026-54847 entry concerns the WordPress plugin “Stylish Cost Calculator” (versions

7.5CVSS5.8AI score0.00278EPSS
Exploits0References1
euvd
euvd
added 2026/06/26 2:52 p.m.7 views

EUVD-2026-39684

Unauthenticated Broken Access Control in Stylish Cost Calculator = 8.3.9 versions...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References1
astralinux
astralinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in openexr

OpenEXR provides the specification and reference implementation of the EXR file format, a image storage format for the motion picture industry. From version 3.2.0 up to versions 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder used signed 32-bit arithmetic to construct temporary per-component block...

8.8CVSS5.7AI score0.00419EPSS
Exploits1References2
nessus
nessus
added 2026/06/24 12:0 a.m.11 views

Oracle Linux 9 : python3.9 (ELSA-2026-18693)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18693 advisory. - Security fixes for CVE-2026-4786 and CVE-2026-6100 Resolves: RHEL-167919, RHEL-168161 - Security fix for CVE-2026-4519 Resolves: RHEL-158117 Tenable has...

9.1CVSS7AI score0.00579EPSS
Exploits0References2
euvd
euvd
added 2026/06/17 1:51 p.m.13 views

EUVD-2026-37713

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4...

9.3CVSS5.6AI score0.00317EPSS
Exploits0References1
nvd
nvd
added 2026/06/15 9:16 p.m.10 views

CVE-2026-42651

Subscriber Broken Access Control in Classified Listing = 5.3.9 versions...

6.3CVSS0.00242EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/15 8:41 p.m.35 views

CVE-2026-48714 i18next-http-middleware missingKeyHandler does not reject keys whose segments contain prototype-polluting names

i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. In versions prior to 3.9.7, the missingKeyHandler blocked the literal request-body keys proto, constructor, and prototype added in 3.9.3, see GHSA-5fgg-jcpf-8jjw, but did not...

9.1CVSS0.00419EPSS
Exploits0References2
euvd
euvd
added 2026/06/15 8:18 p.m.11 views

EUVD-2026-36819

Subscriber Broken Access Control in Classified Listing = 5.3.9 versions...

6.3CVSS5.1AI score0.00242EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:18 p.m.9 views

CVE-2026-42651 WordPress Classified Listing plugin <= 5.3.9 - Broken Access Control vulnerability

Subscriber Broken Access Control in Classified Listing = 5.3.9 versions...

6.3CVSS5.1AI score0.00242EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/15 12:0 a.m.13 views

PT-2026-49445

Subscriber Broken Access Control in Classified Listing = 5.3.9 versions...

6.3CVSS5.1AI score0.00242EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/09 8:59 p.m.9 views

CVE-2026-48303 Adobe Campaign Classic (ACC) | Incorrect Authorization (CWE-863)

Adobe Campaign Classic ACC versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS6.2AI score0.00553EPSS
Exploits0References1
nessus
nessus
added 2026/06/09 12:0 a.m.18 views

EulerOS 2.0 SP11 : glibc (EulerOS-SA-2026-2243)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The iconv function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or...

7.5CVSS5.5AI score0.0038EPSS
Exploits1References2
euvd
euvd
added 2026/05/28 5:17 p.m.19 views

EUVD-2026-32959

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common...

6CVSS5.8AI score0.00105EPSS
Exploits0References2
cve
cve
added 2026/05/27 6:46 a.m.31 views

CVE-2026-3897

The CVE-2026-3897 entry describes a Stored XSS in the Livemesh Addons for Beaver Builder WordPress plugin, via the labb_admin_ajax action. Affected versions are all up to 3.9.2. Root cause is missing authorization checks despite nonce verification, enabling authenticated Subscriber+ users to modi...

6.4CVSS5.8AI score0.00223EPSS
Exploits0References4
Rows per page
Query Builder