Lucene search
K

75 matches found

NVD
NVD
added 2 days ago6 views

CVE-2026-13459

The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS0.00333EPSS
Exploits0References12
NVD
NVD
added 2026/06/15 9:16 p.m.7 views

CVE-2026-42639

Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...

9.3CVSS0.00283EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.5 views

EUVD-2026-36815

Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.9 views

CVE-2026-8320

A security vulnerability has been detected in jishenghua jshERP up to 3.6. This affects the function getUserByWeixinCode of the file jshERP-boot/src/main/java/com/jsh/erp/service/UserService.java of the component updatePlatformConfigByKey Endpoint. Such manipulation of the argument weixinUrl lead...

5.8CVSS5.2AI score0.00223EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/23 6:30 p.m.12 views

CVE-2018-25356 SIPp 3.6 Local Buffer Overflow via Command-line Arguments

SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can trigger the vulnerability by supplying oversized input to the -3pcc, -i, or -logfile parameters,...

8.6CVSS6.2AI score0.00162EPSS
Exploits0References4
OSV
OSV
added 2026/05/18 7:52 a.m.9 views

SUSE-SU-2026:1952-1 Security update for ovmf

This update for ovmf fixes the following issues - CVE-2026-25833: mbedtls: buffer underflow in x509inetptonipv6 bsc1261476. - CVE-2026-25834: mbedtls: Algorithm downgrade vulnerability bsc1261477. - CVE-2026-25835: mbedtls: PSA random generator cloning bsc1261478. - CVE-2026-34874: mbedtls: NULL...

7.7CVSS5.9AI score0.00308EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/04/13 7:24 p.m.5 views

CVE-2026-39510

Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Photo Gallery Final Tiles Grid: from n/a through = 3.6.11...

2.7CVSS5.8AI score0.00204EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/06 9:5 p.m.1 views

CVE-2026-35472

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=EstoqueControle...

5.1CVSS6AI score0.00224EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.4 views

PT-2026-30121

Name of the Vulnerable Software and Affected Versions Juju versions 2.9 through 2.9.55 and 3.6 through 3.6.18 Description Juju, an application orchestration engine, allows any authenticated user, machine, or controller to modify application resources within a Juju controller. This impacts version...

7.1CVSS5.9AI score0.00232EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/03/26 9:14 p.m.2 views

CVE-2026-33669 SiYuan has Arbitrary Document Reading within the Publishing Service

SiYuan is a personal knowledge management system. Prior to version 3.6.2, document IDs were retrieved via the /api/file/readDir interface, and then the /api/block/getChildBlocks interface was used to view the content of all documents. Version 3.6.2 patches the issue...

9.8CVSS5.9AI score0.00523EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.9 views

CVE-2026-33135

WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the novomemorandoo.php endpoint. An attacker can inject arbitrary JavaScript into the sccs GET parameter, which is directly echoed into the HTML response without...

9.3CVSS6AI score0.00224EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.4 views

CVE-2026-33136

WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the listarmemorandosativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed into...

9.3CVSS6AI score0.00214EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.7 views

Adobe Substance3D Stager 缓冲区错误漏洞

Substance 3D Stager is the United States of America Ordoby Adobe company launched a dedicated to the 3D scene set, lighting settings and high-quality rendering of professional software. An out-of-bounds write vulnerability exists in Adobe Substance 3D Stager 3.1.6 and earlier versions, which can ...

7.8CVSS6.1AI score0.00176EPSS
Exploits0References1
OSV
OSV
added 2026/01/28 11:15 p.m.5 views

CVE-2026-1549

A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/plugin/uploadPluginConfigFile of the component PluginController. Such manipulation of the argument configFile leads to path traversal. The attack may ...

5.3CVSS5.2AI score
Exploits0References6
CVE
CVE
added 2026/01/28 8:3 p.m.25 views

CVE-2025-14472

CVE-2025-14472 is a CSRF vulnerability in the Drupal Acquia Content Hub integration. Affected versions are Acquia Content Hub 0.0.0–3.6.3 and 3.7.0–3.7.2. Root cause is a CSRF protection gap that could allow actions on behalf of authenticated users. The CVSS 3.1 base metrics indicate HIGH impact ...

8.1CVSS5.9AI score0.0013EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/01/27 4:16 p.m.3 views

ALPINE-CVE-2025-11187

Issue summary: PBMAC1 parameters in PKCS12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification. Impact summary: The stack buffer overflow or NULL pointer dereference may cause a crash leading to Denial o...

6.1CVSS6.3AI score0.00515EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/01/16 7:41 p.m.5 views

CVE-2026-23727 WeGIA has an Open Redirect Vulnerability in control.php Endpoint via nextPage Parameter (metodo=listarTodos, nomeClasse=TipoSaidaControle)

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=TipoSaidaControl...

4.8CVSS6.4AI score0.0018EPSS
Exploits1References3
CVE
CVE
added 2026/01/16 7:37 p.m.17 views

CVE-2026-23724

CVE-2026-23724 affects the WeGIA web manager. A Stored Cross‑Site Scripting (XSS) vulnerability exists in the html/atendido/cadastro_ocorrencia.php endpoint where user-controlled data is rendered in the “Atendido” dropdown without sanitization. This could allow injection in Attendido_idatendido f...

5.4CVSS5AI score0.00181EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.2 views

MiracleLinux 4 : firefox-3.6.26-1.0.1.AXS4, xulrunner-1.9.2.26-1.0.1.AXS4 (AXSA:2012-194:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-194:02 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security issues fixed with this releas...

10CVSS8.8AI score0.36511EPSS
Exploits11References6
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.5 views

CVE-2023-4109

The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin before 3.6.26 was affected by a HTML Injection security vulnerability...

4.8CVSS7AI score0.00379EPSS
Exploits2References1
Rows per page
Query Builder