Lucene search
+L

348 matches found

NVD
NVD
added 4 days ago4 views

CVE-2026-57771

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Milan Petrovic GD Rating System gd-rating-system allows Blind SQL Injection.This issue affects GD Rating System: from n/a through = 3.7...

8.5CVSS0.00253EPSS
Exploits0References1
Fedora
Fedora
added 6 days ago7 views

[SECURITY] Fedora 44 Update: tmux-3.7b-2.fc44

tmux is a "terminal multiplexer." It enables a number of terminals or windows to be accessed and controlled from a single terminal. tmux is intended to be a simple, modern, BSD-licensed alternative to programs such as GNU Screen...

4.5CVSS6.1AI score0.00124EPSS
Exploits0
EUVD
EUVD
added 2026/07/10 4:31 a.m.6 views

EUVD-2026-42803

The affiliate-toolkit – WP Affiliate Plugin with Amazon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'atkpproduct' shortcode in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. Th...

6.4CVSS6.1AI score0.00333EPSS
Exploits0References3
OSV
OSV
added 2026/07/09 10:19 p.m.4 views

CVE-2026-59855 SiYuan: Store XSS To Rce via Asset.render

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, Asset.render in app/src/asset/index.ts interpolates the unsanitized this.path value into HTML assigned to innerHTML, allowing a crafted asset link containing a double quote to break out of the src attribute, inject an...

8.6CVSS6.2AI score0.00305EPSS
Exploits0References5
CVE
CVE
added 2026/07/09 10:18 p.m.10 views

CVE-2026-59832

SiYuan before 3.7.1 is affected by an authenticated path traversal in the /snippets/*filepath route (serveSnippets) where the handler in kernel/server/serve.go joins a single-decoded path with the snippets directory without subpath containment or sensitive-path checks, allowing requests like /sni...

7.7CVSS6AI score0.00316EPSS
Exploits0References3
CVE
CVE
added 2026/07/09 10:17 p.m.11 views

CVE-2026-59833

SiYuan (open-source PIM) prior to 3.7.1 uses Lute with sanitization, but the per-attribute URL-scheme sanitizer fails to check form action and SVG xlink:href attributes. This allows stored XSS in document export-preview and Bazaar package README rendering paths, with potential to execute OS comma...

8.6CVSS5.9AI score0.00388EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/09 8:22 a.m.40 views

CVE-2026-5793 XSS in Inrove Software's BiEticaret

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Inrove Software and Internet Services BiEticaret allows Reflected XSS. This issue affects BiEticaret: before v3.3.57...

6.1CVSS0.00149EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/09 7:55 a.m.6 views

EUVD-2026-42537

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.3.7. This is due to the plugin not properly verifying that a user is authorized to perform an...

5.3CVSS5.9AI score0.00323EPSS
Exploits0References10
OSV
OSV
added 2026/07/07 11:45 a.m.6 views

PYSEC-2026-1148 Improper Certificate Validation vulnerability in Apache Airflow FTP Provider

Improper Certificate Validation vulnerability in Apache Airflow FTP Provider. The FTP hook lacks complete certificate validation in FTPTLS connections, which can potentially be leveraged. Implementing proper certificate validation by passing context=ssl.createdefaultcontext during FTPTLS...

2.7CVSS6AI score0.00626EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:27 p.m.5 views

CVE-2026-54765

Traefik is an open source HTTP reverse proxy and load balancer. From v3.7.0 prior to v3.7.6, Traefik's Kubernetes Gateway API provider may resolve two accepted HTTPRoutes that target the same backend Service:port but configure different backendRef filters to the same child service and apply only...

6.3CVSS5.9AI score0.00346EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/27 6:11 a.m.3 views

BELL-CVE-2026-53274

Bulletin has no description...

5.5CVSS5.7AI score0.00126EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:24 p.m.19 views

CVE-2026-55570 SiYuan: Stored XSS results to Electron RCE in SiYuan marketplace via unescaped `data-obj` attribute (Bypass for CVE-2026-45375's patch)

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields name, version, author, description when they are serialized into the data-obj HTML attribute of each marketplace card. Because the attribute is single-quoted and the value is...

9CVSS0.00327EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:21 p.m.21 views

CVE-2026-54759 SiYuan: Lute HTML sanitizer allows `<iframe>` tags in Bazaar package README, leading to arbitrary command execution via SiYuan Electron client

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, Lute's HTML sanitizer does not remove elements. Combined with the SiYuan Electron client's permissive security configuration, an attacker can include a malicious in a Bazaar package README that executes arbitrary...

8.7CVSS0.00262EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability in Python 3.11

The poplib module, when a user-controlled command is passed to it, can have additional commands injected using newlines. Mitigation rejects commands that contain control characters...

5.9CVSS6.8AI score0.00315EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.11 views

Astra Linux – Vulnerability in Python 3.11

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL’s media type...

6CVSS7.1AI score0.0048EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.11 views

Astra Linux – Vulnerability in Python 3.11

When using http.cookies.Morsel, user-controlled cookie values and parameters may allow the injection of HTTP headers into messages. The patch rejects all control characters within cookie names, values, and parameters...

6CVSS7AI score0.00401EPSS
Exploits0References3
OSV
OSV
added 2026/06/23 7:13 p.m.3 views

CVE-2026-53622 Traefik: HTTP/3 mTLS bypass via exact SNI TLSOptions lookup for wildcard and mixed-case hosts

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 QUIC TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake...

7.8CVSS6AI score0.0024EPSS
Exploits1References7
NVD
NVD
added 2026/06/20 9:16 a.m.16 views

CVE-2026-11912

The Simple File List plugin for WordPress is vulnerable to arbitrary file modification due to insufficient authorization checks in all versions up to, and including, 6.3.7. This makes it possible for unauthenticated attackers to delete and modify files on the serve. This vulnerability is...

7.5CVSS0.00433EPSS
Exploits0References7
NVD
NVD
added 2026/06/17 1:19 p.m.11 views

CVE-2025-69139

Unauthenticated Arbitrary File Deletion in Car Zone = 3.7 versions...

8.6CVSS0.00533EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.26 views

CVE-2025-69139 WordPress Car Zone theme <= 3.7 - Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion in Car Zone = 3.7 versions...

8.6CVSS0.00533EPSS
Exploits0References1
Rows per page
Query Builder