Lucene search
+L

163 matches found

osv
osv
added 2026/05/18 1:48 p.m.3 views

CLEANSTART-2026-XK75621 Security fixes for CVE-2025-54410, CVE-2026-32952, CVE-2026-33186, ghsa-4vq8-7jfc-9cvp, ghsa-p77j-4mvh-x3m3, ghsa-pjcq-xvwq-hhpj applied in versions: 9.3.3-r0, 9.3.3-r1

Multiple security vulnerabilities affect the elastic-beats package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS5.8AI score0.01557EPSS
Exploits1References10
vulnrichment
vulnrichment
added 2026/05/18 12:0 a.m.8 views

CVE-2025-57282

ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection...

5.8AI score0.00981EPSS
Exploits0References2
cve
cve
added 2026/05/18 12:0 a.m.28 views

CVE-2025-57282

CVE-2025-57282 affects ngrok v4.3.3 and 5.0.0-beta.2 and is described as vulnerable to Command Injection. The connected documents confirm the affected software and the vulnerability class but do not provide exploitation details, root cause specifics, or remediation steps beyond what is stated. No...

8.8CVSS5.8AI score0.00981EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/05/07 12:0 a.m.13 views

PT-2026-38333

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.0.0 through 3.2.8 OpenEXR versions 3.3.0 through 3.3.10 OpenEXR versions 3.4.0 through 3.4.10 Description An integer overflow exists in the ImageChannel::resize function, which can lead to a heap out-of-bounds OOB write—a...

8.8CVSS5.9AI score0.00439EPSS
Exploits1References52
euvd
euvd
added 2026/04/24 6:49 p.m.7 views

EUVD-2026-25612

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, 4ga Boards is vulnerable to user enumeration via a timing side-channel in the login endpoint POST /api/access-tokens. When an invalid username/email is provided, the server responds immediately 17ms average. When a val...

5.3CVSS5.3AI score0.00197EPSS
Exploits0References1
euvd
euvd
added 2026/04/13 8:37 p.m.10 views

EUVD-2026-22098

EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/importEml endpoint contains an Insecure Direct Object Reference IDOR vulnerability where the attacker-supplied fileId parameter is used to fetch any attachment directly from...

5.4CVSS5.8AI score0.00211EPSS
Exploits1References3
osv
osv
added 2026/04/13 8:32 p.m.3 views

CVE-2026-33659 EspoCRM: SSRF via DNS Rebinding in Attachment fromImageUrl Endpoint Allows Internal Network Access

EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Attachment/fromImageUrl endpoint is vulnerable to Server-Side Request Forgery SSRF via a DNS rebinding TOCTOU condition. Host validation uses dnsgetrecord but the actual HTTP...

3.5CVSS6.6AI score0.00333EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2026/04/13 12:0 a.m.11 views

PT-2026-32522

EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/importEml endpoint contains an Insecure Direct Object Reference IDOR vulnerability where the attacker-supplied fileId parameter is used to fetch any attachment directly from...

5.4CVSS5.8AI score0.00211EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2026/04/10 12:0 a.m.9 views

PT-2026-32596

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.133 Description An SQL identifier injection exists in SQLiteConversationStore where the table prefix configuration value is directly concatenated into SQL queries using f-strings without validation or...

9.8CVSS5.8AI score0.00297EPSS
Exploits1References16
euvd
euvd
added 2026/04/08 9:31 a.m.6 views

EUVD-2026-20349

Cross-Site Request Forgery CSRF vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fees-for-checkout allows Cross Site Request Forgery.This issue affects Extra Fees Plugin for WooCommerce: from n/a through = 4.3.3...

5.9AI score0.00102EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/04/08 8:30 a.m.2 views

CVE-2026-39671

Cross-Site Request Forgery CSRF vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fees-for-checkout allows Cross Site Request Forgery.This issue affects Extra Fees Plugin for WooCommerce: from n/a through = 4.3.3...

5.9AI score0.00102EPSS
Exploits0References2
circl
circl
added 2026/03/26 7:16 p.m.6 views

CVE-2026-33536

creationtimestamp| type| source ---|---|--- 2026-03-26 19:16:15+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-33536 2026-05-01 15:50:35+00:00| seen| https://vulnerability.circl.lu/bundle/63ae1405-3878-4622-935b-6ee96a75dc90...

5.1CVSS5.8AI score0.00128EPSS
Exploits0References2
nvd
nvd
added 2026/03/13 7:55 p.m.4 views

CVE-2026-32448

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through = 4.3.3...

6.5CVSS0.00133EPSS
Exploits0References1
atlassian
atlassian
added 2026/03/12 8:28 p.m.21 views

Path Traversal node-tar Dependency in Jira Software Data Center

This High severity Path Traversal vulnerability was introduced in versions 9.15.2, 9.16.0, 9.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.1 of Jira Software Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.8 and a CVS...

8.8CVSS5.8AI score0.00233EPSS
Exploits1
nvd
nvd
added 2026/03/05 7:16 p.m.9 views

CVE-2026-27944

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...

9.8CVSS0.22162EPSS
Exploits13References1
euvd
euvd
added 2026/02/25 3:31 p.m.7 views

EUVD-2026-8658

A vulnerability was determined in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this vulnerability is an unknown functionality of the file /api/admin/sys-user/reset/password/ of the component Password Reset Handler. This manipulation of the argument userId causes use of default...

6.5CVSS5.1AI score0.00222EPSS
Exploits1References8
cgr
cgr
added 2026/02/25 1:17 p.m.14 views

GHSA-WX95-C6CV-8532 vulnerabilities

Vulnerabilities for packages: ruby4.0-rails, ruby3.4-rails, ruby3.2-rails, ruby3.3-rails...

6.1AI score
Exploits0
osv
osv
added 2026/02/25 6:16 a.m.7 views

CVE-2026-3100

The FTP Backup on the ADM will not properly strictly enforce TLS certificate verification while connecting to an FTP server using FTPES/FTPS. An improper validated TLS/SSL certificates allows a remote attacker can intercept network traffic to perform a Man-in-the-Middle MitM attack, which may...

6.5CVSS5.9AI score0.00179EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/02/25 3:8 a.m.5 views

CVE-2026-27744

The SPIP tickets plugin versions prior to 4.3.3 contain an unauthenticated remote code execution vulnerability in the forum preview handling for public ticket pages. The plugin appends untrusted request parameters into HTML that is later rendered by a template using unfiltered environment renderi...

9.8CVSS6.4AI score0.00908EPSS
Exploits0References6
cvelist
cvelist
added 2026/02/25 3:8 a.m.30 views

CVE-2026-27745 SPIP interface_traduction_objets < 2.2.2 Authenticated RCE

The SPIP interfacetraductionobjets plugin versions prior to 2.2.2 contain an authenticated remote code execution vulnerability in the translation interface workflow. The plugin incorporates untrusted request data into a hidden form field that is rendered without SPIP output filtering. Because...

8.8CVSS0.00761EPSS
Exploits0References5
Rows per page
Query Builder