Lucene search
K

7 matches found

NVD
NVD
added yesterday6 views

CVE-2026-53517

Better Auth is an authentication and authorization library for TypeScript. From 1.4.8-beta.7 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint on the refreshtoken grant performs a non-atomic read, validate, revoke, and mint sequence on the oauthRefreshToken row, allowing...

8.1CVSS0.00029EPSS
Exploits0References3
NVD
NVD
added 2026/03/05 6:16 a.m.6 views

CVE-2026-23801

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in fuelthemes The Issue theissue allows PHP Local File Inclusion.This issue affects The Issue: from n/a through = 1.6.11...

8.1CVSS0.00504EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.10 views

PT-2026-6802

Name of the Vulnerable Software and Affected Versions Sliver versions prior to 1.6.11 Description Sliver is a command and control framework that utilizes a custom Wireguard netstack. A path traversal issue exists in the website content subsystem, allowing an authenticated operator to read arbitra...

9.9CVSS5.8AI score0.34346EPSS
Exploits45References116
RedhatCVE
RedhatCVE
added 2025/10/01 4:23 a.m.12 views

CVE-2025-8608

The Mihdan: Elementor Yandex Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 1.6.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5AI score0.00224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:32 p.m.5 views

CVE-2021-4388

The Opal Estate plugin for WordPress is vulnerable to featured property modifications in versions up to, and including, 1.6.11. This is due to missing capability checks on the opalestatesetfeatureproperty and opalestateremovefeatureproperty functions. This makes it possible for unauthenticated...

5.3CVSS5.9AI score0.0073EPSS
Exploits1References1
OSV
OSV
added 2023/12/19 10:15 p.m.5 views

CVE-2023-46624

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Parcel Pro.This issue affects Parcel Pro: from n/a through 1.6.11...

6.1CVSS5.8AI score0.00414EPSS
Exploits0References1
OSV
OSV
added 2023/09/20 9:15 a.m.5 views

CVE-2023-41374

Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of...

7.8CVSS5.9AI score0.00186EPSS
Exploits0References2
Rows per page
Query Builder