Lucene search
K

35 matches found

CVE
CVE
added 3 days ago10 views

CVE-2026-57747

CVE-2026-57747 is an unauthenticated CSRF vulnerability in the WordPress Booked plugin

6.5CVSS5.8AI score0.00124EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:44 a.m.6 views

CVE-2026-56130

"Remember me" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie and reuse it indefinitely, even after the configured expiration time has passed. This issue affects all Apache Shiro versions from 1.2.4 through 2.x, and 3.0.0-alpha-1, only whe...

2CVSS5.9AI score0.00224EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/17 6:11 p.m.13 views

EUVD-2026-36728

Multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads...

7.5CVSS5.2AI score0.00278EPSS
Exploits0References3
CVE
CVE
added 2026/06/15 1:56 p.m.232 views

CVE-2026-5079

The CVE-2026-5079 issue affects the Multer library (versions 1.0.0–2.1.1 and 3.0.0-alpha.1). The vulnerability arises from the append-field dependency parsing bracket notation in field names with no limit on nesting depth, which can cause the allocation of deeply nested object structures and cons...

7.5CVSS5.4AI score0.00278EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/26 5:43 a.m.10 views

WordPress Brikk theme <= 3.0.0 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by Denver Jackson in WordPress Theme Brikk versions = 3.0.0...

5.8AI score0.00407EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/21 7:30 p.m.5 views

CVE-2025-68043

Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through = 3.0.0...

7.3CVSS5.5AI score0.00588EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/06 11:17 p.m.10 views

WordPress Viitor Button Shortcodes plugin <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'link' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin Viitor Button Shortcodes versions = 3.0.0...

6.4CVSS5.5AI score0.00187EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/01 10:6 a.m.5 views

WordPress Hope theme <= 3.0.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Hope versions = 3.0.0...

8.1CVSS7.1AI score0.00412EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/28 12:0 a.m.7 views

PT-2025-53650

Name of the Vulnerable Software and Affected Versions joey-zhou xiaozhi-esp32-server-java versions up to 3.0.0 Description A flaw exists in the Cookie Handler component’s tryAuthenticateWithCookies function within the AuthenticationInterceptor.java file. Manipulation of this function can result i...

6.5CVSS6.4AI score0.00289EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2025/12/12 9:31 p.m.8 views

Vuetify has a Prototype Pollution vulnerability

The Preset configuration feature of Vuetify is vulnerable to Prototype Pollution due to the internal 'mergeDeep' utility function used to merge options with defaults. Using a specially-crafted, malicious preset can result in polluting all JavaScript objects with arbitrary properties, which can...

8.6CVSS6.8AI score0.00281EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/12 7:29 p.m.3 views

CVE-2025-8083 Vuetify Prototype Pollution via Preset options

The Preset configuration https://v2.vuetifyjs.com/en/features/presets feature of Vuetify is vulnerable to Prototype Pollution https://cheatsheetseries.owasp.org/cheatsheets/PrototypePollutionPreventionCheatSheet.html due to the internal 'mergeDeep' utility function used to merge options with...

8.6CVSS6.4AI score0.00281EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/13 12:0 a.m.7 views

PT-2025-46798

Cross-Site Request Forgery CSRF vulnerability in ramon fincken Auto Prune Posts auto-prune-posts allows Cross Site Request Forgery.This issue affects Auto Prune Posts: from n/a through = 3.0.0...

6.9AI score0.00116EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/24 2:33 p.m.5 views

CVE-2025-60220

Incorrect Privilege Assignment vulnerability in pebas CouponXxL couponxxl allows Privilege Escalation.This issue affects CouponXxL: from n/a through = 3.0.0...

9.8CVSS7AI score0.00412EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-21089

Malware in sbrugna...

7.5CVSS7.5AI score0.00338EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/10/06 11:33 a.m.8 views

WordPress Table Block by RioVizual plugin <= 3.0.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by n0arafatn0 in WordPress Plugin Table Block by RioVizual versions = 3.0.0...

8.8CVSS7AI score0.00218EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-30464

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00531EPSS
Exploits0References1
OSV
OSV
added 2025/09/25 4:15 p.m.5 views

CVE-2025-10953

A security vulnerability has been detected in UTT 1200GW and 1250GW up to 3.0.0-170831/3.2.2-200710. This vulnerability affects unknown code of the file /goform/formApMail. The manipulation of the argument senderEmail leads to buffer overflow. The attack may be initiated remotely. The exploit has...

8.7CVSS6.2AI score0.0441EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2015-10005

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/htmlre.js. The...

7.5CVSS5AI score0.00946EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/20 7:26 a.m.3 views

CVE-2025-9225 Cross-site scripting (XSS) in MiR robots and MiR fleet

Stored cross-site scripting XSS in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim’s browser...

5.5CVSS6.1AI score0.0024EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.5 views

PT-2025-33906 · Mir · Mir

Name of the Vulnerable Software and Affected Versions: MiR software versions prior to 3.0.0 Description: Stored cross-site scripting in the web interface allows execution of arbitrary JavaScript code in a victim’s browser. Recommendations: Update MiR software to version 3.0.0 or later...

5.5CVSS6.2AI score0.0024EPSS
Exploits0References5
Rows per page
Query Builder