Lucene search
K

120 matches found

EUVD
EUVD
added 6 days ago4 views

EUVD-2026-39778

Mattermost Plugins versions =11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries...

6.8CVSS5.8AI score0.00325EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/18 12:11 a.m.13 views

CVE-2026-12569 Remote Code Execution (RCE) vulnerability in Windchill PDMlink

A critical remote code execution RCE vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This advisory also applies to all CPS versions The identified vulnerability also impacts Windchill and...

9.3CVSS6.3AI score0.01106EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 9:30 p.m.7 views

EUVD-2026-36990

Unauthenticated Cross Site Scripting XSS in Quiz And Survey Master = 11.0.0 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.9 views

CVE-2026-2988

The Blubrry PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'powerpress' and 'podcast' shortcodes in versions up to, and including, 11.15.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00205EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 1:10 p.m.19 views

CVE-2026-6053

IBM Db2 is affected by CVE-2026-6053: denial of service when a specially crafted query runs against range-partitioned tables. Affected: Db2 Server 11.5.0–11.5.9 and 12.1.0–12.1.4. CVSS v3.1 base score 5.5 (LOCAL attack, low complexity, high impact on availability). Root cause: CWE-770 (unbounded ...

5.5CVSS5.8AI score0.00098EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/12 10:24 p.m.8 views

CVE-2026-1250 Court Reservation – Manage Your Court Bookings Online <= 1.10.11 - Unauthenticated SQL Injection

The Court Reservation – Manage Your Court Bookings Online plugin for WordPress is vulnerable to generic SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.10.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

7.5CVSS5.9AI score0.00273EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 11:2 a.m.10 views

CVE-2026-45218 WordPress WP Travel plugin <= 11.4.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Travel WP Travel wp-travel allows Blind SQL Injection.This issue affects WP Travel: from n/a through = 11.4.0...

7.7CVSS5.8AI score0.00209EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/23 9:45 a.m.7 views

WordPress Quiz And Survey Master plugin <= 11.0.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jakub Herman in WordPress Plugin Quiz And Survey Master versions = 11.0.0...

5.1AI score0.00175EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2026/04/08 10:29 p.m.22 views

RCE (Remote Code Execution) org.yaml:snakeyaml Dependency in Jira Service Management Data Center

This is a vulnerability in a non-Atlassian Jira Service Management dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity RCE Remote Code Execution vulnerability was introduced in versions 11.3.3 of Jira Service Management Data...

9.8CVSS7.5AI score0.99615EPSS
Exploits7
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.11 views

MariaDB Server 安全漏洞

MariaDB Server is an open-source relational database system developed by MariaDB. Vulnerabilities existed in versions prior to 11.4.10, as well as in versions 11.5.x to 11.8.x, up to 11.8.6, and 12.x up to 12.2.2. These vulnerabilities were due to a buffer overflow in the cachingsha2password...

6.5CVSS6AI score0.00256EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/30 12:0 a.m.11 views

Botan 数据伪造问题漏洞

Botan is a C++ encryption library developed by Jack Lloyd as an individual project. Versions of Botan from 3.0.0 to 3.11.0 had a data manipulation vulnerability, which stemmed from the lack of signature verification for OCSP responses during the X509 path validation process...

5.9CVSS5.7AI score0.00154EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/26 6:31 p.m.5 views

Mattermost doesn't set permissions on downloaded bulk export

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to set permissions on downloaded bulk export which allows other local users on the server to be able to read contents of the bulk export. Mattermost Advisory ID: MMSA-2026-00593...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/26 4:19 p.m.26 views

CVE-2026-3116 Improper Input Validation in Zoom Plugin Webhook Handler

Mattermost Plugins versions =11.4 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to validate incoming request size which allows an authenticated attacker to cause service disruption via the webhook endpoint. Mattermost Advisory ID: MMSA-2026-00589...

4.9CVSS0.00344EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.8 views

jsrsasign 安全漏洞

jsrsasign is a signature verification library developed by Kenji Urushima. Versions of jsrsasign from 7.0.0 to 11.1.1 contained security vulnerabilities. These vulnerabilities stemmed from incomplete comparisons in the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions located...

9.3CVSS5.8AI score0.00476EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/17 11:16 p.m.31 views

CVE-2026-25937 GLPI has a MFA bypass

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue...

6.5CVSS0.00292EPSS
Exploits0References1
OSV
OSV
added 2026/02/16 10:16 a.m.5 views

CVE-2026-0999

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...

4.3CVSS5.5AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/24 3:18 p.m.9 views

CVE-2026-24568

Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through = 11.1.0...

5.3CVSS5.9AI score0.00214EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/23 2:28 p.m.29 views

CVE-2026-24568 WordPress WP Travel plugin <= 11.1.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through = 11.1.0...

5.3CVSS0.00214EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.5 views

PT-2026-4410

Name of the Vulnerable Software and Affected Versions WP Travel versions through 11.0.0 Description An authorization issue exists in WP Travel. The vulnerability allows exploitation of incorrectly configured access control security levels. Recommendations Update WP Travel to a version later than...

5.3AI score0.00214EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/15 4:25 p.m.4 views

CVE-2025-66417 GLPI has an unauthenticated SQL injection through the inventory endpoint

GLPI is a free asset and IT management software package. From 11.0.0, 11.0.3, an unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 11.0.3...

7.5CVSS7.6AI score0.00436EPSS
Exploits1References1
Rows per page
Query Builder