Lucene search
K

230 matches found

EUVD
EUVD
added 4 hours ago5 views

EUVD-2026-43317

A weakness has been identified in Shibby Tomato up to 1.28.0000. This affects the function sub2D048 of the component CIFS Mount Handler. Executing a manipulation of the argument cifs1/cifs2 can lead to os command injection. The attack can be executed remotely. The exploit has been made available ...

6.5CVSS6.4AI score
Exploits0References6
Patchstack
Patchstack
added 5 days ago3 views

WordPress Event Tickets plugin <= 5.28.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by dunvu0 in WordPress Plugin Event Tickets versions = 5.28.5...

7.5CVSS6.1AI score
Exploits0Affected Software1
OSV
OSV
added 2026/07/03 1:33 p.m.4 views

MINI-28V3-CW2X-VH27

Bulletin has no description...

6.1CVSS5.9AI score0.00178EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/07/01 8:35 p.m.4 views

CVE-2026-58263

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in clean-html sanitizer can be bypassed by a MathML/...

7.2CVSS5.8AI score0.00179EPSS
Exploits0References2Affected Software1
Wolfi
Wolfi
added 2026/07/01 2:16 p.m.6 views

GHSA-28RC-F27X-5QWC vulnerabilities

Vulnerabilities for packages: chromium...

5.8AI score
Exploits0
NVD
NVD
added 2026/06/29 4:16 p.m.10 views

CVE-2026-13742

Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An attacker could potentially exploit this vulnerability, leading to the replacement of downloaded file with a malicious one. Honeywell also recommends...

5.8CVSS0.00083EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/29 3:19 p.m.6 views

EUVD-2026-40126

Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An attacker could potentially exploit this vulnerability, leading to the replacement of downloaded file with a malicious one. Honeywell also recommends...

5.8CVSS5.8AI score0.00083EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/29 5:34 a.m.6 views

EUVD-2025-210367

Lack of validation for firmware update in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28. This issue affects Hitachi Virtual Storage Platform One Block 23, 24, 26, 28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00...

3.7CVSS5.8AI score0.00083EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 5:34 a.m.10 views

CVE-2025-0824

CVE-2025-0824 describes a vulnerability in the firmware update process of Hitachi Virtual Storage Platform One Block models 23, 24, 26, and 28 (pre-DKCMAIN A3-04-21-40/00, pre-ESM A3-04-21/00) where input/firmware update validation is insufficient. The underlying issue is lack of validation for f...

3.7CVSS5.8AI score0.00083EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/29 5:34 a.m.34 views

CVE-2025-0824 lack of validation for firmware update in Hitachi Virtual Storage

Lack of validation for firmware update in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28. This issue affects Hitachi Virtual Storage Platform One Block 23, 24, 26, 28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00...

3.7CVSS0.00083EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 5:34 a.m.6 views

CVE-2025-0824

Lack of validation for firmware update in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28. This issue affects Hitachi Virtual Storage Platform One Block 23, 24, 26, 28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00...

3.7CVSS5.8AI score0.00083EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:17 p.m.13 views

CVE-2026-49775

Unauthenticated Broken Access Control in Welcart e-Commerce = 2.11.28 versions...

6.5CVSS0.00191EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.18 views

PT-2026-49451

Subscriber Sensitive Data Exposure in Contest Gallery = 28.1.7 versions...

6.5CVSS5.2AI score0.00345EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 7:49 a.m.29 views

CVE-2026-11616

The CVE pertains to the WordPress plugin Events Calendar for GeoDirectory, affected in versions up to and including 2.3.28. The root cause is an ajax_ayi_action() path that applies strip_tags(esc_sql()) without an allow-list to attacker-controlled POST values, forwarding them to update_ayi_data()...

8.8CVSS5.5AI score0.00275EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.10 views

CVE-2025-9661

OS command injection vulneravility in the management gui maintenance utility of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28. This issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00...

9.8CVSS5.5AI score0.009EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 10:16 p.m.12 views

CVE-2026-42547

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...

5.4CVSS0.00174EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/04 9:8 p.m.12 views

EUVD-2026-34330

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...

5.4CVSS5.8AI score0.00174EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 8:57 p.m.32 views

CVE-2026-42540 IRIS has a Mass Assignment issue

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...

4.3CVSS0.00183EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 8:57 p.m.10 views

EUVD-2026-34328

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...

4.3CVSS5.8AI score0.00183EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 7:31 p.m.9 views

EUVD-2026-34320

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...

7.1CVSS5.9AI score0.00246EPSS
Exploits0References1
Rows per page
Query Builder