Lucene search
+L

12 matches found

OSV
OSV
added 3 days ago4 views

CVE-2026-49476 Soup Sieve: Memory Exhaustion via Large Comma-Separated Selector Lists in soupsieve

Soup Sieve is a CSS selector library designed to be used with Beautiful Soup 4. Prior to 2.8.4, the CSS selector parser in soupsieve allocates unbounded memory when compiling large comma-separated selector lists, allowing an attacker who can supply a crafted selector string to soupsieve.compile o...

7.5CVSS6.1AI score0.00601EPSS
Exploits0References5
CVE
CVE
added 3 days ago15 views

CVE-2026-49477

Soup Sieve (CSS selector engine used by Beautiful Soup 4) Before 2.8.4 contains a regular-expression backtracking bug in soupsieve/css_parser.py (VALUE pattern) that enables catastrophic backtracking on unterminated quoted attribute values, causing CPU exhaustion and potential DoS when compiling ...

7.5CVSS6.1AI score0.00601EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/05/01 9:14 a.m.8 views

WordPress XT Floating Cart for WooCommerce plugin <= 2.8.4 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin XT Floating Cart for WooCommerce versions = 2.8.4...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.10 views

PT-2026-20281

The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the save frontend event submission function accepting a user-controlled event id parameter and updating the...

4.3CVSS5.5AI score0.00281EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/23 1:5 a.m.8 views

CVE-2022-28444

UCMS v1.6 was discovered to contain an arbitrary file read vulnerability...

7.5CVSS7.4AI score0.01505EPSS
Exploits1References1
OSV
OSV
added 2025/03/30 6:15 a.m.8 views

AZL-59334 CVE-2025-1734 affecting package php for versions less than 8.3.19-1

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when receiving headers from HTTP server, the headers missing a colon : are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers...

6.3CVSS6.7AI score0.00481EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/02 12:0 a.m.5 views

PT-2025-2473 · WordPress · Wp Mobile Menu

Name of the Vulnerable Software and Affected Versions: WP Mobile Menu versions n/a through 2.8.4.3 Description: A Cross-Site Request Forgery CSRF issue affects the WP Mobile Menu, allowing unauthorized actions to be performed on behalf of a user without their knowledge. Recommendations: For...

4.3CVSS7AI score0.0018EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/09/12 12:0 a.m.4 views

WordPress plugin Crayon Syntax Highlighter Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

6.4CVSS7.1AI score0.00316EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/12/12 12:0 a.m.5 views

WordPress plugin Welcart e-Commerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

5.4CVSS5.4AI score0.00468EPSS
Exploits2References2
Debian CVE
Debian CVE
added 2022/12/06 12:0 a.m.3 views

CVE-2022-41910

TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We hav...

9.1CVSS6.9AI score0.00401EPSS
Exploits0
Circl
Circl
added 2022/04/22 12:33 a.m.5 views

CVE-2022-28438

creationtimestamp| type| source ---|---|--- 2022-04-22 00:33:09+00:00| seen| https://t.me/cibsecurity/41287...

9.8CVSS8.7AI score0.0122EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2015/04/28 12:0 a.m.10 views

Vulnerabilities of the Red Hat Enterprise Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

Multiple vulnerabilities exist in the lynx-2.8.4 package of the Red Hat Enterprise Linux operating system. Exploitation of these vulnerabilities may lead to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

10CVSS7.1AI score0.0506EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder