Lucene search
K

327 matches found

AlpineLinux
AlpineLinux
added 3 days ago4 views

CVE-2026-58374

In hostapd before 2.12, a missing bounds check in AP-mode Wi-Fi 7 IEEE 802.11be Multi-Link Operation MLO association request processing allows an unauthenticated attacker within wireless range to send a crafted management frame containing a malformed Multi-Link Element or Per-STA Profile...

7.1CVSS5.7AI score0.00282EPSS
Exploits0References5
NVD
NVD
added 2026/06/26 3:16 p.m.5 views

CVE-2026-57323

Unauthenticated Broken Access Control in Flash & HTML5 Video = 2.11.0 versions...

5.8CVSS0.00228EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 6:49 a.m.9 views

EUVD-2026-38714

The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2.11.4. This is due to a chain of three logic bugs: 1 an MD5 hash fallback in getdirectorybyhash that allows any post to be used as a member directory ...

8.8CVSS5.9AI score0.00499EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/23 6:31 p.m.7 views

EUVD-2025-210321

An issue in the timettodt component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

5.9AI score0.00482EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 6:31 p.m.6 views

EUVD-2025-210315

An issue in the sqlostripinjoin component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS5.9AI score0.00482EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 6:17 p.m.3 views

DEBIAN-CVE-2026-45135

Caddy is an extensible server platform that uses TLS by default. From 2.7.0 until 2.11.3, the FastCGI transport's splitPos in modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct fla...

8.1CVSS6.5AI score0.00399EPSS
Exploits1References1
OSV
OSV
added 2026/06/23 6:17 p.m.4 views

DEBIAN-CVE-2025-61024

An issue in the sqlotryinloop component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/23 5:55 p.m.5 views

CVE-2026-45692

Caddy is an extensible server platform that uses TLS by default. From 2.4.0 until 2.11.3, the authorization layer and the /config traversal layer do not agree on what object the path refers to. In this case, a path authorized for one config object is accepted, but then resolves to a different...

5.4CVSS5.9AI score0.00144EPSS
Exploits1
CVE
CVE
added 2026/06/23 5:52 p.m.9 views

CVE-2026-52845

Summary (CVE-2026-52845): Caddy 2.11.x contains a bypass in forward_auth copy_headers where, prior to 2.11.4, the exact client-supplied header was deleted but HTTP header names are later normalized to CGI variables, allowing an underscore alias to collide with a trusted header in FastCGI backends...

8.1CVSS5.9AI score0.00246EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/06/23 5:47 p.m.24 views

CVE-2026-52846

Summary: CVE-2026-52846 affects Caddy's stripHTML template function, which cannot reliably strip certain malformed HTML (e.g., <img src=x onerror=alert()>). This can bypass tag-stripping and may enable client-side XSS when untrusted strings are rendered as HTML. The issue originates in func...

4.2CVSS5.8AI score0.00153EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2026/06/23 5:47 p.m.5 views

CVE-2026-52846

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, Caddy’s stripHTML template function cannot reliably remove all HTML tags from input strings. Certain malformed HTML, such as img src=x onerror=alert, can bypass the tag-stripping logic, potentially leaving dangerous...

4.2CVSS5.8AI score0.00153EPSS
Exploits1
NVD
NVD
added 2026/06/23 5:16 p.m.5 views

CVE-2025-61025

An issue in the sslrqstget component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS0.0035EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:16 p.m.8 views

CVE-2025-61020

An issue in the sqlostripinjoin component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS0.00482EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/23 12:0 a.m.32 views

CVE-2025-61023

An issue in the stcompare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

0.00482EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 12:0 a.m.36 views

CVE-2025-61022

An issue in the sqlotbcolpreds component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

0.0035EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. This issue only affects clients. An integer underflow can lead to a Denial of Service DOS vulnerability, for example, an abort due to WINPRASSERT with default compilation flags. When an...

7.5CVSS6.8AI score0.01385EPSS
Exploits1References2
CVE
CVE
added 2026/06/17 9:50 a.m.8 views

CVE-2025-58954

CVE-2025-58954 affects the WordPress Theme HomeRoofer (

8.1CVSS5.2AI score0.00423EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.11 views

CVE-2026-49775

Unauthenticated Broken Access Control in Welcart e-Commerce = 2.11.28 versions...

6.5CVSS0.00191EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.5 views

CVE-2026-40762

Unauthenticated SQL Injection in WPGraphQL 2.11.1 versions...

7.5CVSS0.00251EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.19 views

CVE-2026-40762

The WPGraphQL WordPress plugin is affected by an unauthenticated SQL Injection in versions earlier than 2.11.1. The issue originates in WPGraphQL

7.5CVSS5.7AI score0.00251EPSS
Exploits0References1
Rows per page
Query Builder