Lucene search
K

574 matches found

Cvelist
Cvelist
added 2026/04/08 8:30 a.m.23 views

CVE-2026-39641 WordPress Blackfyre theme <= 2.5.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site Request Forgery.This issue affects Blackfyre: from n/a through = 2.5.4...

6.5CVSS0.00169EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.5 views

PT-2026-31441

Tophat is a mobile applications testing harness. Prior to 2.5.1, Tophat is affected by remote code execution via crafted tophat:// or http://localhost:29070 URLs. The arguments query parameter flows unsanitized from URL parsing through to /bin/bash -c execution, allowing an attacker to execute...

8.7CVSS6.7AI score0.00555EPSS
Exploits0References3
CVE
CVE
added 2026/04/07 8:57 a.m.12 views

CVE-2026-34903

The CVE-2026-34903 entry describes a Missing Authorization vulnerability in OceanWP Ocean Extra, affecting Ocean Extra up to version 2.5.3. The issue is categorized as a Broken Access Control with CVSS 3.1 base score 5.4 (Network, Low Privileges Required, No User Interaction, Confidentiality None...

5.4CVSS5.9AI score0.00293EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.9 views

CVE-2026-34405

Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in...

6.1CVSS5.9AI score0.00216EPSS
Exploits1References1
NVD
NVD
added 2026/03/31 10:16 p.m.6 views

CVE-2026-34405

Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in...

6.1CVSS0.00216EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/31 9:16 p.m.23 views

CVE-2026-34405 Nuxt OG Image vulnerable to reflected XSS via query parameter injection into HTML attributes

Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in...

6.1CVSS0.00216EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/31 9:16 p.m.11 views

EUVD-2026-17670

Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in...

6.1CVSS5.9AI score0.00216EPSS
Exploits1References1
OSV
OSV
added 2026/03/31 9:16 p.m.4 views

CVE-2026-34405 Nuxt OG Image vulnerable to reflected XSS via query parameter injection into HTML attributes

Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in...

6.1CVSS6AI score0.00216EPSS
Exploits1References3
CVE
CVE
added 2026/03/31 9:16 p.m.18 views

CVE-2026-34405

Summary: CVE-2026-34405 affects Nuxt OG Image. The vulnerable component (image-generation) is served at the URI /_og/d/ (and historically /og-image/) and can inject arbitrary HTML body attributes due to a flaw in Nuxt OG Image before version 6.2.5. Affected versions: prior to 6.2.5. Impact: poten...

6.1CVSS5.9AI score0.00216EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/03/31 9:16 p.m.7 views

EUVD-2026-17668

Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a Denial of Service DoS vulnerability. The issue arises because there is no restriction on the width and height...

6.9CVSS5.8AI score0.00324EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/31 9:16 p.m.24 views

CVE-2026-34404 Nuxt OG Image vulnerable to DoS via image generation

Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a Denial of Service DoS vulnerability. The issue arises because there is no restriction on the width and height...

6.9CVSS0.00324EPSS
Exploits0References1
CVE
CVE
added 2026/03/31 9:16 p.m.16 views

CVE-2026-34404

CVE-2026-34404 affects Nuxt OG Image. The vulnerability is in the image-generation component accessed via /_og/d/ (and older /og-image/), where unbounded width/height parameters allow a Denial of Service. Affected versions prior to 6.2.5 are exploitable; the issue has been patched in version 6.2....

7.5CVSS5.8AI score0.00324EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/31 12:0 a.m.6 views

RHEL 9 : python3.11 (RHSA-2026:6253)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6253 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

6CVSS7.1AI score0.0056EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.13 views

PT-2026-29371

Name of the Vulnerable Software and Affected Versions Nuxt OG Image versions prior to 6.2.5 Description The Nuxt OG Image package contains a flaw in the image-generation component accessible via the API endpoint / og/d/ and /og-image/ in older versions. This issue allows for the injection of...

6.1CVSS5.9AI score0.00216EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.4 views

CVE-2026-33954

LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...

6.5CVSS5.9AI score0.00318EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/28 12:30 p.m.4 views

EUVD-2025-209112

Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.0...

7CVSS5.9AI score0.00262EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/27 9:23 p.m.4 views

EUVD-2026-16870

LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...

6.5CVSS5.8AI score0.00318EPSS
Exploits1References1
CVE
CVE
added 2026/03/26 9:42 p.m.22 views

CVE-2026-33674

PrestaShop versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. The issue is addressed by a fix in 8.2.5 and 9.1.0; no public workarounds are listed. Upgrading to 8.2.5, 9.1.0, or newer versions is recommended. The available documents do not provide exploit details or in-the...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/26 9:42 p.m.4 views

CVE-2026-33674 PrestaShop: Improper Use of Validation Framework

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available...

2CVSS5.9AI score0.00237EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/26 9:41 p.m.3 views

CVE-2026-33673

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting stored XSS vulnerabilities in the BO. An attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability,...

7.6CVSS5.8AI score0.0027EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder