Lucene search
+L

238 matches found

EUVD
EUVD
added 2026/06/26 3:32 p.m.7 views

EUVD-2025-210361

Contributor Cross Site Scripting XSS in BNE Testimonials = 2.0.8 versions...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/26 1:57 p.m.8 views

WordPress BNE Testimonials plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin BNE Testimonials versions = 2.0.8...

6.5CVSS5.8AI score0.00161EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/06/23 5:18 p.m.4 views

CVE-2026-49411 Deno Node TCPWrap numeric hostname aliases bypass --deny-net resolved-IP deny checks

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.0, the Node.js compatibility TCP path checked the permission against the original hostname string before resolution and then did not re-check after resolution. A caller could therefore pass a numeric alias of an IP address fo...

6.5CVSS6AI score0.00111EPSS
Exploits1References3
CVE
CVE
added 2026/06/22 4:52 p.m.52 views

CVE-2026-54285

Opentelemetry-js (OpenTelemetry JavaScript client) is affected by CVE-2026-54285 through the W3CBaggagePropagator.extract() path in @opentelemetry/core prior to 2.8.0, where inbound baggage headers were not capped and could trigger memory allocation proportional to header size. The issue is fixed...

5.3CVSS5.9AI score0.00238EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/21 3:45 p.m.37 views

CVE-2026-56404

libexpat before 2.8.2 has an integer overflow in addBinding...

6.9CVSS0.00102EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 6:17 a.m.15 views

CVE-2026-56131

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur similar to the CVE-2026-50219 situation...

4.9CVSS0.00135EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/19 3:0 a.m.7 views

CVE-2026-56132

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers...

6.9CVSS6AI score0.00107EPSS
Exploits0
OSV
OSV
added 2026/06/19 2:56 a.m.2 views

CVE-2026-56131

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur similar to the CVE-2026-50219 situation...

4.9CVSS5.9AI score0.00135EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 1:19 p.m.9 views

CVE-2025-69107

Unauthenticated Local File Inclusion in Rosaleen = 2.8 versions...

8.1CVSS0.00435EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:56 p.m.25 views

CVE-2025-69107 WordPress Rosaleen theme <= 2.8 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Rosaleen = 2.8 versions...

8.1CVSS0.00435EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 9:2 p.m.10 views

CVE-2026-47120 Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks no ownership check. This issue has been patched in version 2.0.8...

7.1CVSS5.2AI score0.00261EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 9:2 p.m.14 views

CVE-2026-46717 Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notification

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, nezha's dashboard supports two user roles: RoleAdmin Role==0 and RoleMember Role==1. The notification routes POST /api/v1/notification and PATCH...

7.7CVSS5.2AI score0.0027EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/08 3:6 p.m.11 views

WordPress RomanCart Ecommerce plugin <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin RomanCart Ecommerce versions = 2.0.8...

6.4CVSS5.4AI score0.00192EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.14 views

CVE-2026-5831

A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impacts an unknown function of the file src/mcp/server/handlers.ts of the component terminalexecute. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. Upgrading ...

6.5CVSS6.1AI score0.0111EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.12 views

libexpat 资源管理错误漏洞

libexpat is a streaming XML parser written in C language by the libexpat team. Versions of libexpat prior to 2.8.2 contained a resource management vulnerability. This vulnerability stemmed from insufficient deep tracking during the processing of policy violations, where calls to functions such as...

5.9CVSS5.3AI score0.00218EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.14 views

PT-2026-44943

Name of the Vulnerable Software and Affected Versions Shopper versions prior to 2.8.0 Description Sub-form Livewire components within the product editor—specifically those handling Edit, Inventory, Seo, Shipping, and Files—lack authorization on their store method. This allows any authenticated...

6.5CVSS5.6AI score0.00221EPSS
Exploits0References7
OSV
OSV
added 2026/05/26 8:22 p.m.3 views

CVE-2026-42336 MaxKB: SSRF Bypass via DNS Rebinding in MaxKB OSS URL Fetch

MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a server-side request forgery SSRF bypass in the OSS file service URL fetch functionality due to inconsistent DNS resolution between validation and actual request execution, allowing attackers to access...

5.1CVSS6AI score0.00187EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/05/26 5:42 a.m.12 views

WordPress Rosaleen theme <= 2.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Rosaleen versions = 2.8...

5.8AI score0.00435EPSS
Exploits0Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free remote desktop protocol library and client. All FreeRDP-based clients that use the /video command-line switch may read uninitialized data, interpret it as audio/video, and display the result. Server implementations based on FreeRDP are not affected by this issue. This issue has...

7.5CVSS6.1AI score0.00985EPSS
Exploits0References2
OSV
OSV
added 2026/05/15 2:0 p.m.12 views

OESA-2026-2293 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.CVE-2026-41080...

7.5CVSS5.8AI score0.00398EPSS
Exploits0References2
Rows per page
Query Builder