Lucene search
K

506 matches found

NVD
NVD
added 5 hours ago4 views

CVE-2026-57803

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Struktur Core struktur-core allows PHP Local File Inclusion.This issue affects Struktur Core: from n/a through = 2.5.1...

7.5CVSS
Exploits0References1
Cvelist
Cvelist
added 7 hours ago6 views

CVE-2026-57744 WordPress RT-Theme 18 | Extensions plugin <= 2.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Object Injection.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...

9.8CVSS
Exploits0References1
Cvelist
Cvelist
added 7 hours ago4 views

CVE-2026-57745 WordPress RT-Theme 18 | Extensions plugin <= 2.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Reflected XSS.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...

7.1CVSS
Exploits0References1
CVE
CVE
added 7 hours ago11 views

CVE-2026-57745

CVE-2026-57745 concerns a Reflected Cross-Site Scripting vulnerability in the WordPress RT-Theme 18 Extensions (rt18-extensions) plugin, affecting version &lt;= 2.5. The issue is described as improper neutralization of input during web page generation, enabling reflected XSS. Affected product/com...

7.1CVSS6.1AI score
Exploits0References1
Patchstack
Patchstack
added 2026/07/06 2:10 p.m.4 views

WordPress RT-Theme 18 | Extensions plugin <= 2.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Plugin RT-Theme 18 | Extensions versions = 2.5...

8.1CVSS5.9AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/06 1:55 p.m.5 views

WordPress RT-Theme 18 | Extensions plugin <= 2.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin RT-Theme 18 | Extensions versions = 2.5...

7.1CVSS5.9AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/02 3:24 p.m.7 views

WordPress Struktur Core plugin <= 2.5.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Struktur Core versions = 2.5.1...

7.5CVSS5.9AI score
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/30 3:47 p.m.7 views

Important: Red Hat Security Advisory: ruby:2.5 security update

An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.6CVSS5.8AI score0.00813EPSS
Exploits0References3
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-54832

Unauthenticated Broken Access Control in Gutenverse Companion = 2.5.0 versions...

7.5CVSS0.00238EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/26 1:16 p.m.8 views

WordPress WP Job Portal plugin <= 2.5.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hhhai in WordPress Plugin WP Job Portal versions = 2.5.2...

8.5CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/25 6:52 p.m.6 views

EUVD-2026-38387

MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies...

9.1CVSS5.8AI score0.00236EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:16 p.m.6 views

CVE-2026-48510

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, when MessagePack-CSharp decompresses Lz4Block or Lz4BlockArray payloads, it reads declared uncompressed lengths from the wire and allocates output buffers based on those lengths before validating that the compressed...

7.5CVSS5.9AI score0.00236EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/17 2:23 p.m.8 views

WordPress Gutenverse Companion plugin <= 2.5.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by mxym in WordPress Plugin Gutenverse Companion versions = 2.5.0...

7.5CVSS5.8AI score0.00238EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/06/16 9:17 p.m.24 views

CVE-2026-48055

Streambert (Electron-based desktop app) has a Zip Slip vulnerability in its subtitle extraction logic affecting versions up to 2.4.0. The code concatenates raw archive entry names to a temporary directory, enabling path traversal and arbitrary file writes if a malicious ZIP with traversal sequenc...

10CVSS5.4AI score0.00621EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 8:19 p.m.10 views

EUVD-2026-36855

Subscriber Cross Site Scripting XSS in WP Job Portal = 2.5.2 versions...

6.5CVSS5.1AI score0.00205EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 10:7 a.m.20 views

RHSA-2026:24761 Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update

Bulletin has no description...

7.8CVSS6.3AI score0.02907EPSS
Exploits10References112
EUVD
EUVD
added 2026/06/08 12:6 p.m.12 views

EUVD-2026-35053

Improper neutralization of HTML-encoded characters in the URL validation function in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an authenticated user to bypass URL validation and inject malicious URLs such as javascript: URIs, resulting in cross-site scripting when another...

8.5CVSS5.2AI score0.0014EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/06 4:28 a.m.9 views

CVE-2026-9016 Debug Log Manager <= 2.5.0 - Unauthenticated Improper Output Neutralization for Logs via log_js_errors AJAX Action

The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable to Improper Output Neutralization for Logs in all versions up to, and including, 2.5.0. This is due to the logjserrors AJAX handler being registered for unauthenticated users via...

5.3CVSS5.6AI score0.00261EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.9 views

CVE-2026-41498

Kimai is an open-source time tracking application. Prior to version 2.54.0, the Team API endpoints use IsGranted'editteam' instead of IsGranted'edit', 'team', causing Symfony TeamVoter to abstain from voting. This removes entity-level ownership checks on team operations, allowing any user with th...

3.3CVSS5.4AI score0.00247EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.10 views

CVE-2026-5998

A flaw has been found in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects the function dispatch of the file agent/memory/service.py of the component API Memory Content Endpoint. This manipulation of the argument filename causes path traversal. The attack can be initiated remotely. Th...

6.9CVSS5.4AI score0.00632EPSS
Exploits0References1
Rows per page
Query Builder