Lucene search
K

64 matches found

EUVD
EUVD
added 5 days ago5 views

EUVD-2026-39712

Subscriber Arbitrary File Upload in Quform = 2.23.0 versions...

9.9CVSS5.8AI score0.00362EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 9:38 p.m.22 views

CVE-2026-48783 Postiz has an unauthenticated billing-enforcement bypass via /public/modify-subscription

Postiz is an AI social media scheduling tool. Versions prior to 2.21.8 contained an unauthenticated endpoint that accepted a signed token and applied subscription-enforcement side effects to the organization referenced in that token's claims, without verifying the token's intended purpose. The...

4.8CVSS0.0017EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/06/16 6:59 p.m.4 views

NPM: n8n: NoSQL Injection in MongoDB Node Find And Replace Operation

NPM: n8n: NoSQL Injection in MongoDB Node Find And Replace Operation vulnerability discovered by ? in WordPress Npm n8n versions 2.24.0...

7.7CVSS5.9AI score0.0026EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-50169

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.24.0 Description An endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or Content-Security-Policy headers. This allows for reflected Cross-Site...

7.6CVSS5.9AI score0.00177EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/02 9:43 a.m.11 views

CVE-2025-53209 WordPress Masteriyo LMS PRO plugin <= 2.20.0 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...

9.8CVSS5.8AI score0.00275EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 9:43 a.m.42 views

CVE-2025-53209 WordPress Masteriyo LMS PRO plugin <= 2.20.0 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...

9.8CVSS0.00275EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.7 views

WordPress plugin Masteriyo LMS PRO 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.8CVSS5.5AI score0.00275EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

WikidForum 跨站脚本漏洞

WikidForum is an open-source web-based forum management system developed by WikidForum. Version 2.20 of WikidForum has a cross-site scripting vulnerability. This vulnerability stems from the use of the replytext parameter to submit specially crafted HTML. As a result, authenticated attackers may...

5.4CVSS5.7AI score0.00215EPSS
Exploits0References4
OSV
OSV
added 2026/04/14 4:34 p.m.3 views

OPENSUSE-SU-2026:20579-1 Security update for gosec

This update for gosec fixes the following issues: Changes in gosec: - Update to version 2.25.0: choredeps: bump google.golang.org/grpc from 1.75.0 to 1.79.3 1617 fix: allow barry action to access secrets on fork PRs 1616 fix: reduce G117 false positives for custom marshalers and transformed value...

8.7CVSS5.9AI score0.0038EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/02 5:50 p.m.4 views

EUVD-2026-18462

Frappe Learning Management System LMS is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, Frappe LMS was vulnerable to stored XSS. This issue has been patched in version 2.48.0...

6.9CVSS5.8AI score0.00189EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/02 4:41 p.m.6 views

CVE-2026-34230

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.selectbestencoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by Rack::Deflater to choose a respon...

5.3CVSS5.7AI score0.0043EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/03/22 2:16 p.m.2 views

CVE-2019-25603

TuneClone 2.20 contains a structured exception handler SEH buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license code string. Attackers can craft a payload with a controlled buffer, NSEH jump instruction, and SEH handler address...

8.6CVSS0.00185EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/16 7:32 a.m.3 views

CVE-2026-4225

A security flaw has been discovered in CMS Made Simple up to 2.2.21. Impacted is an unknown function of the file admin/listusers.php of the component User Management Module. Performing a manipulation of the argument Message results in cross site scripting. The attack is possible to be carried out...

4.8CVSS4AI score0.00206EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/21 12:0 a.m.9 views

Lobster 安全漏洞

Lobster is a programming language developed by Wouter van Oortmerssen. Versions of Lobster prior to 2.25 contain security vulnerabilities, which stem from uncontrolled recursion in the lobster::TypeName function...

5.5CVSS5.8AI score0.0018EPSS
Exploits1References10
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.6 views

IPFire 跨站脚本漏洞

IPFire is an open-source Linux distribution developed by the IPFire organization. It is primarily used as a router and firewall. Version 127 of IPFire 2.21 contains a cross-site scripting vulnerability. This vulnerability stems from insufficient input validation of the MAXDISKUSAGE or...

6.1CVSS5.6AI score0.00242EPSS
Exploits1References4
Fedora
Fedora
added 2026/02/11 1:0 a.m.5 views

[SECURITY] Fedora 42 Update: rust-onefetch-2.26.1-7.fc42

Command-line Git information tool...

7.5CVSS5.4AI score0.00443EPSS
Exploits1
NVD
NVD
added 2026/02/09 8:15 p.m.5 views

CVE-2026-25478

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, CORSConfig.allowedoriginsregex is constructed using a regex built from configured allowlist values and used with fullmatch for validation. Because metacharacters are not escaped, a malicious origin can match...

7.4CVSS0.00383EPSS
Exploits1References4
CVE
CVE
added 2026/02/09 6:48 p.m.15 views

CVE-2026-25479

Litestar is an ASGI framework. Prior to 2.20.0, litestar.middleware.allowed_hosts compiles allowlist entries into regex patterns in a way that lets regex metacharacters retain special meaning (e.g., . matches any character). This can enable a bypass where a host that matches the regex is not the ...

6.5CVSS5.5AI score0.00316EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.6 views

PT-2026-7135

Name of the Vulnerable Software and Affected Versions Litestar versions prior to 2.20.0 Description Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to version 2.20.0, the CORS origin validation process can be bypassed. This occurs because the allowed-origins allowlist i...

7.4CVSS5.3AI score0.00383EPSS
Exploits1References12
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.7 views

Litestar 安全漏洞

Litestar is a powerful, flexible, yet stubbornly opinionated ASGI framework developed by Litestar itself. Versions of Litestar prior to 2.20.0 contained security vulnerabilities, which stemmed from improper compilation of allowlist entries, potentially allowing bypasses of hostname verification...

6.5CVSS5.8AI score0.00316EPSS
Exploits1References5
Rows per page
Query Builder