Lucene search
K

740 matches found

Nuclei
Nuclei
added yesterday15 views

Aquatronica Controller System <= 5.1.6 - Information Disclosure

Aquatronica Controller System firmware 5.1.6 and earlier and web interface 2.0 and earlier contain an information disclosure vulnerability caused by unauthenticated access to tcp.php endpoint, letting remote attackers retrieve sensitive configuration data including plaintext credentials, exploit...

9.3CVSS5.8AI score0.01443EPSS
Exploits1References4
CVE
CVE
added last week10 views

CVE-2026-54839

The CVE concerns the WordPress Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups plugin, affected

7.5CVSS5.8AI score0.00278EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux - Vulnerability in libjdom1-java, libjdom2-java

A XXE vulnerability exists in SAXBuilder in JDOM through version 2.0.6, allowing attackers to cause a denial of service through a crafted HTTP request...

7.5CVSS6.4AI score0.19442EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: EFI: Runtime: Avoid EFIv2 runtime services on Apple x86 machines Aditya reports that his recent MacBookPro crashes during firmware updates when variable services are used at runtime. The culprit seems to be a call to...

5.5CVSS5AI score0.00219EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.6 views

CVE-2026-39568

Unauthenticated Local File Inclusion in Mr. SEO = 2.0 versions...

8.1CVSS0.00423EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.7 views

EUVD-2026-37699

Unauthenticated Local File Inclusion in Kastell = 2.0 versions...

8.1CVSS5.2AI score0.00428EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.8 views

PT-2026-50105

Unauthenticated Local File Inclusion in Mr. SEO = 2.0 versions...

8.1CVSS5.2AI score0.00423EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:17 p.m.10 views

CVE-2026-52694

Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce = 2.0 versions...

7.5CVSS0.00238EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:19 p.m.8 views

EUVD-2026-36901

Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce = 2.0 versions...

7.5CVSS5.2AI score0.00238EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 2:16 p.m.12 views

CVE-2026-49111

Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0...

8.8CVSS0.00238EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49519

Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce = 2.0 versions...

7.5CVSS5.2AI score0.00238EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 9:3 p.m.9 views

EUVD-2026-36596

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.0.14, cross-site GET request can trigger stored cron commands on a victim's agents. This issue has been patched in version 2.0.14...

7.1CVSS5.1AI score0.00123EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/12 7:6 p.m.5 views

WordPress Page Builder: Pagelayer – Drag and Drop website builder plugin <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin PageLayer versions = 2.0.9...

6.4CVSS5.2AI score0.00155EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-47716

Name of the Vulnerable Software and Affected Versions Apache Answer versions prior to 2.0.1 Description The server fails to sufficiently validate user-supplied image URLs. This allows arbitrary external content to be embedded as profile images, potentially exposing users to unintended external...

6.5CVSS5.5AI score0.00403EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.9 views

CVE-2026-42611

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged with the ability to create a page user can cause XSS with the injection of svg element. The XSS can further be escalated to dump the entire system information available under /admin/config/info whenever a Super Admin visit...

8.9CVSS5.4AI score0.003EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/02 10:50 p.m.38 views

CVE-2026-35482 alf.io has an Authenticated RCE via Extension Script Sandbox Escape

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script engine allows an authenticated administrator to execute arbitrary operating system commands on the...

8CVSS0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 10:50 p.m.9 views

EUVD-2026-34050

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script engine allows an authenticated administrator to execute arbitrary operating system commands on the...

8CVSS6.1AI score0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/01 9:2 p.m.28 views

CVE-2026-49491 Pixa Bank 2.0 SQL Injection via agence-ajax.php API

Pixa Bank 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract sensitive data by injecting SQL code into the 'rib' parameter. Attackers can send POST requests to the agence-ajax.php endpoint with UNION-based SQL payloads to retrieve user information includi...

8.8CVSS0.00344EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/26 2:0 p.m.10 views

CVE-2026-9552

A security flaw has been discovered in Das Parking Management System 停车场管理系统 6.2.0. This vulnerability affects unknown code of the component Search API Endpoint. The manipulation of the argument Value results in sql injection. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS6.8AI score0.00318EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 10:5 p.m.18 views

CVE-2026-48837

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection. This issue affects Unlimited Elements For Elementor: from n/a through 2.0.8...

8.5CVSS5.8AI score0.00373EPSS
Exploits0References2
Rows per page
Query Builder