Lucene search
K

36 matches found

CVE
CVE
added last week45 views

CVE-2026-44020

Docling (USPTO patent XML parsers in the Docling stack) contains an XXE vulnerability in the XML parser used by the USPTO patent formats. From 2.13.0 through 2.74.0, the USPTO patent XML parser used xml.sax.parseString() without protections against external entity references, enabling attackers t...

9.4CVSS6AI score0.00334EPSS
Exploits0References4Affected Software1
Circl
Circl
added 2026/05/11 6:0 a.m.9 views

CVE-2026-8274

creationtimestamp| type| source ---|---|--- 2026-05-11 06:00:30+00:00| seen| https://infosec.exchange/users/offseq/statuses/116554414807477280 2026-05-11 06:00:32+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mlklvhdkzv23 2026-05-11 07:01:13+00:00| seen|...

5.3CVSS6AI score0.00173EPSS
Exploits0References3
OSV
OSV
added 2026/05/01 5:50 p.m.5 views

JLSEC-2026-379

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...

2.9CVSS7.1AI score0.0017EPSS
Exploits0References1
Circl
Circl
added 2026/04/14 1:10 p.m.2 views

CVE-2026-27456

creationtimestamp| type| source ---|---|--- 2026-04-14 13:10:07+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mjhhcqfm6j26 2026-06-03 23:46:41+00:00| seen| https://gist.github.com/C4sh3R/1f99346b1086e7d358ff1be8f5be7a42...

4.7CVSS5.7AI score0.00118EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/23 8:15 p.m.5 views

CVE-2026-4597

A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. Impacted is the function selectAll of the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyProvider.java of the component Stream Proxy Query Handler. The manipulation results in sql injection...

6.5CVSS6.3AI score0.00192EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.7 views

PT-2026-26639

Name of the Vulnerable Software and Affected Versions QVR Pro versions prior to 2.7.4.14 Description QVR Pro is affected by a missing authentication check for critical functions, allowing remote attackers to gain access to the system. The issue allows attackers to bypass authentication and access...

9.8CVSS7.5AI score0.00683EPSS
Exploits0References10
OPENSUSE Linux
OPENSUSE Linux
added 2026/02/05 12:0 a.m.3 views

expat-2.7.4-1.1 on GA media (moderate)

expat-2.7.4-1.1 on GA media Announcement ID: openSUSE-SU-2026:10144-1 Rating: moderate Cross-References: CVE-2026-24515 CVE-2026-25210 CVSS scores: CVE-2026-24515 SUSE : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2026-24515 SUSE : 6.8...

7.3CVSS5.4AI score0.00193EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/01/23 7:46 a.m.5 views

CVE-2026-24515

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...

2.9CVSS7.8AI score0.0017EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.7 views

PT-2026-4076

Name of the Vulnerable Software and Affected Versions Ninja Team GDPR CCPA Compliance Support versions through 2.7.4 Description A missing authorization issue exists in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance, allowing exploitation of incorrectly configured access control...

5.3AI score0.00269EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.2 views

WordPress plugin WP Abstracts 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

7.5CVSS6.7AI score0.0042EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-30574

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.0019EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/24 6:31 p.m.4 views

CVE-2025-58231

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bitlydeveloper Bitly wp-bitly allows Stored XSS.This issue affects Bitly: from n/a through = 2.8.0...

6.5CVSS5.9AI score0.0019EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.2 views

WordPress plugin Bitly 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

6.5CVSS5.8AI score0.0019EPSS
Exploits0References1
OSV
OSV
added 2025/08/04 7:58 p.m.6 views

CLSA-2025-1754337533 Update of nss

update to CKBI 2.74 from NSS 3.110 - updated certificates: - Certificate "Entrust.net Premium 2048 Secure Server CA" - Certificate "Entrust Root Certification Authority" - Certificate "AffirmTrust Commercial" - Certificate "AffirmTrust Networking" - Certificate "AffirmTrust Premium" - Certificate...

5.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:52 a.m.5 views

CVE-2023-22055

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.7.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...

6.1CVSS5.5AI score0.00327EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:17 a.m.8 views

CVE-2023-38382

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category allows SQL Injection.This issue affects Subscribe to Category: from n/a through 2.7.4...

9.8CVSS8.9AI score0.00585EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:34 p.m.6 views

CVE-2021-32742

Vapor is a web framework for Swift. In versions 4.47.1 and prior, bug in the Data.initbase32Encoded: function opens up the potential for exposing server memory and/or crashing the server Denial of Service for applications where untrusted data can end up in said function. Vapor does not currently...

9.1CVSS6.8AI score0.01199EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/07 12:0 a.m.2 views

WordPress plugin Widget Countdown 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6.7AI score0.00215EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/03/04 1:1 a.m.3 views

WordPress WP Click Info plugin <= 2.7.4 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin WP Click Info versions = 2.7.4...

7.1CVSS6.4AI score0.00253EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2024/11/07 10:41 p.m.4 views

WordPress myCred plugin <= 2.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin myCred versions = 2.7.4...

6.4CVSS5.7AI score0.00314EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder