Lucene search
+L

711 matches found

osv
osv
added 3 days ago3 views

ROOT-OS-UBUNTU-2204-CVE-2026-23085 CVE-2026-23085 in rootio-linux - Patched by Root

Root has patched CVE-2026-23085 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

5.5CVSS5.4AI score0.00123EPSS
Exploits0
cve
cve
added 3 days ago7 views

CVE-2026-51105

CVE-2026-51105 affects aMULE-Project’s aMule 2.3.3. The root cause is a Buffer Overflow in the OP_SERVERMESSAGE Handler, enabling a remote attacker over the network with no user interaction to cause a denial of service. The CVSS indicates Network access, low complexity, no privileges, and a High ...

7.5CVSS6.1AI score0.00318EPSS
Exploits0References1
nvd
nvd
added 4 days ago3 views

CVE-2026-57391

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tangible Loops & Logic tangible-loops-and-logic allows Stored XSS.This issue affects Loops & Logic: from n/a through = 4.2.3...

6.5CVSS0.00168EPSS
Exploits0References1
cvelist
cvelist
added 4 days ago25 views

CVE-2026-57391 WordPress Loops & Logic plugin <= 4.2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tangible Loops & Logic tangible-loops-and-logic allows Stored XSS.This issue affects Loops & Logic: from n/a through = 4.2.3...

6.5CVSS0.00168EPSS
Exploits0References1
cvelist
cvelist
added 4 days ago31 views

CVE-2026-51541

OpENer 2.3.0 commit 76b95cf has an out-of-bounds read issue in CIP message parsing when handling malformed explicit requests with a forged EPath size. An attacker can send a valid ENIP SendRRData frame carrying a very short CIP payload whose pathsize field claims that many more path words are...

0.00379EPSS
Exploits0References2
cve
cve
added 6 days ago14 views

CVE-2026-11901

Affected software: WordPress WP Hotel Booking plugin (versions ≤ 2.3.1). Vulnerability: Insufficient Verification of Data Authenticity in the PayPal IPN handler (web_hook_process_paypal_standard). The IPN validation endpoint can be chosen from attacker-controlled test_ipn, permitting force-upgrad...

5.3CVSS6.1AI score0.00177EPSS
Exploits0References10
patchstack
patchstack
added last week6 views

WordPress WP Hotel Booking plugin <= 2.3.1 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by 1M4 in WordPress Plugin WP Hotel Booking versions = 2.3.1...

6.1CVSS5.9AI score0.00254EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added last week9 views

WordPress LoginPress Pro plugin <= 6.2.3 - Unauthenticated Authentication Bypass vulnerability

Unauthenticated Authentication Bypass vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin LoginPress Pro versions = 6.2.3...

8.1CVSS5.9AI score0.00422EPSS
Exploits0References1Affected Software1
cve
cve
added 2026/07/09 11:30 p.m.11 views

CVE-2026-12598

CVE-2026-12598 affects the LoginPress Pro WordPress plugin (≤ 6.2.3) via the Spotify Social Login addon. The vulnerability arises because loginpress_on_spotify_login() trusts the unverified email from Spotify’s /v1/me endpoint and uses that email with get_user_by('email') to identify/login an exi...

8.1CVSS5.9AI score0.00347EPSS
Exploits0References2
patchstack
patchstack
added 2026/07/08 9:2 a.m.4 views

WordPress Loops & Logic plugin <= 4.2.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by ParkHyunWoo in WordPress Plugin Loops & Logic versions = 4.2.3...

6.5CVSS6.1AI score0.00168EPSS
Exploits0Affected Software1
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.8 views

PT-2026-56578

Name of the Vulnerable Software and Affected Versions AsyncSSH versions prior to 2.23.1 Description AsyncSSH is a Python package providing an asynchronous client and server implementation of the SSHv2 protocol. A malicious SSH server can write arbitrary files on the SCP client's filesystem by...

8.1CVSS6.2AI score0.00317EPSS
Exploits0References7
ossf
ossf
added 2026/07/03 11:50 p.m.10 views

Malicious code in bytekit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0bbaea22b635a4a8425964572b733b806f45714a9090492d1c39d545088fe336 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...

6.1AI score
Exploits0References4
osv
osv
added 2026/07/02 2:13 p.m.4 views

PYSEC-2026-737 SSRF attacks via tracebacks in Plone

Plone before 5.2.3 allows SSRF attacks via the tracebacks feature only available to the Manager role...

8.8CVSS5.9AI score0.01066EPSS
Exploits0References7
attackerkb
attackerkb
added 2026/07/02 10:30 a.m.8 views

CVE-2026-54431

In liboauth2 the Demonstrating Proof-of-Possession DPoP verifier accepts a proof whose JSON Web Key jwk header contains private key material. RFC 9449 section 4.3 step 7 requires the verifier to reject such a proof but oauth2tokenverify function returns success for a malformed DPoP proof that...

5.1CVSS5.8AI score0.00128EPSS
Exploits0References4
euvd
euvd
added 2026/07/02 10:30 a.m.11 views

EUVD-2026-41277

In liboauth2 the Demonstrating Proof-of-Possession DPoP verifier accepts a proof whose JSON Web Key jwk header contains private key material. RFC 9449 section 4.3 step 7 requires the verifier to reject such a proof but oauth2tokenverify function returns success for a malformed DPoP proof that...

5.1CVSS5.8AI score0.00128EPSS
Exploits0References3
cve
cve
added 2026/07/01 2:25 p.m.20 views

CVE-2026-58399

The CVE affects @acastellon/auth (authentication control for microservices). Versions

8.7CVSS5.8AI score0.00543EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/07/01 12:0 a.m.8 views

PT-2026-55209

Name of the Vulnerable Software and Affected Versions Concourse versions prior to 8.2.3 Description An open redirect issue exists in the login flow. An attacker can craft a URL that redirects users from the Concourse web server to an external site, which could be utilized in phishing attacks to...

5.9AI score
Exploits0References6
euvd
euvd
added 2026/06/25 1:12 p.m.7 views

EUVD-2026-39365

Contributor Remote Code Execution RCE in Widget Options = 4.2.3 versions...

9.9CVSS5.9AI score0.00426EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/25 1:12 p.m.6 views

CVE-2026-54823

Contributor Remote Code Execution RCE in Widget Options = 4.2.3 versions...

9.9CVSS5.9AI score0.00426EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/25 1:12 p.m.6 views

CVE-2026-54821

Subscriber Sensitive Data Exposure in Visual Link Preview = 2.3.1 versions...

7.4CVSS5.8AI score0.00264EPSS
Exploits0References2
Rows per page
Query Builder