Lucene search
K

701 matches found

EUVD
EUVD
added 2026/04/08 9:31 a.m.4 views

EUVD-2026-20144

Missing Authorization vulnerability in Brainstorm Force CartFlows cartflows allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CartFlows: from n/a through = 2.2.3...

5.9AI score0.00216EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.6 views

PT-2026-31073

The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the group attribute in the gallery shortcode in all versions up to, and including, 2.3.4. This is due to the plugin modifying gallery shortcode output to include the group attribute value without proper...

6.4CVSS6.1AI score0.00264EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.4 views

PT-2026-31296

Name of the Vulnerable Software and Affected Versions WCAPF – WooCommerce Ajax Product Filter versions up to and including 4.2.3 Description The WooCommerce Ajax Product Filter plugin is susceptible to time-based SQL Injection through the post-author parameter. Insufficient input sanitization and...

7.5CVSS5.9AI score0.01473EPSS
Exploits0References11
NVD
NVD
added 2026/04/07 5:16 p.m.3 views

CVE-2026-35611

Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking...

7.5CVSS0.0036EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/07 7:50 a.m.28 views

CVE-2026-33227 Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ: Improper Limitation of a Pathname to a Restricted Classpath Directory

Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated...

0.00419EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/01 5:0 a.m.4 views

CVE-2026-30878

baserCMS is a website development framework. Prior to version 5.2.3, a public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables...

5.3CVSS5.8AI score0.00382EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/01 5:0 a.m.5 views

CVE-2026-30880

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability in the installer. This issue has been patched in version 5.2.3...

9.8CVSS7AI score0.02059EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/01 5:0 a.m.7 views

CVE-2026-27697

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3...

9.8CVSS7.1AI score0.00412EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/01 12:30 a.m.34 views

CVE-2026-35056 XenForo Remote Code Execution via Authenticated Admin

XenForo before 2.3.9 and before 2.2.18 allows remote code execution RCE by authenticated, but malicious, admin users. An attacker with admin panel access can execute arbitrary code on the server...

8.6CVSS0.00666EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.7 views

Xenforo 代码注入漏洞

Xenforo is a forum software developed by the Xenforo company. Versions of XenForo prior to 2.3.7 had a code injection vulnerability. This vulnerability stemmed from improper restrictions on methods that could be called within templates, allowing unauthorized method calls to occur...

9.8CVSS5.9AI score0.00333EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.4 views

PT-2026-29414

XenForo before 2.3.5 allows OAuth2 client applications to request unauthorized scopes. This affects any customer using OAuth2 clients on any version of XenForo 2.3 prior to 2.3.5, potentially allowing client applications to gain access beyond their intended authorization level...

8.8CVSS5.9AI score0.00265EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/31 10:43 p.m.6 views

EUVD-2026-17265

baserCMS has OS command injection vulnerability in installer...

9.2CVSS7.1AI score0.02059EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/31 10:36 p.m.6 views

EUVD-2026-17261

baserCMS has Mail Form Acceptance Bypass via Public API...

5.3CVSS5.9AI score0.00382EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/31 10:35 p.m.7 views

EUVD-2026-17259

baserCMS Update Functionality Vulnerable to OS Command Injection...

9.1CVSS5.9AI score0.01516EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/31 10:35 p.m.7 views

EUVD-2026-17257

baserCMS has an SQL injection vulnerability in its blog post functionality...

6.9CVSS7.2AI score0.00412EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/31 10:22 p.m.2 views

CVE-2026-34556

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a heap-buffer-overflow HBO in icAnsiToUtf8 in the XML conversion path. The issue is triggered by a crafted ICC profile which causes icAnsiToUtf8std::string&, char const ...

6.2CVSS5.9AI score0.00156EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/03/31 10:22 p.m.28 views

CVE-2026-34556 iccDEV: HBO in icAnsiToUtf8()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a heap-buffer-overflow HBO in icAnsiToUtf8 in the XML conversion path. The issue is triggered by a crafted ICC profile which causes icAnsiToUtf8std::string&, char const ...

6.2CVSS0.00156EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/31 10:15 p.m.5 views

EUVD-2026-17717

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior UB issue in IccTagLut.cpp where the code performs member access through a null pointer of type CIccApplyCLUT. This issue has been patched in versio...

6.2CVSS5.8AI score0.00156EPSS
Exploits1References3
CVE
CVE
added 2026/03/31 10:9 p.m.10 views

CVE-2026-34548

iccDEV contains an Undefined Behavior (UB) in the XML conversion tool path (iccToXml) caused by an implicit conversion from a negative signed integer to icUInt32Number, leading to value changes prior to version 2.3.1.6. The issue is patched in version 2.3.1.6.

6.2CVSS5.8AI score0.00159EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/31 10:8 p.m.1 views

CVE-2026-34547 iccDEV: UB at IccUtil.cpp

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, an Undefined Behavior UB condition in IccUtil.cpp can be triggered by a crafted ICC profile when running iccDumpProfile. This issue has been patched in version 2.3.1.6...

6.2CVSS5.7AI score0.00156EPSS
Exploits1References3
Rows per page
Query Builder