Lucene search
+L

1212 matches found

cve
cve
added yesterday14 views

CVE-2026-45576

Summary: CVE-2026-45576 affects the zrok tool. From versions 0.4.23 through 2.0.3, the zrok2 copy command stores attacker-controlled WebDAV or zrok drive paths (e.g., /../outside.txt) in the source inventory and passes them to FilesystemTarget.WriteStream, enabling writing files outside the selec...

8.3CVSS6.1AI score0.00061EPSS
Exploits0References3
osv
osv
added 2 days ago5 views

JLSEC-2026-761

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of message...

5.9CVSS6.4AI score0.01098EPSS
Exploits0References5
nvd
nvd
added 4 days ago3 views

CVE-2026-57410

Incorrect Privilege Assignment vulnerability in MailerPress Team MailerPress mailerpress allows Privilege Escalation.This issue affects MailerPress: from n/a through = 2.0.2...

8.8CVSS0.00286EPSS
Exploits0References1
cvelist
cvelist
added 4 days ago27 views

CVE-2026-57798 WordPress NewsPlus Shortcodes plugin <= 4.2.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SaurabhSharma NewsPlus Shortcodes newsplus-shortcodes allows PHP Local File Inclusion.This issue affects NewsPlus Shortcodes: from n/a through = 4.2.0...

7.5CVSS0.00496EPSS
Exploits0References1
euvd
euvd
added 2026/07/08 1:49 p.m.7 views

EUVD-2026-42267

Grav before 2.0.0 affected through 2.0.0-rc.9 and the 2.0 branch contains a stored CSS injection vulnerability in the Markdown image resize media action. Prior media hardening rejects direct ?style= payloads and unsafe attribute fallbacks, but the resize action in Excerpts::processMediaActions...

4.8CVSS6.1AI score0.00217EPSS
Exploits0References4
patchstack
patchstack
added 2026/07/02 7:1 p.m.6 views

WordPress Zakra theme <= 4.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Theme Zakra versions = 4.2.0...

6.4CVSS5.9AI score0.00187EPSS
Exploits0References1Affected Software1
cve
cve
added 2026/07/02 11:15 a.m.17 views

CVE-2026-57352

CVE-2026-57352 concerns the WordPress plugin ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce (

4.8CVSS5.8AI score0.0021EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/30 8:19 p.m.35 views

CVE-2025-36321 Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.7CVSS0.00407EPSS
Exploits0References1
euvd
euvd
added 2026/06/30 8:18 p.m.8 views

EUVD-2025-210379

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 s vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

4.3CVSS5.8AI score0.0027EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/30 8:17 p.m.35 views

CVE-2025-36327 Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security...

6.5CVSS0.0036EPSS
Exploits0References1
cve
cve
added 2026/06/30 8:12 p.m.14 views

CVE-2025-36336

CVE-2025-36336 affects IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0. The issue is that data is transmitted in clear text, which an attacker could exploit via man-in-the-middle techniques to obtain sensitive information. The base metrics show a moderate network attack with...

5.9CVSS5.8AI score0.00203EPSS
Exploits0References1Affected Software1
osv
osv
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-401 parisneo/lollms vulnerable to stored XSS in the social feature

A Stored Cross-Site Scripting XSS vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in the createpost function within backend/routers/social/init.py, where user-provided content is directly assigned to the...

9.6CVSS7.3AI score0.00405EPSS
Exploits1References6
nessus
nessus
added 2026/06/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-52964

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans The USB MIDI 2.0 endpoint parser has the same descriptor walking pattern as the legacy MIDI parser. It...

5.5CVSS6AI score0.00127EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/06/26 4:15 p.m.7 views

CVE-2026-55677

Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches routes using the raw encoded path preserving %2F as-is, while StaticDirectoryHandler unescapes %2F to / before resolving filesystem paths. This allows an...

7.5CVSS5.8AI score0.0043EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2026/06/26 2:52 p.m.38 views

CVE-2025-68075 WordPress BNE Testimonials plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting XSS in BNE Testimonials = 2.0.8 versions...

6.5CVSS0.00161EPSS
Exploits0References1
patchstack
patchstack
added 2026/06/26 8:28 a.m.8 views

WordPress User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin <= 5.2.0 - Missing Authorization to Unauthenticated Payment Bypass vulnerability

Missing Authorization to Unauthenticated Payment Bypass vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin User Registration versions = 5.2.0...

6.5CVSS5.8AI score0.0018EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.12 views

PT-2026-52476

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0670 Description The get text props function in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textprop T entries that follow. Because the count ...

6.1CVSS5.8AI score0.00113EPSS
Exploits0References5
nvd
nvd
added 2026/06/24 5:17 p.m.9 views

CVE-2026-52964

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans The USB MIDI 2.0 endpoint parser has the same descriptor walking pattern as the legacy MIDI parser. It validates bLength against bNumGrpTrmBlock before reading...

5.5CVSS0.00127EPSS
Exploits0References5
circl
circl
added 2026/06/24 4:7 p.m.6 views

CVE-2021-25149

creationtimestamp| type| source ---|---|--- 2026-06-24 16:07:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mp2ccmccga2q...

9.8CVSS5.8AI score0.01634EPSS
Exploits0References1
cve
cve
added 2026/06/22 2:59 p.m.141 views

CVE-2026-53550

js-yaml vulnerability CVE-2026-53550 stems from the merge-key handling (&lt;&lt;) in lib/loader.js, causing quadratic parse-time DoS when processing crafted YAML with repeated aliases prior to version 4.2.0. Affected: js-yaml

5.3CVSS5.8AI score0.00259EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder