Lucene search
K

2231 matches found

NVD
NVD
added 5 hours ago3 views

CVE-2026-47244

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAXVALUE, and Http2Settings never inserts...

5.3CVSS
Exploits0References3
NVD
NVD
added 10 hours ago7 views

CVE-2026-50645

There is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF, which can lead to uncontrolled resource consumption or a denial of service attack. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue by...

7.5CVSS
Exploits0References2
Nuclei
Nuclei
added 18 hours ago4 views

Unlimited Elements for Elementor <= 1.5.93 - Cross Site Scripting

Unlimited Elements For Elementor Free Widgets, Addons, Templates versions up to 1.5.93 contain a reflected cross-site scripting caused by improper neutralization of input during web page generation, letting attackers execute malicious scripts in the victim's browser, exploit requires attacker to...

7.1CVSS8.1AI score0.11631EPSS
Exploits0References3
CVE
CVE
added 3 days ago14 views

CVE-2026-49955

Hermes WebUI vulnerable before version 0.51.270 to resource exhaustion via the passkey/options endpoint. Unauthenticated remote attackers can degrade availability by repeatedly posting to the authentication endpoint, causing unbounded growth of the challenge store and high CPU/disk I/O due to rep...

6.9CVSS5.5AI score0.00148EPSS
Exploits0References5
Patchstack
Patchstack
added 4 days ago5 views

WordPress Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Romain Deperne ang3L in WordPress Plugin Unlimited Elementor Inner Sections By BoomDevs versions = 1.3.3...

6.4CVSS5.4AI score0.00042EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-47612

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.135.Final Netty versions prior to 4.2.15.Final Description In the network application framework, DefaultHttp2Connection.DefaultEndpoint initializes maxActiveStreams and maxStreams to Integer.MAX VALUE, while...

5.3CVSS5.2AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-47611

Name of the Vulnerable Software and Affected Versions netty-transport-sctp versions prior to 4.1.135.Final netty-transport-sctp versions prior to 4.2.15.Final Description Netty is a network application framework for developing protocol servers and clients. A flaw exists where the handler processe...

7.5CVSS5.2AI score
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.5 views

CVE-2025-46638

Dell BSAFE SSL-J contains an allocation of resources without limits or throttling vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to a Denial of Service DoS...

7.5CVSS5.5AI score0.00109EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.6 views

CVE-2026-5486

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to SQL Injection via the 'datafiltersearch' parameter in the getcataddons AJAX action in versions up to and including 2.0.7. This is due to insufficient input sanitization and the use of deprecated escaping functions combined...

6.5CVSS5.9AI score0.00048EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.6 views

CVE-2026-45023

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.59, POST /api/blocks/blockid/execute endpoint executes blocks without consuming any credits, regardless of the user's balance. The credit check that exists in th...

5.4CVSS5.7AI score0.00065EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.5 views

CVE-2026-2402

CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the user account by performing an arbitrary number of authentication attempts with different credentials on a sequence of requests to multiple endpoints...

6.9CVSS5.6AI score0.00066EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.5 views

CVE-2026-40608

Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams. Prior to 0.4.15, the embedded HTTP sidecar contains three POST handlers /api/state, /api/restore, and /api/history-svg that process incoming requests by accumulating the entire request body into a...

6.2CVSS5.5AI score0.00017EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.5 views

CVE-2026-33756

Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, Saleor supports query batching by submitting multiple GraphQL operations in a single HTTP request as a JSON array but wasn't enforcing any upper limit on the number of operations. This allowed an...

7.5CVSS5.4AI score0.00115EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.5 views

CVE-2026-40586

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler performs no throttling of any kind. Failed authentication attempts are processed at full network speed with no IP-based rate limiting, no per-account attempt counter, no temporary lockout, no progressiv...

7.5CVSS5.5AI score0.00052EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.5 views

CVE-2026-48837

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection. This issue affects Unlimited Elements For Elementor: from n/a through 2.0.8...

8.5CVSS5.6AI score0.00033EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 3:21 p.m.4 views

GHSA-5549-C5Q7-FJ65 Vantage6: No limit on emails sent for password/MFA reset

Impact Users can reset their MFA token via API routes that send them an email. Currently the number of emails that is sent is not limited. This gives attackers the option to flood someones mailbox with a lot of emails, and would have adverse effects on the SMTP server which may be seen as spam...

2.1CVSS5.5AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/05 3:21 p.m.10 views

Vantage6: No limit on emails sent for password/MFA reset

Impact Users can reset their MFA token via API routes that send them an email. Currently the number of emails that is sent is not limited. This gives attackers the option to flood someones mailbox with a lot of emails, and would have adverse effects on the SMTP server which may be seen as spam...

5.5AI score
Exploits0References4Affected Software1
Redos
Redos
added 2026/06/05 12:0 a.m.3 views

ROS-20260605-73-0044

The vulnerability in Tomcat10 is related to unlimited resource allocation. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

7.5CVSS7.2AI score0.00069EPSS
Exploits0
Redos
Redos
added 2026/06/05 12:0 a.m.3 views

ROS-20260605-73-0045

The vulnerability in Tomcat11 is related to unlimited resource allocation. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

7.5CVSS7.2AI score0.00069EPSS
Exploits0
EUVD
EUVD
added 2026/06/04 5:55 p.m.7 views

EUVD-2026-34316

Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses \s+ which matches newlines allowing embedded newlines to pass, TLSA matchingType=0 has no upper bound on hex data length, and all validators return raw input without zone-file escaping...

8.6CVSS5.8AI score0.00049EPSS
Exploits0References3
Rows per page
Query Builder