Lucene search
K

2315 matches found

Nuclei
Nuclei
added yesterday9 views

Unlimited Elements for Elementor <= 1.5.93 - Cross Site Scripting

Unlimited Elements For Elementor Free Widgets, Addons, Templates versions up to 1.5.93 contain a reflected cross-site scripting caused by improper neutralization of input during web page generation, letting attackers execute malicious scripts in the victim's browser, exploit requires attacker to...

7.1CVSS7.1AI score0.0074EPSS
Exploits0References3
CVE
CVE
added 2 days ago10 views

CVE-2026-59873

CVE-2026-59873 affects node-tar (Node.js) prior to v7.5.19. The issue arises because the library did not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction/parsing code (e.g., src/extract.ts), enabling a crafted gzip input to cause resource ex...

9.2CVSS5.9AI score0.00291EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-43927 FOSSBilling has race condition in cart checkout that bypasses promo code usage limits

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, a race condition in the cart checkout flow allows an authenticated client to apply a promo code beyond its configured maximum uses. By sending concurrent checkout requests before any single request...

6.9CVSS0.0022EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago3 views

CVE-2026-43927

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, a race condition in the cart checkout flow allows an authenticated client to apply a promo code beyond its configured maximum uses. By sending concurrent checkout requests before any single request...

6.9CVSS6AI score0.0022EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 4 days ago5 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.8AI score0.01945EPSS
Exploits0References8
OSV
OSV
added 2026/07/03 12:0 a.m.3 views

UBUNTU-CVE-2026-54886

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to render an SFTP channel permanently unresponsive. The handledata/4 function in sshsftpd contains a catch-all clause that accepts channel data of any type. When...

5.3CVSS6.1AI score0.0033EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-54886

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to render an SFTP channel...

5.3CVSS6.1AI score0.0033EPSS
Exploits0References3
NVD
NVD
added 2026/07/02 9:16 p.m.12 views

CVE-2026-38970

pdfcpu through v0.11.1 contains an uncontrolled-recursion denial-of-service issue in pkg/pdfcpu/model/parse.go. The parser descends recursively through nested PDF objects, including arrays, via ParseObjectContext and parseArray without enforcing a maximum nesting depth...

7.5CVSS0.00451EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/07/02 4:6 p.m.12 views

CVE-2026-54886 SSH SFTP server denial of service via extended channel data infinite loop

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to render an SFTP channel permanently unresponsive. The handledata/4 function in sshsftpd contains a catch-all clause that accepts channel data of any type. When...

5.3CVSS6AI score0.0033EPSS
Exploits0References5
CVE
CVE
added 2026/07/01 5:3 p.m.73 views

CVE-2026-54428

The CVE concerns Apache HttpComponents Core HPACK decoder: on HTTP/2, the HPACK decoder may allocate resources without limits or throttling, allowing a remote attacker to cause memory exhaustion and denial of service. Affected versions are 5.4.2 and earlier, and 5.5-beta1 and earlier. The issue o...

7.5CVSS5.8AI score0.00587EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/07/01 1:17 p.m.5 views

CVE-2026-53904

MCO is vulnerable to Account Denial of Service due to improper implementation of password reset functionality. Each password reset request invalidates previously set password as well as previously issued temporary passwords, furthermore, password resets are not limited in any way. An attacker who...

7.1CVSS0.00204EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 11:58 a.m.18 views

CVE-2026-53904

CVE-2026-53904 affects MCO; vulnerability is an Account Denial of Service due to improper password-reset implementation. The description across sources states that every reset request invalidates the current password and any issued temporary passwords, with no limits on reset requests. An attacke...

7.1CVSS5.8AI score0.00204EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.9 views

PT-2026-54830

Name of the Vulnerable Software and Affected Versions MCO version 25.3.3.1 Description Account Denial of Service occurs due to the improper implementation of the password reset functionality. Each request to reset a password invalidates the current password and any previously issued temporary...

7.1CVSS5.8AI score0.00204EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/30 1:37 p.m.36 views

CVE-2026-35098 Improper Restriction of Excessive Authentication Attempts in KTM System e-BOK

KTM System e-BOK does not implement any limit or timeout on consecutive login attempts, allowing an attacker to perform unlimited authentication requests. This lack of rate‑limiting enables efficient brute‑force attacks against user accounts. When combined with vulnerability CVE-2026-35097, where...

6.9CVSS0.00323EPSS
Exploits0References2
NVD
NVD
added 2026/06/29 6:16 p.m.8 views

CVE-2026-57959

Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation validates usage count before asynchronous UpdateEventStatisticsJob increments it, allowing attackers to redeem limited promo codes unlimited times. Attackers can sequentially reserve multiple orders with the...

8.2CVSS0.00193EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/29 5:24 p.m.8 views

EUVD-2026-40144

Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation validates usage count before asynchronous UpdateEventStatisticsJob increments it, allowing attackers to redeem limited promo codes unlimited times. Attackers can sequentially reserve multiple orders with the...

8.2CVSS5.8AI score0.00193EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/29 5:24 p.m.6 views

CVE-2026-57959

Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation validates usage count before asynchronous UpdateEventStatisticsJob increments it, allowing attackers to redeem limited promo codes unlimited times. Attackers can sequentially reserve multiple orders with the...

8.2CVSS5.8AI score0.00193EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 5:48 a.m.4 views

BIT-NODE-2026-48619

A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

7.5CVSS6AI score0.00656EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2026/06/26 6:39 a.m.10 views

K000161920: Node.js vulnerability CVE-2026-48619

Security Advisory Description A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26. CVE-2026-48619 Impa...

7.5CVSS6.3AI score0.00656EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/26 1:14 a.m.41 views

CVE-2026-48619

A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

5.3CVSS0.00656EPSS
Exploits0References1
Rows per page
Query Builder