Lucene search
K

65 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-54421

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensiti...

6.8CVSS5.9AI score0.00291EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.15 views

PT-2026-48576

Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 24.09.07 Description Improper Control of Generation of Code allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks. This can lead to Remote...

6AI score0.00657EPSS
Exploits0References4
NVD
NVD
added 2026/06/05 9:16 a.m.16 views

CVE-2026-49777

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4...

10CVSS0.01656EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/06/05 8:59 a.m.50 views

CVE-2026-49777 WordPress Product Slider Pro for WooCommerce plugin < 3.5.4 - Backdoor vulnerability

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4...

10CVSS0.01656EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/06/05 8:59 a.m.14 views

CVE-2026-49777 WordPress Product Slider Pro for WooCommerce plugin < 3.5.4 - Backdoor vulnerability

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4...

10CVSS5.4AI score0.01656EPSS
Exploits2References1
EUVD
EUVD
added 2026/06/05 8:59 a.m.11 views

EUVD-2026-34792

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.3. No patched version is available - the vendor has applied a fi...

10CVSS5.5AI score0.01656EPSS
Exploits2References1
CVE
CVE
added 2026/06/05 8:59 a.m.58 views

CVE-2026-49777

CVE-2026-49777 (WordPress Product Slider Pro for WooCommerce

10CVSS5.4AI score0.01656EPSS
In wildExploits2References1
Cvelist
Cvelist
added 2026/06/03 1:31 p.m.40 views

CVE-2024-47273

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users to write specific files via unspecified vectors...

4.3CVSS0.00277EPSS
Exploits0References1
CBLMariner
CBLMariner
added 2026/05/18 8:36 p.m.9 views

CVE-2026-35469 affecting package keda for versions less than 2.14.1-12

CVE-2026-35469 affecting package keda for versions less than 2.14.1-12. A patched version of the package is available...

8.7CVSS5.8AI score0.00656EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/04/24 1:28 a.m.11 views

SUSE CVE-2026-41176

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...

9.8CVSS5.8AI score0.34734EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/20 4:11 p.m.3 views

CVE-2026-25524

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, PHP functions such as getimagesize, fileexists, and isreadable can trigger...

8.1CVSS6.1AI score0.00539EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/12 12:0 a.m.17 views

Linux Distros Unpatched Vulnerability : CVE-2026-34480

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.htmlXmlLayout , in versions up to and including 2.25.3, fails to sanitize...

7.5CVSS5.8AI score0.0086EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-6207

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00629EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2025-0208

Malicious code in bioql PyPI...

8.1CVSS8.7AI score0.04714EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-10812

Malicious code in bioql PyPI...

8.6CVSS6.6AI score0.00384EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/09/30 6:11 p.m.10 views

Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload

Summary Unpatched Argo CD versions are vulnerable to malicious API requests which can crash the API server and cause denial of service to legitimate clients. With the default configuration, no webhook.bitbucketserver.secret set, Argo CD’s /api/webhook endpoint will crash the entire argocd-server...

7.5CVSS7AI score0.00549EPSS
Exploits1References5Affected Software3
Positive Technologies
Positive Technologies
added 2025/09/29 12:0 a.m.6 views

PT-2025-39896

Name of the Vulnerable Software and Affected Versions Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 25.1.102 Vasion Print formerly PrinterLogic Application versions prior to 25.1.1413 Description A protection mechanism failure exists in the file get contents function...

8.5CVSS6.5AI score0.00554EPSS
Exploits1References8
OSV
OSV
added 2025/09/24 9:30 p.m.5 views

GHSA-G7WQ-WGGW-VMHG ts-fns has prototype pollution vulnerability

A prototype pollution vulnerability exists in the ts-fns package versions prior to 13.0.7, where insufficient validation of user-provided keys in the assign function allows attackers to manipulate the Object.prototype chain. By leveraging this flaw, adversaries may inject arbitrary properties int...

6.3CVSS6.4AI score0.004EPSS
Exploits0References4
OSV
OSV
added 2025/09/24 7:15 p.m.5 views

CVE-2025-57347

A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConflict function, which fails to properly sanitize user-supplied input during property assignment operations. This flaw allows attackers to exploit prototype pollution...

9.8CVSS7.4AI score0.00502EPSS
Exploits0References2
OSV
OSV
added 2025/09/24 6:30 p.m.5 views

GHSA-6XV4-9CQP-92RH messageformat prototype pollution vulnerability

The Runtime components of messageformat package for Node.js version 3.0.1 contain a prototype pollution vulnerability. Due to insufficient validation of nested message keys during the processing of message data, an attacker can manipulate the prototype chain of JavaScript objects by providing...

5.3CVSS7.1AI score0.0032EPSS
Exploits0References7
Rows per page
Query Builder