Lucene search
K

1920 matches found

Nuclei
Nuclei
added 16 hours ago11 views

YITH WooCommerce Ajax Search <= 2.4.0 - Cross-Site Scripting

The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'queryString' parameter in the REST API endpoint /ywcas/v1/register in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. id: CVE-2024-4455 info...

7.2CVSS6.1AI score0.0101EPSS
Exploits0References3
OSV
OSV
added 6 days ago4 views

PYSEC-2026-1494 Kinto Attachment's attachments can be replaced on read-only records

Impact The attachment file of an existing record can be replaced if the user has "read" permission on one of the parent collection or bucket. And if the "read" permission is given to "system.Everyone" on one of the parent, then the attachment can be replaced on a record using an anonymous request...

8.6CVSS5.9AI score0.00702EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-54699

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description A use after free issue in V8 allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. Use after free is a memory corruption flaw that occurs whe...

9.6CVSS6.2AI score0.00479EPSS
Exploits0References456
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 12:22 p.m.4 views

Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2026-39892 DESCRIPTION: cryptography is a package...

9.8CVSS6.2AI score0.00652EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50606

Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description An attacker with appropriate JSON:API write permissions could potentially inject a malicious payload in certain rare circumstances, leading to PHP Object Injection. PHP Object Injection...

6AI score0.00161EPSS
Exploits0References4
Amazon
Amazon
added 2026/05/26 12:0 a.m.11 views

Important: kernel-livepatch-6.1.168-202.320

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/rds: reset opnents when zerocopy page pin fails CVE-2026-43494 Affected Packages: kernel-livepatch-6.1.168-202.320 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

7.8CVSS5.2AI score0.00269EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.10 views

PT-2026-42410

Name of the Vulnerable Software and Affected Versions Netatalk versions 1.5.0 through 4.2.2 Description The DHCAST128 UAM User Authentication Module uses a broken cryptographic algorithm. This allows a remote attacker to perform a cryptanalytic attack to obtain authentication credentials or...

7.4CVSS5.8AI score0.00301EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.11 views

PT-2026-42425

Name of the Vulnerable Software and Affected Versions Netatalk versions 3.0.0 through 4.4.2 Description An integer underflow occurs in the volxlate function. This allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption by providing...

3.9CVSS5.8AI score0.00094EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.10 views

ISC BIND 9.11.0 < 9.18.49 / 9.11.3-S1 < 9.18.49-S1 / 9.18.0 < 9.18.49 / 9.18.11-S1 < 9.18.49-S1 / 9.20.0 < 9.20.23 / 9.20.9-S1 < 9.20.23-S1 / 9.21.0 < 9.21.22 Assertion Failure (cve-2026-5946)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2026-5946 advisory. - Multiple flaws have been identified in named related to the handling of DNS messages whose CLASS is not Internet IN for...

7.5CVSS5.9AI score0.0181EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.20 views

PT-2026-41151

Name of the Vulnerable Software and Affected Versions go-billy versions prior to 5.9.0 Description Multiple path traversal issues exist across different components of the software due to insufficient path sanitization and boundary enforcement. This allows crafted paths, such as those using .., to...

8.8CVSS5.8AI score0.00781EPSS
Exploits1References231
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/13 6:27 p.m.14 views

Security Bulletin: Multiple security vulnerabilities affecting IBM Knowledge Catalog for IBM Cloud Pak for Data

Summary Multiple security vulnerabilities impacting IBM Knowledge Catalog for IBM Cloud Pak for Data. These vulnerabilities have been addressed and customers should update to the recommended version of the product at the earliest opportunity. Vulnerability Details CVEID:CVE-2025-46392 DESCRIPTION...

8.8CVSS6.8AI score0.05966EPSS
Exploits6Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.25 views

PT-2026-40439

Name of the Vulnerable Software and Affected Versions DNS Cluster affected versions not specified Description SSL verification is disabled in the DNS Cluster system. This allows a malicious server to perform a man-in-the-middle attack, which is a technique where an attacker intercepts communicati...

8.2CVSS5.8AI score0.00252EPSS
Exploits0References8
ICS
ICS
added 2026/05/12 12:0 a.m.12 views

Siemens Ruggedcom Rox

SUMMARY Ruggedcom Rox before v2.17.1 contain multiple third-party vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly recommends to protect network...

5.5CVSS7.7AI score0.00439EPSS
Exploits0References10
ICS
ICS
added 2026/05/12 12:0 a.m.12 views

Siemens Ruggedcom Rox

SUMMARY Ruggedcom Rox contains an input validation vulnerability in the feature key installation process that could allow an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system. Siemens has released new versions for the affected...

7.7CVSS8AI score0.00442EPSS
Exploits0References10
Amazon
Amazon
added 2026/05/09 12:0 a.m.16 views

Low: atop

Issue Overview: atop through 2.11.0 allows local users to cause a denial of service e.g., assertion failure and application exit or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop. CVE-2025-31160 Affected Packages: atop...

2.9CVSS5.8AI score0.00192EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.9 views

Oracle Linux 10 : python-tornado (ELSA-2026-13641)

The remote Oracle Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-13641 advisory. 6.5.5-1.1 - Update to 6.5.5 Resolves: RHEL-160934 Tenable has extracted the preceding description block directly from the Oracle Linux security...

8.7CVSS7.3AI score0.00375EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.12 views

PT-2026-37147

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9 Description Several administrative operations within the preferences module are executed via GET requests without CSRF token validation. This allows an attacker to force an authenticated administrator to trigger...

3.5CVSS5.8AI score0.00117EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.7 views

Debian dla-4525 : libyaml-syck-perl - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4525 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4525-1 [email protected]...

9.1CVSS6AI score0.00429EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.14 views

PT-2026-33509

Name of the Vulnerable Software and Affected Versions xrdp versions prior to 0.10.6 Description An open source RDP server contains a heap-based buffer overflow in the EGFX graphics dynamic virtual channel implementation. This occurs due to insufficient validation of client-controlled size...

10CVSS6.3AI score0.00583EPSS
Exploits0References19
ICS
ICS
added 2026/04/14 12:0 a.m.7 views

Siemens SCALANCE

SUMMARY SCALANCE W-700 IEEE 802.11n family before V6.6.0 are affected by multiple vulnerabilities. Siemens has released a new version for SCALANCE W-700 IEEE 802.11n family and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly...

9.1CVSS7.3AI score0.01318EPSS
Exploits0References10
Rows per page
Query Builder