Lucene search
K

447549 matches found

RedHat Linux
RedHat Linux
added 2 hours ago5 views

Important: Red Hat Security Advisory: nginx:1.24 security, bug fix, and enhancement update

An update for the nginx:1.24 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.2CVSS7.9AI score0.02838EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 3 hours ago5 views

Important: Red Hat Security Advisory: xorg-x11-server-Xwayland security update

An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

7.8CVSS7AI score0.00165EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 3 hours ago4 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.47 bug fix and security update

Red Hat OpenShift Container Platform release 4.18.47 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...

7.8CVSS6.8AI score0.00353EPSS
Exploits4References2
RedHat Linux
RedHat Linux
added 3 hours ago2 views

Important: Red Hat Security Advisory: xorg-x11-server-Xwayland security update

An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

7.8CVSS7AI score0.00165EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 3 hours ago3 views

Important: Red Hat Security Advisory: xorg-x11-server-Xwayland security update

An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

7.8CVSS7AI score0.00165EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 5 hours ago6 views

Important: Red Hat Security Advisory: RHACS 4.10.5 security and bug fix update

Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...

9.4CVSS6.8AI score0.00813EPSS
Exploits0References17
RedHat Linux
RedHat Linux
added 6 hours ago3 views

Important: Red Hat Security Advisory: 389-ds-base security update

An update for 389-ds-base is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.8CVSS6.2AI score0.00549EPSS
Exploits0References3
CVE
CVE
added 7 hours ago6 views

CVE-2026-14500

The CVE-2026-14500 entry concerns the Bulk Order Update for WooCommerce plugin for WordPress (

5.3CVSS6.1AI score
Exploits0References4
EUVD
EUVD
added 7 hours ago5 views

EUVD-2026-42175

The Bulk Order Update for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 1.6. This is due to the bouwfetchcsvdata AJAX handler being registered on the wpajaxnopriv hook with no capability or nonce check, and passing the attacker-supplied...

5.3CVSS6.1AI score
Exploits0References4
CVE
CVE
added 7 hours ago8 views

CVE-2026-9731

The CVE concerns the WordPress plugin Wp Js Detect (versions up to 1.0.9). Affected component: plugin_settings in the plugin, where missing/incorrect nonce validation enables a Cross-Site Request Forgery (CSRF) . Unauthenticated attackers could forge requests to update the plugin’s settings (wp_n...

4.3CVSS5.9AI score
Exploits0References5
Nuclei
Nuclei
added 7 hours ago391 views

Magento - SQL Injection

An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. id: CVE-2019-7139 info: name: Magento - SQL Injection author: MaStErChO severity: critical description: | An unauthenticated user can execute SQL...

9.8CVSS7.4AI score0.1545EPSS
Exploits2References5
Nuclei
Nuclei
added 7 hours ago15 views

PublishPress Capabilities < 2.3.1 - Missing Authorization

The PublishPress Capabilities plugin for WordPress before 2.3.1 does not have proper authorization and CSRF checks when updating settings via the init hook, allowing unauthenticated attackers to update arbitrary blog options, such as setting the default role to administrator. id: CVE-2021-25032...

9.8CVSS7.3AI score0.06745EPSS
Exploits2References4
Nuclei
Nuclei
added 7 hours ago23 views

Emlog Pro v2.1.14 - Cross-Site Scripting

Cross Site Scripting XSS vulnerability in Emlog Pro v2.1.14 via /admin/store.php. id: CVE-2023-41621 info: name: Emlog Pro v2.1.14 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross Site Scripting XSS vulnerability in Emlog Pro v2.1.14 via /admin/store.php. impact: ...

6.1CVSS6.4AI score0.01146EPSS
Exploits1References2
Nuclei
Nuclei
added 7 hours ago19 views

CodiMD <2.5.4 - Insecure Filename Randomization

CodiMD does not require valid authentication to access uploaded images or to upload new image data. An attacker who can determine an uploaded image's URL can gain unauthorised access to uploaded image data. Due to the insecure random filename generation in the underlying Formidable library, an...

5.3CVSS6AI score0.01158EPSS
Exploits1References3
Nuclei
Nuclei
added 7 hours ago362 views

Qlik Sense Enterprise - HTTP Request Smuggling

An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunnelin...

9.9CVSS7.4AI score0.84967EPSS
Exploits0References5
Nuclei
Nuclei
added 7 hours ago7 views

WP Directory Kit < 1.5.0 - Unauthenticated Email Exposure

WP Directory Kit plugin for WordPress = 1.4.9 contains a sensitive information exposure caused by improper access control in wdkpublicaction AJAX handler, letting unauthenticated attackers extract email addresses of users with Directory Kit-specific roles. id: CVE-2025-13920 info: name: WP...

5.3CVSS5.9AI score0.00669EPSS
Exploits0References3
Nuclei
Nuclei
added 7 hours ago22 views

Popup4Phone <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting

Popup4Phone WordPress plugin through 1.3.2 contains a reflected cross-site scripting caused by unsanitized parameters, letting unauthenticated users execute scripts in admin browsers, exploit requires sending crafted requests. id: CVE-2024-3231 info: name: Popup4Phone = 1.3.2 - Unauthenticated...

6.1CVSS5.8AI score0.00684EPSS
Exploits2References2
Nuclei
Nuclei
added 7 hours ago41 views

Jinher OA - SQL Injection

jinher jinheroa is an office automation software that facilitates workflow management and collaboration within organizations. It sits in the enterprise layer of the tech stack, is typically deployed as selfhosted, and—within the informationtechnology industry—serves the businessapps domain. id:...

9.8CVSS6.5AI score0.03559EPSS
Exploits2References3
Nuclei
Nuclei
added 7 hours ago10 views

WP Sessions Time Monitoring Full Automatic <= 1.0.8 - SQL Injection

The WP Sessions Time Monitoring Full Automatic plugin for WordPress is vulnerable to SQL Injection via request parameters in all versions up to, and including, 1.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...

7.5CVSS7.1AI score0.02221EPSS
Exploits2References3
Nuclei
Nuclei
added 7 hours ago10 views

Tutor LMS <= 2.1.10 - SQL Injection

Tutor LMS – eLearning and online course solution plugin for WordPress all versions up to 2.6.1 contains a time-based SQL Injection caused by insufficient escaping on the questionid parameter in SQL queries, letting authenticated attackers with subscriber or higher access extract sensitive...

8.8CVSS7.4AI score0.03135EPSS
Exploits0References3
Rows per page
Query Builder