Lucene search
K

269 matches found

NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-48055

Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and prior, a high-severity Zip Slip vulnerability was identified in Streambert's subtitle extraction logic. The application does not sanitize archive entry filenames during extraction,...

10CVSS0.00621EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 1:26 a.m.35 views

CVE-2026-6565 Style Kits – Advanced Theme Styles for Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Kit Title

The Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '/wp-json/agwp/v1/tokens/save' endpoint kit title parameter in versions up to, and including, 2.5.0 due to insufficient input...

6.4CVSS0.00156EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/17 11:45 p.m.6 views

CVE-2026-40340 libgphoto2 has OOB read in ptp_unpack_OI() in ptp-pack.c via malicious PTP ObjectInfo response

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read vulnerability in ptpunpackOI in camlibs/ptp2/ptp-pack.c lines 530–563. The function validates len PTPoiSequenceNumber i.e., len 48 but subsequently accesses offsets 48–56, up to 9 byt...

6.1CVSS5.7AI score0.00218EPSS
Exploits0References2
PyPA
PyPA
added 2026/04/07 10:16 p.m.11 views

PYSEC-2026-59

Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files...

9.1CVSS5.9AI score0.00495EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/20 9:36 a.m.5 views

CVE-2026-22324 WordPress Melania theme <= 2.5.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Melania melania allows PHP Local File Inclusion.This issue affects Melania: from n/a through = 2.5.0...

8.1CVSS5.8AI score0.00466EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/03 12:20 p.m.5 views

WordPress Solaris theme <= 2.5 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Solaris versions = 2.5...

9.8CVSS6AI score0.0051EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/02/24 3:34 p.m.11 views

CVE-2025-47904

CVE-2025-47904 affects Microchip Time Provider 4100. Root cause: missing integrity check during code download allows a malicious manual software update. Affected: Time Provider 4100 before version 2.5. Impact (per sources): potential compromise of software integrity and related systems during upg...

5.7CVSS5.4AI score0.00082EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/14 7:22 p.m.7 views

CVE-2026-26268

Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent ie prompt injection could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time th...

9.9CVSS5.7AI score0.0049EPSS
Exploits0References1
NVD
NVD
added 2026/02/13 5:16 p.m.9 views

CVE-2026-26268

Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent ie prompt injection could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time th...

9.9CVSS0.0049EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/11 5:48 p.m.3 views

CVE-2026-2361 Improper search_path protection in PostgreSQL Anonymizer 2.5 allows any user with create privilege to gain superuser privileges

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.gettablesampleratio function is then called, the malicious code is executed with superuser privileges. This...

8CVSS5.7AI score0.00277EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/22 4:51 p.m.2 views

CVE-2025-49055 WordPress WP Lead Capturing Pages plugin <= 2.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through = 2.5...

9.3CVSS5.9AI score0.00372EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 8 : ruby:2.5 (AXSA:2022-3066:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3066:01 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 Tenable has extracted the preceding...

9.3CVSS7.3AI score0.06307EPSS
Exploits1References2
OSV
OSV
added 2026/01/14 10:38 a.m.9 views

RHSA-2026:0361 Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security Update

Bulletin has no description...

8.5CVSS6.9AI score0.00389EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.4 views

MiracleLinux 8 : ruby:2.5 (AXSA:2025-9949:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9949:01 advisory. oniguruma: integer overflow in searchinrange function in regexec.c leads to out-of-bounds read CVE-2019-19012 rubygem-bundler: unexpected code...

9.8CVSS7.8AI score0.10539EPSS
Exploits4References3
OSV
OSV
added 2026/01/03 11:47 a.m.6 views

BIT-PYTORCH-2025-63396

An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop can cause torch.profiler.profile PythonTracer to crash or hang during finalization, leading to a Denial of Service DoS...

3.3CVSS6.8AI score0.00121EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/12/29 12:0 a.m.4 views

Meshtastic 安全漏洞

Meshtastic is a decentralized wireless off-grid mesh network LoRa protocol open-sourced by Meshtastic. A security vulnerability exists in Meshtastic versions 2.5 up to and including 2.7.15, which stems from a degradation attack path in the absence of PKI cryptographic flags, and could lead to an...

5.3CVSS5.7AI score0.00191EPSS
Exploits1References2
Patchstack
Patchstack
added 2025/12/09 7:28 a.m.8 views

WordPress Trust.Reviews plugin <= 2.5 - Unauthenticated Stored Cross-Site Scripting via Social Media Reviews vulnerability

Unauthenticated Stored Cross-Site Scripting via Social Media Reviews vulnerability discovered by Kishan Vyas in WordPress Plugin Trust.Reviews versions = 2.5...

7.2CVSS5.5AI score0.00327EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.3 views

WordPress plugin Social Reviews Recommendations 跨站脚本漏洞

...

7.2CVSS5.8AI score0.00327EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/11/21 12:0 a.m.4 views

WordPress plugin SKT Skill Bar 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

6.5CVSS5.9AI score0.00134EPSS
Exploits0References1
NVD
NVD
added 2025/11/06 4:16 p.m.16 views

CVE-2025-62067

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Savory savory.This issue affects Savory: from n/a through = 2.5...

8.1CVSS0.00392EPSS
Exploits0References1
Rows per page
Query Builder