Lucene search
K

528 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/19 7:38 p.m.5 views

CVE-2026-48089

DevGuard provides vulnerability management for the full software supply chain. Prior to 1.4.2, on a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create,...

7.1CVSS5.9AI score0.00235EPSS
Exploits0References3Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in snmptt

Before version 1.4.2 of SNMPTT, attackers could execute shell code through EXEC, PREXEC, or unknowntrapexec...

9.8CVSS7.9AI score0.02016EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2026-37641

Subscriber Privilege Escalation in Falang multilanguage = 1.4.2 versions...

8.8CVSS5.2AI score0.00389EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-54805

Subscriber Privilege Escalation in Falang multilanguage = 1.4.2 versions...

8.8CVSS0.00389EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 9:30 p.m.8 views

EUVD-2026-36984

Unauthenticated Broken Access Control in Royal MCP = 1.4.2 versions...

7.3CVSS5.1AI score0.00219EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 10:16 p.m.15 views

CVE-2026-53608

ApostropheCMS is an open-source Node.js content management system. Versions up to and including 1.4.2 of the @apostrophecms/seo package injects the Google Analytics Tracking ID seoGoogleTrackingId and Google Tag Manager ID seoGoogleTagManager directly into tag bodies using JavaScript template...

8.7CVSS0.0021EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.12 views

CVE-2025-52747

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jthemes Themebox - Digital Products Ecommerce allows Reflected XSS. This issue affects Themebox - Digital Products Ecommerce: from n/a through 1.4.2...

7.1CVSS5.4AI score0.0018EPSS
Exploits0References1
OSV
OSV
added 2026/06/04 7:37 p.m.9 views

GHSA-JPVJ-WPMJ-H7RV Supply chain compromise via malicious @cap-js/openapi

Impact On May 19, 2026, a compromised version of @cap-js/[email protected] was published. The malicious packages harvested credentials and attempted self-propagation. If a compromised version was installed, all credentials accessible on that machine npm tokens, cloud provider credentials, SSH keys,...

9.6CVSS5.8AI score
Exploits0References4
NVD
NVD
added 2026/06/03 12:16 a.m.18 views

CVE-2026-9732

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...

4.3CVSS0.00128EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.9 views

WordPress plugin EmergencyWP – Dead Man s switch & legacy deliverance 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.3AI score0.00128EPSS
Exploits0References4
NVD
NVD
added 2026/05/27 9:16 a.m.15 views

CVE-2025-52747

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jthemes Themebox - Digital Products Ecommerce allows Reflected XSS. This issue affects Themebox - Digital Products Ecommerce: from n/a through 1.4.2...

7.1CVSS0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 8:40 a.m.12 views

EUVD-2025-209960

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jthemes Themebox - Digital Products Ecommerce allows Reflected XSS. This issue affects Themebox - Digital Products Ecommerce: from n/a through 1.4.2...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 8:40 a.m.9 views

CVE-2025-52747

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jthemes Themebox - Digital Products Ecommerce allows Reflected XSS. This issue affects Themebox - Digital Products Ecommerce: from n/a through 1.4.2...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/16 3:26 p.m.12 views

CVE-2021-47972 Sticky Notes & Color Widgets 1.4.2 Denial of Service

Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can paste large payloads of repeated characters into note fields to trigger application crashes and mak...

8.7CVSS5.8AI score0.00284EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/16 3:26 p.m.11 views

EUVD-2021-34827

Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can paste large payloads of repeated characters into note fields to trigger application crashes and mak...

8.7CVSS5.8AI score0.00284EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/16 3:26 p.m.41 views

CVE-2021-47972 Sticky Notes & Color Widgets 1.4.2 Denial of Service

Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can paste large payloads of repeated characters into note fields to trigger application crashes and mak...

8.7CVSS0.00284EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.13 views

PT-2026-41458

Name of the Vulnerable Software and Affected Versions Sticky Notes & Color Widgets version 1.4.2 Description A denial of service issue allows attackers to crash the application by creating notes with excessively long character strings. By pasting large payloads of repeated characters into note...

8.7CVSS5.8AI score0.00284EPSS
Exploits0References4
OSV
OSV
added 2026/04/30 4:39 p.m.5 views

OPENSUSE-SU-2026:20662-1 Security update for hauler

This update for hauler fixes the following issues: Changes in hauler: - update to 1.4.2 bsc1258614, CVE-2026-24122: Bump github.com/theupdateframework/go-tuf/v2 from 2.3.0 to 2.3.1 in the gomodules group across 1 directory fix for new helm chart features Bump github.com/sigstore/rekor from 1.4.3 ...

3.7CVSS5.8AI score0.00197EPSS
Exploits2References2
NVD
NVD
added 2026/04/23 12:17 p.m.6 views

CVE-2025-62104

Missing Authorization vulnerability in Navneil Naicker ACF Galerie 4 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ACF Galerie 4: from n/a through 1.4.2...

4.3CVSS0.00198EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/23 11:2 a.m.26 views

CVE-2025-62104 WordPress ACF Galerie 4 plugin <= 1.4.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Navneil Naicker ACF Galerie 4 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ACF Galerie 4: from n/a through 1.4.2...

4.3CVSS0.00198EPSS
Exploits0References1
Rows per page
Query Builder