Lucene search
K

1029 matches found

NVD
NVD
added 2 days ago3 views

CVE-2026-57774

Missing Authorization vulnerability in vowelweb VW Food Corner vw-food-corner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Food Corner: from n/a through = 1.1.0...

5.3CVSS0.00293EPSS
Exploits0References1
CVE
CVE
added 2 days ago14 views

CVE-2026-57774

The CVE-2026-57774 entry corresponds to a Missing Authorization / Broken Access Control vulnerability in the WordPress theme VW Food Corner (versions up to and including 1.1.0). The issue affects the theme itself, enabling exploitation due to incorrectly configured access control security levels....

5.3CVSS6.1AI score0.00293EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42808

The BuddyHolis TableSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6.1AI score0.00156EPSS
Exploits0References2
NVD
NVD
added 2026/07/05 5:16 a.m.10 views

CVE-2026-14699

A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits...

4.8CVSS0.00137EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/07/02 12:7 p.m.7 views

WordPress VW Food Corner theme <= 1.1.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Theme VW Food Corner versions = 1.1.0...

5.3CVSS5.9AI score0.00293EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/26 3:32 p.m.7 views

EUVD-2025-210356

Unauthenticated Insecure Direct Object References IDOR in BookPro = 1.1.0 versions...

5.3CVSS5.8AI score0.00228EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 2:53 p.m.7 views

CVE-2026-57633

Unauthenticated Sensitive Data Exposure in WCBoost - Products Compare = 1.1.0 versions...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 2:52 p.m.10 views

CVE-2025-66123

The CVE-2025-66123 entry describes an unauthenticated Insecure Direct Object References (IDOR) vulnerability in the WordPress BookPro plugin, versions

5.3CVSS5.8AI score0.00228EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/26 1:45 p.m.8 views

WordPress BookPro plugin <= 1.1.0 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Phat RiO in WordPress Plugin BookPro versions = 1.1.0...

5.3CVSS5.8AI score0.00228EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/26 12:32 p.m.7 views

WordPress WCBoost &#8211; Products Compare plugin <= 1.1.0 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WCBoost Products Compare versions = 1.1.0...

5.3CVSS5.8AI score0.0024EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52714

Name of the Vulnerable Software and Affected Versions BookPro versions prior to 1.1.1 Description An unauthenticated Insecure Direct Object Reference IDOR exists, which occurs when an application provides direct access to objects based on user-supplied input without sufficient authorization check...

5.3CVSS5.8AI score0.00228EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 6:55 p.m.5 views

EUVD-2026-39540

The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creation endpoint, allowing authenticated users with a connected Google account to share Google Drive files to unauthorized private channels and disclose private channel membership...

4.2CVSS5.8AI score0.00119EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 9:30 p.m.3 views

CVE-2026-53765 chrome-devtools-mcp: daemon.pid write follows symlinks in /tmp fallback runtime directory

Chrome DevTools for agents chrome-devtools-mcp lets your coding agent control and inspect a live Chrome browser. From 0.20.0 until 1.1.0, The chrome-devtools-mcp daemon writes its PID file with fs.writeFileSync to a deterministic runtime path. On typical macOS environments, and on Linux sessions...

6.1CVSS6AI score0.00077EPSS
Exploits1References3
CVE
CVE
added 2026/06/22 11:28 a.m.20 views

CVE-2026-11373

Summary of CVE-2026-11373 (Net::Statsite::Client) : The Perl client (versions through 1.1.0) is vulnerable to metric injections because metric names are not sanitized for newlines or other protocol control characters (e.g., colons, pipes), and newlines are not removed from metrics. This can allow...

9.1CVSS5.8AI score0.00352EPSS
Exploits0References6
CVE
CVE
added 2026/06/19 8:12 p.m.26 views

CVE-2026-49346

CVE-2026-49346 affects libde265 up to version 1.0.x; a crafted H.265 bitstream with large SPS dimensions and 16-bit depth triggers a signed integer overflow in de265_image_get_buffer(), causing an undersized allocation (~1 KB) but later writing ~4 GB due to size_t math in fill_image. This is fixe...

7.1CVSS5.9AI score0.00227EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/06/19 5:37 p.m.13 views

MAL-2026-6232 Malicious code in free-claude (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e5cf1276f4faf6de26e95f05cc2bb95d90c71473c20e9542c9e88c2d949dfb9 Package name 'free-claude' and author 'anthropic-claude' impersonate Anthropic's Claude product, with a README claiming to install the official Claud...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 5:37 p.m.10 views

Malicious code in free-claude (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e5cf1276f4faf6de26e95f05cc2bb95d90c71473c20e9542c9e88c2d949dfb9 Package name 'free-claude' and author 'anthropic-claude' impersonate Anthropic's Claude product, with a README claiming to install the official Claud...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/06/17 8:17 p.m.5 views

DEBIAN-CVE-2026-48817

Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and below, when dispatching a request, HTTPEndpoint selects the handler by lowercasing the HTTP method and looking it up as an attribute with getattr, without restricting the lookup to a known set of HTTP verbs. When an...

5.3CVSS5.4AI score0.00213EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 5:50 p.m.12 views

CVE-2026-48818 Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows

Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as \attacker.com\share can cause os.path.realpath to initiate an outbound SMB connection before the path is rejected, exposing the service account’s...

7.5CVSS5.3AI score0.00368EPSS
Exploits0References4
OSV
OSV
added 2026/06/17 5:50 p.m.3 views

CVE-2026-48818 Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows

Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as \attacker.com\share can cause os.path.realpath to initiate an outbound SMB connection before the path is rejected, exposing the service account’s...

7.5CVSS6AI score0.00368EPSS
Exploits0References12
Rows per page
Query Builder