Lucene search
K

422 matches found

OSV
OSV
added 2026/06/12 7:23 a.m.5 views

OPENSUSE-SU-2026:20948-1 Security update for enc

This update for enc fixes the following issues: Changes in enc: - CVE-2026-1229: Fix incorrect value bsc1265533 Bump circl to 1.6.3 - Update to 1.1.5: Update dependencies 10 - Update to 1.1.4: Update all dependencies 9...

9.8CVSS7.7AI score0.00397EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.10 views

CVE-2026-27415

Cross-Site Request Forgery CSRF vulnerability in PluginUs.Net BEAR allows Cross Site Request Forgery. This issue affects BEAR: from n/a through 1.1.5...

4.3CVSS5.4AI score0.00095EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.9 views

CVE-2026-40979

In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

6.1CVSS5.4AI score0.00105EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.9 views

CVE-2026-40978

SQL injection vulnerability in Spring AI's CosmosDBVectorStore allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

8.8CVSS6AI score0.00338EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 12:39 p.m.35 views

CVE-2026-39552 WordPress Blueprint theme < 1.1.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Code Supply Co. Blueprint allows PHP Local File Inclusion. This issue affects Blueprint: from n/a before 1.1.5...

8.1CVSS0.00334EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.8 views

SourceBans Material Admin 安全漏洞

SourceBans Material Admin is a game server management panel tool developed by SourceBans Material Admin developers. Versions prior to 1.1.6 of SourceBans Material Admin contained security vulnerabilities; these vulnerabilities allowed attackers to manipulate arbitrary user data in web application...

7.3CVSS5.9AI score0.00308EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/05/26 7:56 a.m.8 views

WordPress SweetDate Core plugin < 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin SweetDate Core versions 1.1.5...

5.8AI score0.0018EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/13 3:27 p.m.11 views

CVE-2026-44664 fast-xml-builder: Comment Value bypass regex

fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace/--/g, '- -'. This skip the values containing three consecutive dashes e.g., ---..., allowing an attacker to break out of an XML comment and...

6.1CVSS5.9AI score0.00194EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 3:27 p.m.63 views

CVE-2026-44664 fast-xml-builder: Comment Value bypass regex

fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace/--/g, '- -'. This skip the values containing three consecutive dashes e.g., ---..., allowing an attacker to break out of an XML comment and...

6.1CVSS0.00194EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/08 4:27 p.m.8 views

NPM: fast-xml-builder Comment Value regex can be bypassed

NPM: fast-xml-builder Comment Value regex can be bypassed vulnerability discovered by ? in WordPress Npm fast-xml-builder versions 1.1.5...

6.1CVSS5.8AI score0.00194EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/07 10:20 a.m.27 views

CVE-2026-27415

The CVE-2026-27415 entry documents a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress BEAR plugin, affecting BEAR versions from n/a up to 1.1.5. The issue is described as CSRF in PluginUs.Net BEAR. The provided metrics indicate a CVSS v3.1 base score of 4.3 (Medium) with attack ve...

4.3CVSS5.8AI score0.00095EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/07 10:20 a.m.6 views

CVE-2026-27415

Cross-Site Request Forgery CSRF vulnerability in PluginUs.Net BEAR allows Cross Site Request Forgery. This issue affects BEAR: from n/a through 1.1.5...

4.3CVSS5.8AI score0.00095EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/29 6:18 a.m.6 views

CVE-2026-40967

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...

8.6CVSS5.2AI score0.00394EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/27 12:0 a.m.7 views

Improper Neutralization of Special Elements in Data Query Logic

Overview org.springframework.ai:spring-ai-oracle-store is an AI Vector Search from Oracle Database 23ai+ as a Spring AI Vector Store Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementation...

8.8CVSS5.8AI score0.00394EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/27 12:0 a.m.5 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter underlying vector store queries by supplying crafted filter expressions, as keys and values are not...

8.8CVSS5.8AI score0.00394EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/27 12:0 a.m.6 views

Improper Neutralization of Special Elements in Data Query Logic

Overview org.springframework.ai:spring-ai-weaviate-store is a Building AI applications with Spring Boot Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter...

8.8CVSS5.8AI score0.00394EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/27 12:0 a.m.5 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter underlying vector store queries by supplying crafted filter expressions, as keys and values are not...

8.8CVSS5.8AI score0.00394EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 9:0 p.m.8 views

XML Injection

Overview Affected versions of this package are vulnerable to XML Injection in fxb.js, which does not properly handle closing delimiters for comment and CDATA values. The -- sequence in comment content and the sequence in CDATA sections can be coopted to close their respective sections early and...

6.1CVSS5.8AI score0.00238EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/04/13 7:25 p.m.6 views

CVE-2026-39663

Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TrueBooker: from n/a through = 1.1.5...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/09 9:38 p.m.4 views

WordPress BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin <= 1.1.5 - Cross-Site Request Forgery to Product Data Modification vulnerability

WordPress BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin = 1.1.5 - Cross-Site Request Forgery to Product Data Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin BEAR versions = 1.1.5...

6.5CVSS5.9AI score0.00176EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder