Lucene search
K

752 matches found

NVD
NVD
added yesterday6 views

CVE-2026-40501

Cherry Studio versions 1.2.2 through 1.9.12, fixed in commit 1518530, contain a remote code execution vulnerability in SearchService that allows remote attackers to execute arbitrary code by delivering malicious JavaScript through controlled search provider content loaded into an Electron...

8.8CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added last week7 views

CVE-2026-9237

The Employee, Leave and Recruitment Management System – Crew HRM plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS6AI score0.00227EPSS
Exploits0References8
NVD
NVD
added 2026/06/29 2:16 p.m.11 views

CVE-2026-13165

SzafirHost verifies the downloaded native library archive with one JarFile parser reading the Central Directory but extracts native libraries with JarInputStream parser reading sequentially from local file headers. An attacker who controls the served archive can insert a malicious DLL/SO/DYLIB as...

8.6CVSS0.00418EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.13 views

PT-2026-53260

Name of the Vulnerable Software and Affected Versions SzafirHost versions prior to 1.2.2 Description SzafirHost is susceptible to remote code execution due to a discrepancy between how it verifies and extracts native library archives. The software uses a JarFile parser to verify the archive by...

8.6CVSS6.4AI score0.00418EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2025-210224

Subscriber Arbitrary File Upload in PT Luxa Addons = 1.2.2 versions...

9.9CVSS5.2AI score0.00447EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 2:17 p.m.10 views

CVE-2025-69115

Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme = 1.2.2 versions...

8.1CVSS0.00348EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-39554

Unauthenticated PHP Object Injection in Fidalgo = 1.2.2 versions...

8.1CVSS0.00308EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:19 p.m.8 views

CVE-2025-60218

Subscriber Arbitrary File Upload in PT Luxa Addons = 1.2.2 versions...

9.9CVSS0.00447EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.8 views

EUVD-2026-37688

Unauthenticated Local File Inclusion in Uppercase 1.2.2 versions...

8.1CVSS5.2AI score0.00338EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.30 views

CVE-2025-69115 WordPress LuxMed | Medicine & Healthcare Doctor WordPress Theme theme <= 1.2.2 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme = 1.2.2 versions...

8.1CVSS0.00348EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:57 p.m.14 views

CVE-2026-40761

WordPress Theme Valeska &lt;= 1.2.2 is affected by an unauthenticated PHP Object Injection vulnerability. Affected component: Valeska theme (WordPress). Root cause: PHP object injection in versions

8.1CVSS5.3AI score0.0025EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.23 views

CVE-2026-40761 WordPress Valeska theme <= 1.2.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Valeska = 1.2.2 versions...

8.1CVSS0.0025EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.28 views

CVE-2026-39554 WordPress Fidalgo theme <= 1.2.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Fidalgo = 1.2.2 versions...

8.1CVSS0.00308EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.15 views

PT-2026-50118

Unauthenticated PHP Object Injection in Valeska = 1.2.2 versions...

8.1CVSS5.4AI score0.0025EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.8 views

CVE-2026-40772

Unauthenticated Arbitrary File Upload in GeekyBot = 1.2.2 versions...

10CVSS0.00347EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.29 views

CVE-2026-40772 WordPress GeekyBot plugin <= 1.2.2 - Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload in GeekyBot = 1.2.2 versions...

10CVSS0.00347EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 2:52 p.m.18 views

CLEANSTART-2026-OS93204 Security fixes for CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, CVE-2026-44740, CVE-2026-44973, CVE-2026-45022, CVE-2026-45570, CVE-2026-45571, ghsa-389r-gv7p-r3rp, ghsa-3xc5-wrhm-f963, ghsa-m3xc-h892-ggx6, ghsa-qw64-3x98-g7q2 applied in versions: 1.2.2-r0, 1.2.2-r1

Multiple security vulnerabilities affect the apko package. These issues are resolved in later releases. See references for individual vulnerability details...

9.6CVSS5.6AI score0.00813EPSS
Exploits0References37
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.11 views

CVE-2026-27351

Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2...

5.4CVSS5.4AI score0.00165EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 2:1 p.m.12 views

CVE-2026-27351

Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2...

5.4CVSS5.8AI score0.00165EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/02 2:1 p.m.13 views

CVE-2026-27351 WordPress Crew HRM plugin <= 1.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2...

5.4CVSS5.8AI score0.00165EPSS
Exploits0References1
Rows per page
Query Builder