Lucene search
K

857 matches found

Amazon
Amazon
added 2026/07/08 12:0 a.m.4 views

Important: log4j-cve-2021-44228-hotpatch

Issue Overview: No CVE associated with this advisory Affected Packages: log4j-cve-2021-44228-hotpatch Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update...

10CVSS7.2AI score0.99999EPSS
Exploits354
OSV
OSV
added 2026/07/02 5:17 p.m.12 views

UBUNTU-CVE-2026-55952

The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tlshandshake13:handlepresharedkey/3, an OfferedPreSharedKeys record with a...

8.2CVSS6.1AI score0.00487EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.34 views

CVE-2026-57649 WordPress Shoppable Images Lite plugin <= 1.3 - Broken Access Control vulnerability

Subscriber Broken Access Control in Shoppable Images Lite = 1.3 versions...

4.3CVSS0.00213EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 8:13 p.m.24 views

CVE-2026-6679 DTLS 1.3 ACK serialization heap buffer overflow via integer truncation

A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This...

8.8CVSS0.00385EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/25 10:0 a.m.6 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS5.8AI score0.00621EPSS
Exploits0References8
NVD
NVD
added 2026/06/24 7:16 a.m.11 views

CVE-2026-8688

The Advance Nav Menu Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.00227EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.17 views

PT-2026-51682

Name of the Vulnerable Software and Affected Versions Image Sizes on Demand versions prior to 1.4 Description Insufficient input sanitization and output escaping in the PHP SELF server variable allow unauthenticated attackers to inject arbitrary web scripts. These scripts execute if a user is...

6.1CVSS6.1AI score0.00168EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/22 8:40 p.m.5 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.1AI score0.00621EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37656

Subscriber Arbitrary File Download in Woocommerce Book Price = 1.3 versions...

7.5CVSS5.2AI score0.00467EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.11 views

CVE-2026-40755

Unauthenticated PHP Object Injection in TechLink = 1.3 versions...

8.1CVSS0.0025EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:19 p.m.12 views

CVE-2025-69171

Unauthenticated Local File Inclusion in Orpheus = 1.3 versions...

8.1CVSS0.00348EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.9 views

EUVD-2026-37693

Unauthenticated PHP Object Injection in ShiftUp = 1.3 versions...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:50 a.m.10 views

CVE-2026-22334

CVE-2026-22334 concerns the WordPress Woocommerce Book Price plugin (&lt;= 1.3). The vulnerability is an Arbitrary File Download that requires authentication (Subscriber level or higher). The CVE entry notes an authenticated path to download arbitrary files, with a base CVSS v3.1 score of 7.5 (HI...

7.5CVSS5.2AI score0.00467EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.30 views

CVE-2025-69171 WordPress Orpheus theme <= 1.3 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Orpheus = 1.3 versions...

8.1CVSS0.00348EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.24 views

PT-2026-50404

Name of the Vulnerable Software and Affected Versions ShiftUp versions 1.3 and earlier Description An unauthenticated PHP Object Injection issue exists in the software. PHP Object Injection occurs when user-supplied input is passed to the unserialize function without proper validation, potentiall...

8.1CVSS5.7AI score0.00308EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.11 views

CVE-2026-3998

The WM JqMath plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' shortcode attribute of the jqmath shortcode in all versions up to and including 1.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The...

6.4CVSS5.7AI score0.00265EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/03 7:49 a.m.15 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS5.8AI score0.00621EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/05/27 1:46 p.m.12 views

WordPress Orpheus theme <= 1.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Orpheus versions = 1.3...

8.1CVSS5.8AI score0.00348EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/05/27 7:16 a.m.18 views

CVE-2026-8846

The Tuxquote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'TUXQUOTE' shortcode in versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes 'title', 'align', and 'width' in the tuxquotebuildforma...

6.4CVSS0.00187EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 5:31 a.m.24 views

CVE-2026-8846

CVE-2026-8846 affects the WordPress Tuxquote plugin (versions ≤ 1.3). The vulnerability is a Stored Cross-Site Scripting (XSS) in the TUXQUOTE shortcode, caused by insufficient input sanitization and output escaping for attributes (title, align, width) in tuxquote_build_format(), which are concat...

6.4CVSS6AI score0.00187EPSS
Exploits0References3
Rows per page
Query Builder