Lucene search
K

258 matches found

Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-57799 WordPress Nuss theme <= 1.3.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in uxper Nuss nuss allows PHP Local File Inclusion.This issue affects Nuss: from n/a through = 1.3.6...

7.5CVSS0.00496EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/02 3:17 p.m.5 views

WordPress Nuss theme <= 1.3.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Nuss versions = 1.3.6...

7.5CVSS5.9AI score0.00496EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/06/26 12:16 p.m.36 views

CVE-2025-64152 Apache IoTDB: Path Traversal Vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.6, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.6 and 2.0.7, which fixes the issue...

0.00382EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.20 views

PT-2026-49168

Name of the Vulnerable Software and Affected Versions runc versions prior to 1.3.6 runc versions prior to 1.4.3 runc versions prior to 1.5.0-rc.3 Description A flaw involving a /dev symlink allows a malicious container image to obtain limited write access to the host filesystem. This issue occurs...

3.3CVSS5.2AI score0.00222EPSS
Exploits0References20
Snyk
Snyk
added 2026/06/08 12:0 a.m.10 views

Cleartext Transmission of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information via HTTP redirect handling in the HTTP client. An attacker can obtain sensitive credentials by causing a client configured to automatically follow redirects to follow a redirect from a...

6.9CVSS5.4AI score0.00172EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.11 views

CVE-2026-45284

Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user OIDC after they where deleted. This issue has been patched in version 8.4.0...

8.8CVSS5.3AI score0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.12 views

CVE-2026-4808

The Gerador de Certificados – DevApps plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the moveUploadedFile function in all versions up to, and including, 1.3.6. This makes it possible for authenticated attackers, with Administrator-level access...

7.2CVSS6.4AI score0.00554EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 4:57 p.m.9 views

CVE-2026-45284 Nextcloud: Wrong condition in the User OIDC app's LdapService allowed deleted LDAP users to authenticate

Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user OIDC after they where deleted. This issue has been patched in version 8.4.0...

4.6CVSS5.7AI score0.00193EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/11 4:56 p.m.9 views

Malicious code in crypto-javascri (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3f73f5a262aba7ba05c713d409646e419e998232fd536fd99c51750fa070699 The package crypto-javascri was found to contain malicious code. Source: google-open-source-security...

5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.8 views

CVE-2026-1559

The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'checkinplaceid' parameter in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access...

6.4CVSS5.9AI score0.00195EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/18 1:26 a.m.4 views

CVE-2026-1559

The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'checkinplaceid' parameter in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access...

6.4CVSS5.9AI score0.00195EPSS
Exploits0References8
EUVD
EUVD
added 2026/04/18 1:26 a.m.4 views

EUVD-2026-23622

The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'checkinplaceid' parameter in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access...

6.4CVSS5.9AI score0.00195EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/18 1:26 a.m.7 views

CVE-2026-1559 Youzify <= 1.3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'checkin_place_id' Parameter

The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'checkinplaceid' parameter in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access...

6.4CVSS5.9AI score0.00195EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/08 6:43 a.m.3 views

CVE-2026-4808 Gerador de Certificados – DevApps <= 1.3.6 - Authenticated (Administrator+) Arbitrary File Upload

The Gerador de Certificados – DevApps plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the moveUploadedFile function in all versions up to, and including, 1.3.6. This makes it possible for authenticated attackers, with Administrator-level access...

7.2CVSS6.6AI score0.00554EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/17 8:58 p.m.3 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop due to the logicalQuery.Select process. An attacker can cause excessive CPU consumption and denial of service by submitting specially crafted Boolean XPath expressions that always evaluate to true, such as "1=1" or "true"...

8.7CVSS5.9AI score0.00519EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.17 views

PT-2026-24047

Name of the Vulnerable Software and Affected Versions Apache IoTDB versions 1.0.0 through 1.3.6 Apache IoTDB versions 2.0.0 through 2.0.6 Description A security issue exists in Apache IoTDB. Users are advised to upgrade to a fixed version to address the problem. Recommendations Upgrade to version...

9.8CVSS5.8AI score0.00584EPSS
Exploits0References16
RedhatCVE
RedhatCVE
added 2026/03/06 7:54 a.m.4 views

CVE-2026-27369

Deserialization of Untrusted Data vulnerability in BoldThemes Celeste celeste allows Object Injection.This issue affects Celeste: from n/a through = 1.3.6...

8.1CVSS5.8AI score0.00308EPSS
Exploits0References1
NVD
NVD
added 2026/03/05 6:16 a.m.6 views

CVE-2026-27369

Deserialization of Untrusted Data vulnerability in BoldThemes Celeste celeste allows Object Injection.This issue affects Celeste: from n/a through = 1.3.6...

8.1CVSS0.00308EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/05 5:53 a.m.2 views

CVE-2026-27369 WordPress Celeste theme <= 1.3.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in BoldThemes Celeste celeste allows Object Injection.This issue affects Celeste: from n/a through = 1.3.6...

8.1CVSS5.8AI score0.00308EPSS
Exploits0References1
CVE
CVE
added 2026/03/05 5:53 a.m.12 views

CVE-2026-27369

CVE-2026-27369 is a deserialization vulnerability in BoldThemes Celeste WordPress Theme (affected: Celeste

8.1CVSS5.9AI score0.00308EPSS
Exploits0References1
Rows per page
Query Builder