Lucene search
K

154 matches found

CVE
CVE
added yesterday6 views

CVE-2026-49779

CVE-2026-49779 concerns the WordPress plugin Tax Exempt for WooCommerce (versions

6.5CVSS5.8AI score
Exploits0References1
Patchstack
Patchstack
added 4 days ago4 views

WordPress Tax Exempt for WooCommerce plugin <= 1.9.3 - Path Traversal vulnerability

Path Traversal vulnerability discovered by Saad Malik in WordPress Plugin Tax Exempt for WooCommerce versions = 1.9.3...

6.5CVSS5.8AI score
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/21 11:30 p.m.7 views

CVE-2026-12822

A vulnerability was identified in langflow-ai langflow up to 1.9.3. This affects an unknown function of the component Bundle URL Loader. The manipulation leads to code injection. The attack needs to be performed locally. The vendor was contacted early about this disclosure but did not respond in...

5.3CVSS5.8AI score0.00188EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2026/06/21 11:30 p.m.10 views

CVE-2026-12822

Langflow AI langflow

7.8CVSS5.8AI score0.00188EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/06/10 8:28 p.m.26 views

CVE-2026-46689 Kanidm: Unauthenticated process abort via SCIM filter stack exhaustion

Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses ≈ 4–12 KB drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds...

8.7CVSS0.00317EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 8:28 p.m.24 views

CVE-2026-46689

Kanidm vuln CVE-2026-46689: An unauthenticated GET to any /scim/v1/... endpoint with a crafted ?filter= (thousands of nested parentheses, ~4–12 KB) can exhaust the parser’s stack due to an unbounded depth in the SCIM filter grammar. This causes a stack overflow and std::process::abort(), terminat...

8.7CVSS5.4AI score0.00317EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/11 12:0 a.m.5 views

WordPress plugin BuddyPress Groupblog 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

8.8CVSS5.8AI score0.00406EPSS
Exploits0References9
EUVD
EUVD
added 2026/04/10 12:31 p.m.4 views

EUVD-2026-21358

FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution...

9.8CVSS6.1AI score0.00927EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/10 9:16 a.m.3 views

CVE-2026-6057 Unauthenticated Path Traversal in FalkorDB Browser Leads to Remote Code Execution

FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution...

6.1AI score0.00927EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.5 views

PT-2026-25290

CVE-2026-32446 Missing Authorization vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPF... https://t.co/Jm5HpGMTQ9...

4.3CVSS5.8AI score0.00172EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/02/24 12:24 a.m.4 views

SUSE CVE-2026-27111

Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the abili...

5.3CVSS5.8AI score0.00175EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/22 1:28 a.m.5 views

CVE-2026-27112

Kargo manages and automates the promotion of software artifacts. From 1.7.0 to before v1.7.8, v1.8.11, and v1.9.3, the batch resource creation endpoints of both Kargo's legacy gRPC API and newer REST API accept multi-document YAML payloads. Specially crafted payloads can manifest a bug present in...

9.9CVSS6.7AI score0.00423EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/20 9:17 p.m.28 views

CVE-2026-27111 Kargo has Missing Authorization Vulnerabilities in Approval & Promotion REST API Endpoints

Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the abili...

5.3CVSS0.00175EPSS
Exploits0References2
OSV
OSV
added 2026/02/20 9:17 p.m.5 views

CVE-2026-27111 Kargo has Missing Authorization Vulnerabilities in Approval & Promotion REST API Endpoints

Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the abili...

5.3CVSS5.6AI score0.00175EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/20 3:46 p.m.6 views

CVE-2025-68005

Missing Authorization vulnerability in themewant Easy Hotel Booking easy-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Hotel Booking: from n/a through = 1.9.3...

6.5CVSS5.1AI score0.00315EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.7 views

PT-2026-21302

Name of the Vulnerable Software and Affected Versions Kargo versions 1.9.0 through 1.9.2 Description Kargo manages and automates the promotion of software artifacts. The authorization model includes a 'promote' verb intended to control access to promotion pipelines. While correctly enforced in th...

9.9CVSS5.2AI score0.27661EPSS
Exploits45References115
Vulnrichment
Vulnrichment
added 2026/01/24 8:26 a.m.5 views

CVE-2025-14630 AdminQuickbar <= 1.9.3 - Cross-Site Request Forgery to Settings Update

The AdminQuickbar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.3. This is due to missing or incorrect nonce validation on the 'saveSettings' and 'renamePost' AJAX actions. This makes it possible for unauthenticated attackers to modify...

4.3CVSS5.8AI score0.0016EPSS
Exploits0References5
OSV
OSV
added 2025/12/22 10:16 p.m.4 views

CVE-2023-53969

Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to change user passwords...

9.3CVSS5.8AI score0.00456EPSS
Exploits2References5
CNNVD
CNNVD
added 2025/12/22 12:0 a.m.3 views

DB Elettronica Screen SFT DAB 600/C 访问控制错误漏洞

The DB Elettronica Screen SFT DAB 600/C is a digital audio broadcast transmitter from DB Elettronica, Italy. An access control error vulnerability exists in the DB Elettronica Screen SFT DAB 600/C version 1.9.3, which stems from the fact that improper session management could result in a password...

9.3CVSS6.9AI score0.00456EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2025/12/22 12:0 a.m.5 views

PT-2025-52706

Name of the Vulnerable Software and Affected Versions Screen SFT DAB 600/C version 1.9.3 Description The software contains a session management issue that allows attackers to bypass authentication controls. This is achieved by exploiting improper IP address session binding. Attackers can reuse th...

9.3CVSS6.8AI score0.00456EPSS
Exploits2References9
Rows per page
Query Builder