Lucene search
K

446 matches found

EUVD
EUVD
added 12 hours ago6 views

EUVD-2026-41662

A vulnerability was determined in omec-project amf up to 2.1.1. This issue affects the function RRCInactiveTransitionReport of the component NGAP Message Handler. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploit has been publicly disclos...

5.3CVSS5.5AI score
Exploits0References8
Cvelist
Cvelist
added 3 days ago38 views

CVE-2026-11794 Advanced Form Integration < 2.1.1 - Unauthenticated Privilege Escalation via Breakdance Form Role Mapping

The Advanced Form Integration — Connect Forms to 200+ Apps WordPress plugin before 2.1.1 does not restrict the WordPress role assigned when it creates a user from a public form submission, allowing unauthenticated visitors to create an administrator account when an active integration maps the use...

0.00236EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.5 views

CVE-2026-57629

Contributor Cross Site Scripting XSS in StatCounter = 2.1.1 versions...

6.5CVSS0.00161EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:53 p.m.6 views

CVE-2026-57629

CVE-2026-57629 : A cross-site scripting (XSS) vulnerability affects the WordPress plugin “StatCounter” in versions

6.5CVSS5.8AI score0.00161EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.8 views

PT-2026-52800

Name of the Vulnerable Software and Affected Versions StatCounter versions prior to 2.1.2 Description StatCounter is subject to Cross Site Scripting XSS, a flaw that allows an attacker to inject malicious scripts into web pages viewed by other users, specifically affecting the contributor role...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References3
CVE
CVE
added 2026/06/15 8:17 p.m.14 views

CVE-2026-39480

CVE-2026-39480 affects the WordPress plugin Backup Migration (versions

7.5CVSS5.2AI score0.00376EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49381

Unauthenticated Sensitive Data Exposure in Backup Migration = 2.1.1 versions...

7.5CVSS5.2AI score0.00376EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/06 12:31 a.m.13 views

EUVD-2026-34926

The Frontend User Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the funpajaxmodifynotes function. This makes it possible for unauthenticated attackers to trick a logged-in...

4.3CVSS5.4AI score0.00132EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.9 views

CVE-2026-8493

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Colorbox Inline allows Cross-Site Scripting XSS. This issue affects Colorbox Inline: from 0.0.0 before 2.1.1...

5.4CVSS5.4AI score0.00177EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.12 views

PT-2026-44751

The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.1 This is due to insufficient output escaping on the post author's nickname in the statcounter addToTags function. The function is hooked to wp he...

6.4CVSS6AI score0.00305EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/05/25 9:16 p.m.10 views

CVE-2026-43827

Default configurations of Apache Shiro have a session fixation vulnerability. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected versions, when a session already...

6.5CVSS5.8AI score0.00412EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/23 1:0 p.m.9 views

CVE-2026-9301 omec-project amf NGReset Message memory corruption

A vulnerability was found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGReset Message Handler. Performing a manipulation results in memory corruption. The attack is possible to be carried out remotely. The exploit has been made public and could be use...

6.5CVSS6AI score0.00228EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.11 views

Unity Linux 20.1070e Security Update: undertow (UTSA-2026-016708)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016708 advisory. A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker t...

6.5CVSS6.7AI score0.01005EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/19 10:29 p.m.36 views

CVE-2026-8493 Colorbox Inline - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-036

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Colorbox Inline allows Cross-Site Scripting XSS. This issue affects Colorbox Inline: from 0.0.0 before 2.1.1...

0.00177EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 8:24 a.m.19 views

CVE-2026-6174

The CVE-2026-6174 issue affects the WordPress CC Child Pages plugin. All versions up to and including 2.1.1 are vulnerable to Stored Cross-Site Scripting via the 'more' parameter due to insufficient input sanitization and output escaping. Authenticated attackers with Contributor-level access and ...

6.4CVSS6AI score0.00156EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.17 views

PT-2026-39973

The Zawgyi Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the zawgyi adminpage function. This makes it possible for unauthenticated attackers to update the plugin's zawgyi...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/08 3:54 p.m.10 views

EUVD-2026-28806

novaGallery is a php image gallery. Prior to version 2.1.1, a path traversal vulnerability has been identified in novaGallery. This allows unauthenticated users to read image files outside the intended gallery root directory. This issue has been patched in version 2.1.1...

5.3CVSS5.7AI score0.00315EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/08 3:54 p.m.9 views

CVE-2026-42028

novaGallery is a php image gallery. Prior to version 2.1.1, a path traversal vulnerability has been identified in novaGallery. This allows unauthenticated users to read image files outside the intended gallery root directory. This issue has been patched in version 2.1.1...

5.3CVSS5.7AI score0.00315EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/08 3:54 p.m.36 views

CVE-2026-42028 novaGallery: Unauthenticated Path Traversal in Album and Cached Image Routes Allows Reading Images Outside Gallery Root

novaGallery is a php image gallery. Prior to version 2.1.1, a path traversal vulnerability has been identified in novaGallery. This allows unauthenticated users to read image files outside the intended gallery root directory. This issue has been patched in version 2.1.1...

5.3CVSS0.00315EPSS
Exploits0References3
CVE
CVE
added 2026/05/08 3:54 p.m.22 views

CVE-2026-42028

CVE-2026-42028 affects novaGallery (a PHP image gallery). Prior to version 2.1.1, there is a path traversal vulnerability that allows unauthenticated users to read image files outside the intended gallery root. The issue has been patched in version 2.1.1. The CVSS 3.1 base score is 5.3 (Medium), ...

5.3CVSS5.7AI score0.00315EPSS
Exploits0References3
Rows per page
Query Builder