Lucene search
K

662 matches found

NVD
NVD
added 2 hours ago2 views

CVE-2026-57352

Unauthenticated Broken Authentication in ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce = 2.2.0 versions...

4.8CVSS
Exploits0References1
EUVD
EUVD
added 6 days ago9 views

EUVD-2026-36601

Nezha Monitoring: Unbounded WebSocket Streams — Resource Exhaustion DoS...

6.5CVSS5.8AI score0.00289EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/15 12:52 p.m.31 views

CVE-2026-49111 WordPress Masteriyo - LMS plugin <= 2.2.0 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0...

8.8CVSS0.00238EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 12:52 p.m.20 views

CVE-2026-49111

The CVE covers WordPress Masteriyo LMS plugin versions up to 2.2.0 with an Incorrect Privilege Assignment vulnerability that enables Privilege Escalation. Affected component: Masteriyo LMS plugin. Root cause: incorrect privilege handling within the plugin. Impact: HIGH (CVSS 3.1, base score 8.8; ...

8.8CVSS5.3AI score0.00238EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 9:4 p.m.25 views

CVE-2026-53523 Nezha Monitoring: OAuth2 Redirect URL — Host Header Injection

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the getRedirectURL function in oauth2.go:22-29 constructs the OAuth2 callback URL by concatenating the request's Host header with a fixed path, with zero...

6.8CVSS0.00234EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 9:4 p.m.7 views

CVE-2026-53522 Nezha Monitoring: Unbounded WebSocket Streams — Resource Exhaustion DoS

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the Nezha dashboard exposes two endpoints that create long-lived WebSocket streams to monitored agents: POST /api/v1/terminal → createTerminal...

6.5CVSS5.3AI score0.00289EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.10 views

PT-2026-49003

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 1.0.0 through 2.1.x Description The dashboard exposes two endpoints that create long-lived WebSocket streams to monitored agents: "/api/v1/terminal" which triggers the createTerminal function, and "/api/v1/file" which...

6.5CVSS5.2AI score0.00289EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/10 3:0 p.m.11 views

CVE-2026-30141

An issue was discovered in bitbank2 AnimatedGIF v2.2.0. A buffer overflow in the DecodeLZW function allows remote attackers to cause a denial of service crash or potentially execute arbitrary code via a crafted GIF file...

9.8CVSS6.3AI score0.00573EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.11 views

PT-2026-48171

A markdown based cross-site scripting XSS vulnerability in the /system/notice/create endpoint of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the notice content parameter...

5.6AI score0.00181EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 12:0 a.m.31 views

CVE-2026-30141

An issue was discovered in bitbank2 AnimatedGIF v2.2.0. A buffer overflow in the DecodeLZW function allows remote attackers to cause a denial of service crash or potentially execute arbitrary code via a crafted GIF file...

0.00573EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.21 views

PT-2026-48170

An uncaught exception in the /application/job/update/id endpoint of FastapiAdmin v2.2.0 allows authenticated attackers with the module task:job:update permission to cause a Denial of Service DoS via manipulating the func field of scheduled tasks...

5.5AI score0.00289EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/05 9:44 p.m.13 views

Bugsink: Project scoping missing in sourcemap and debug-file lookup

Summary Bugsink before 2.2.0 resolved sourcemaps and debug files by debug ID without scoping that lookup to the project that owned the uploaded metadata. An authenticated user with access to one project could cause event processing in that project to use sourcemap/debug-file metadata uploaded for...

4.3CVSS5.1AI score0.00178EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/06/05 9:43 p.m.8 views

Authorization Bypass Through User-Controlled Key

Overview bugsink is a Self-hosted Error Tracking Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the bulk issue action process. An attacker can modify the state of issues in another project by submitting valid issue UUIDs for which they have...

3.1CVSS5.5AI score0.00147EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.9 views

CVE-2026-47716

Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, In affected versions, the issue list view authorizes access through the project in the URL, but applies the requested bulk action to the submitted issue IDs without also requiring those issues to belong to that project. This...

3.1CVSS5.5AI score0.00147EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.11 views

CVE-2026-1115

A Stored Cross-Site Scripting XSS vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in the createpost function within backend/routers/social/init.py, where user-provided content is directly assigned to the...

9.6CVSS7.7AI score0.00405EPSS
Exploits1References1
Patchstack
Patchstack
added 2026/06/01 7:45 p.m.9 views

WordPress BirdSeed plugin <= 2.2.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin BirdSeed versions = 2.2.0...

4.3CVSS5.8AI score0.00131EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/26 5:16 p.m.16 views

CVE-2026-47728

Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink resolved sourcemaps and debug files by debug ID without scoping that lookup to the project that owned the uploaded metadata. An authenticated user with access to one project could cause event processing in that project to use...

4.3CVSS0.00178EPSS
Exploits0References2
NVD
NVD
added 2026/05/26 5:16 p.m.22 views

CVE-2026-47715

Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink issue event pages accept a direct event identifier from the URL and, in affected versions, look up that event without also requiring it to belong to the issue in the URL. This is a project-boundary authorization issue: a...

3.1CVSS0.00154EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 4:23 p.m.9 views

CVE-2026-47716

Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, In affected versions, the issue list view authorizes access through the project in the URL, but applies the requested bulk action to the submitted issue IDs without also requiring those issues to belong to that project. This...

3.1CVSS5.8AI score0.00147EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/26 4:23 p.m.20 views

CVE-2026-47716

Bugsink (self-hosted error tracking) prior to 2.2.0 is affected. The issue list view permits performing a bulk action on submitted issue IDs by name/identifier across projects if the UUID is known, because it does not require the issues to belong to the targeted project. The vulnerability is fixe...

3.1CVSS5.8AI score0.00147EPSS
Exploits0References2
Rows per page
Query Builder