Lucene search
K

436 matches found

EUVD
EUVD
added last week3 views

EUVD-2026-39676

Unauthenticated Broken Access Control in Gutenverse Companion = 2.5.0 versions...

7.5CVSS5.8AI score0.00238EPSS
Exploits0References1
Cvelist
Cvelist
added last week30 views

CVE-2026-54832 WordPress Gutenverse Companion plugin <= 2.5.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Gutenverse Companion = 2.5.0 versions...

7.5CVSS0.00238EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-50120

Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and prior, a high-severity Zip Slip vulnerability was identified in Streambert's subtitle extraction logic. The application does not sanitize archive entry filenames during extraction,...

10CVSS5.5AI score0.00621EPSS
Exploits0References3
NVD
NVD
added 2026/06/11 5:16 a.m.15 views

CVE-2026-40985

Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions. Affected versions: Spring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 through 2.5.1...

6.4CVSS0.00225EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 5:2 a.m.26 views

CVE-2026-40985 Data Binding Vulnerability in Spring Web Flow with Unified EL Parser

Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions. Affected versions: Spring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 through 2.5.1...

6.4CVSS0.00225EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/06 4:28 a.m.38 views

CVE-2026-9016 Debug Log Manager <= 2.5.0 - Unauthenticated Improper Output Neutralization for Logs via log_js_errors AJAX Action

The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable to Improper Output Neutralization for Logs in all versions up to, and including, 2.5.0. This is due to the logjserrors AJAX handler being registered for unauthenticated users via...

5.3CVSS0.00261EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/03 1:26 p.m.10 views

EUVD-2022-55998

An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors...

7.8CVSS6.2AI score0.00123EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.12 views

PT-2026-40796

Name of the Vulnerable Software and Affected Versions Garmin WDU version 1.4.6 Garmin WDU version 5.0 Description The locally served web site allows a cross-site origin WebSocket hijacking attack. The system utilizes WebSockets to manage settings, including administrative configurations, which...

9.3CVSS5.2AI score0.00145EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/04 3:17 p.m.57 views

CVE-2026-40563 Apache Atlas: Script injection allows access to unintended data

Description: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data Affect...

0.00464EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/01 8:45 p.m.3 views

EUVD-2026-26719

A flaw has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this vulnerability is the function formatplugins of the file .claude/skills/ui-styling/scripts/tailwindconfiggen.py of the component Tailwind Config Generator. This manipulation causes code injection. The attac...

6.5CVSS5.5AI score0.00242EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.7 views

PT-2026-36547

Name of the Vulnerable Software and Affected Versions nextlevelbuilder ui-ux-pro-max-skill versions prior to 2.5.1 Description A flaw in the Tailwind Config Generator component allows remote code injection. The issue exists within the format plugins function located in the...

6.5CVSS6.9AI score0.00242EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.7 views

PT-2026-36548

Name of the Vulnerable Software and Affected Versions nextlevelbuilder ui-ux-pro-max-skill versions prior to 2.5.1 Description A remote cross-site scripting issue exists in the Slide Generator component. The problem occurs within the data.get function of the...

5.3CVSS5.7AI score0.00377EPSS
Exploits0References11
EUVD
EUVD
added 2026/04/28 6:45 a.m.7 views

EUVD-2026-26005

The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundled Lity.js lightbox library, where user-controlled input from the href attribute is concatenated...

6.4CVSS5.5AI score0.00206EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/26 12:0 a.m.14 views

dynamic-datasource-spring-boot-starter 注入漏洞

dynamic-datasource-spring-boot-starter is a fast integration multi-data-source starter developed by baomidou under the Open Source project. Version 2.5.0 of dynamic-datasource-spring-boot-starter contains an injection vulnerability. This vulnerability stems from improper handling of the...

6.5CVSS6.6AI score0.00237EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/13 9:30 a.m.1 views

CVE-2025-15632 1Panel-dev MaxKB MdPreview chat.ts cross site scripting

A vulnerability has been found in 1Panel-dev MaxKB up to 2.4.2. Impacted is an unknown function of the file ui/src/chat.ts of the component MdPreview. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used...

5.1CVSS4AI score0.00266EPSS
Exploits0References8
OSV
OSV
added 2026/04/07 10:16 p.m.9 views

PYSEC-2026-59

Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files...

7.5CVSS5.9AI score0.00495EPSS
Exploits0References1
OSV
OSV
added 2026/04/01 9:38 a.m.5 views

CLEANSTART-2026-LS00044 Security fixes for CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-54410, CVE-2025-58181, CVE-2025-58190, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-68121, CVE-2026-1229, CVE-2026-24051, CVE-2026-25679, CVE-2026-26958, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186 applied in versions: 2.3.2-r4, 2.3.2-r5, 2.4.4-r2, 2.5.0-r0, 2.5.0-r1

Multiple security vulnerabilities affect the openbao-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.9AI score0.01945EPSS
Exploits7References39
EUVD
EUVD
added 2026/03/31 3:31 p.m.2 views

EUVD-2026-17429

Stored cross-site scripting XSS in Checkmk 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create hosts or services to execute arbitrary JavaScript in the browsers of other users performing searches in the Unified Search feature...

8.6CVSS6AI score0.00144EPSS
Exploits0References2
CVE
CVE
added 2026/03/31 1:51 p.m.9 views

CVE-2026-20915

Checkmk CVE-2026-20915 describes a stored XSS in the Pending Changes sidebar affecting Checkmk 2.5.0 (beta) before 2.5.0b2. An authenticated user with permission to create pending changes can inject JavaScript, which then executes in the browsers of other users viewing the sidebar. Impact per CVS...

8.5CVSS5.9AI score0.00147EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/03/28 10:58 a.m.16 views

CVE-2025-9497

CVE-2025-9497 affects Microchip Time Provider 4100 (prior to v2.5.0). The vulnerability arises from hard-coded credentials used for the upgrade path, enabling a malicious manual software update. CVSS metrics indicate a high-severity issue with LOCAL attack vector and HIGH impact on confidentialit...

9.8CVSS5.9AI score0.00262EPSS
Exploits0References2
Rows per page
Query Builder