Lucene search
+L

101 matches found

Cvelist
Cvelist
added 4 days ago28 views

CVE-2026-57715 WordPress Fluent CRM plugin <= 3.1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPManageNinja Fluent CRM fluent-crm allows Reflected XSS.This issue affects Fluent CRM: from n/a through = 3.1.7...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 4 days ago16 views

CVE-2026-57715

CVE-2026-57715 affects the WordPress Fluent CRM plugin (Fluent CRM) up to version

7.1CVSS6.1AI score0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 9:26 p.m.12 views

EUVD-2026-38381

MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 10:16 p.m.14 views

CVE-2026-48517

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's typeless deserialization includes MessagePackSerializerOptions.ThrowIfDeserializingTypeIsDisallowedType as a safety check for dangerous types. The default implementation checks the outer type nam...

7.5CVSS0.00246EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 10:16 p.m.8 views

CVE-2026-48512

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's JSON conversion helpers contain multiple recursion paths that do not consistently enforce a depth limit. These paths are in the JSON conversion component rather than normal typed MessagePack...

7.5CVSS0.00231EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 10:16 p.m.11 views

CVE-2026-48109

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, A vulnerability exists in the optional LZ4 decompression path used by MessagePack compression modes Lz4Block and Lz4BlockArray. The decoder implementation is based on a deprecated fast-decompression algorithm that do...

8.2CVSS0.00296EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 9:12 p.m.6 views

CVE-2026-48513 MessagePack-CSharp: DynamicUnionResolver generated deserializers miss depth enforcement

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, runtime-generated union deserializers emitted by DynamicUnionResolver do not call MessagePackSecurity.DepthStepref reader and do not decrement reader.Depth around recursive deserialization and skip paths. This means...

6.3CVSS6AI score0.00231EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.18 views

PT-2026-51398

Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description The UnsafeBlitFormatterBase.Deserialize function reads an attacker-controlled byteLength from an extension payload and allocates an array based o...

7.5CVSS5.9AI score0.00231EPSS
Exploits0References6
OSV
OSV
added 2026/04/01 9:44 a.m.13 views

CLEANSTART-2026-TZ04509 Security fixes for CVE-2024-57699, CVE-2025-59250, CVE-2025-67735, CVE-2026-1002, ghsa-72hv-8253-57qq, ghsa-m494-w24q-6f7w applied in versions: 3.1.7-r6

Multiple security vulnerabilities affect the apicurio-registry package. These issues are resolved in later releases. See references for individual vulnerability details...

8.1CVSS6.8AI score0.00685EPSS
Exploits2References11
NVD
NVD
added 2026/03/27 10:16 p.m.11 views

CVE-2026-27309

Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.0022EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.5 views

PT-2026-28354

Name of the Vulnerable Software and Affected Versions Substance3D - Stager versions 3.1.7 and earlier Description Substance3D - Stager versions 3.1.7 and earlier are susceptible to a Use After Free issue. Successful exploitation of this issue could lead to arbitrary code execution with the...

7.8CVSS6.4AI score0.0022EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:17 p.m.4 views

CVE-2026-32412

Server-Side Request Forgery SSRF vulnerability in Gift Up! Gift Up Gift Cards for WordPress and WooCommerce gift-up allows Server Side Request Forgery.This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through = 3.1.7...

5.4CVSS5.8AI score0.00168EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.7 views

CVE-2026-27275

Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.4AI score0.00142EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/13 9:31 p.m.4 views

EUVD-2026-11930

Server-Side Request Forgery SSRF vulnerability in Gift Up! Gift Up Gift Cards for WordPress and WooCommerce gift-up allows Server Side Request Forgery.This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through = 3.1.7...

5.4CVSS5.8AI score0.00168EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/13 11:42 a.m.4 views

CVE-2026-32412

Server-Side Request Forgery SSRF vulnerability in Gift Up! Gift Up Gift Cards for WordPress and WooCommerce gift-up allows Server Side Request Forgery.This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through = 3.1.7...

5.8AI score0.00168EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/13 11:42 a.m.3 views

CVE-2026-32412 WordPress Gift Up Gift Cards for WordPress and WooCommerce plugin <= 3.1.7 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Gift Up! Gift Up Gift Cards for WordPress and WooCommerce gift-up allows Server Side Request Forgery.This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through = 3.1.7...

5.8AI score0.00168EPSS
Exploits0References1
CVE
CVE
added 2026/03/13 11:42 a.m.16 views

CVE-2026-32412

The CVE-2026-32412 entry describes a Server-Side Request Forgery (SSRF) vulnerability in the Gift Up Gift Cards for WordPress and WooCommerce plugin. Affected software: Gift Up Gift Cards for WordPress and WooCommerce plugin, version range from unspecified (n/a) up to and including 3.1.7. Root ca...

5.4CVSS5.8AI score0.00168EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/13 11:42 a.m.27 views

CVE-2026-32412 WordPress Gift Up Gift Cards for WordPress and WooCommerce plugin <= 3.1.7 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Gift Up! Gift Up Gift Cards for WordPress and WooCommerce gift-up allows Server Side Request Forgery.This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through = 3.1.7...

5.4CVSS0.00168EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/10 9:32 p.m.3 views

EUVD-2026-10779

Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.3AI score0.00169EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/10 9:32 p.m.5 views

EUVD-2026-10774

Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.3AI score0.00139EPSS
Exploits0References2
Rows per page
Query Builder