Lucene search
K

104 matches found

NVD
NVD
added 2026/06/17 2:17 p.m.14 views

CVE-2026-54819

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Webilia Inc. Listdom allows Blind SQL Injection. This issue affects Listdom: from n/a through 5.4.0...

9.3CVSS0.00236EPSS
Exploits0References1
OSV
OSV
added 2026/05/26 7:45 p.m.13 views

JLSEC-2026-558

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.05.4.3 allows attackers to perform Sandbox Escape via a crafted script file...

6.3CVSS5.8AI score0.00985EPSS
Exploits1References10
OSV
OSV
added 2026/05/26 7:45 p.m.13 views

JLSEC-2026-554

Lua 5.4.0 fixed in 5.4.1 has a segmentation fault in changedline in ldebug.c e.g., when called by luaGtraceexec because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function...

5.5CVSS5.8AI score0.00533EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/05/09 3:39 a.m.71 views

CVE-2026-42174 Kirby: User avatar creation, replacement and deletion are not gated by user update permissions

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and deletion are not gated by user update permissions. This issue has been patched in versions 4.9.0 and 5.4.0...

5.3CVSS0.00237EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/09 3:37 a.m.9 views

EUVD-2026-28887

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license data and installed version to authenticated users. This issue has been patched in versions 4.9.0 and 5.4.0...

5.3CVSS5.7AI score0.00193EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/04 7:59 p.m.6 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the /api/system endpoint. An attacker can obtain sensitive internal system information, such as installed version and license data, by sending authenticated requests to this endpoint without the required...

5.3CVSS5.8AI score0.00193EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/04 7:50 p.m.9 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the authorization process. An attacker can gain unauthorized access to sensitive site, user, and role information by sending authenticated requests as a Panel user. This is only exploitable if the site is...

7.1CVSS5.8AI score0.00231EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/30 9:3 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization inconsistent permission checks for pages.access, pages.list, files.access, and files.list in the Panel and REST API. An attacker can gain unauthorized access to content or sensitive information by exploiting...

7.1CVSS5.8AI score0.00303EPSS
Exploits0References3
NVD
NVD
added 2026/04/24 1:16 a.m.3 views

CVE-2026-32870

Kirby is an open-source content management system. Kirby's Xml::value method has special handling for blocks. If the input value is already valid CDATA, it is not escaped a second time but allowed to pass through. However, prior to versions 4.9.0 and 5.4.0, it was possible to trick this check int...

7.5CVSS0.00346EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/24 12:19 a.m.27 views

CVE-2026-32870 Kirby has XML injection in its XML creator toolkit

Kirby is an open-source content management system. Kirby's Xml::value method has special handling for blocks. If the input value is already valid CDATA, it is not escaped a second time but allowed to pass through. However, prior to versions 4.9.0 and 5.4.0, it was possible to trick this check int...

6.9CVSS0.00346EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/24 12:19 a.m.5 views

CVE-2026-32870

Kirby is an open-source content management system. Kirby's Xml::value method has special handling for blocks. If the input value is already valid CDATA, it is not escaped a second time but allowed to pass through. However, prior to versions 4.9.0 and 5.4.0, it was possible to trick this check int...

6.9CVSS5.5AI score0.00346EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/06 12:32 a.m.3 views

CVE-2026-3610 HSC Cybersecurity Mailinspector URL mliUserValidation.php cross site scripting

A vulnerability was found in HSC Cybersecurity Mailinspector up to 5.3.2-3. Affected by this issue is some unknown functionality of the file /mailinspector/mliUserValidation.php of the component URL Handler. The manipulation of the argument errordescription results in cross site scripting. The...

5.3CVSS4.2AI score0.00269EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.5 views

WordPress plugin WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

7.5CVSS5.8AI score0.00126EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/21 7:29 p.m.5 views

CVE-2026-24891

openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. Versions 5.3.1 and below contain an unsafe deserialization sink in the Gearman worker implementation. The worker function registered as oitcgearman calls PHP's unserialize on...

7.5CVSS5.9AI score0.00359EPSS
Exploits1References1
NVD
NVD
added 2026/02/20 6:25 p.m.15 views

CVE-2026-24891

openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. Versions 5.3.1 and below contain an unsafe deserialization sink in the Gearman worker implementation. The worker function registered as oitcgearman calls PHP's unserialize on...

7.5CVSS0.00359EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/20 5:23 p.m.7 views

CVE-2026-24891 openITCOCKPIT has Unsafe PHP Deserialization in Gearman Worker Allowing Conditional Object Injection

openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. Versions 5.3.1 and below contain an unsafe deserialization sink in the Gearman worker implementation. The worker function registered as oitcgearman calls PHP's unserialize on...

7.5CVSS5.9AI score0.00359EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/20 5:23 p.m.24 views

CVE-2026-24891 openITCOCKPIT has Unsafe PHP Deserialization in Gearman Worker Allowing Conditional Object Injection

openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. Versions 5.3.1 and below contain an unsafe deserialization sink in the Gearman worker implementation. The worker function registered as oitcgearman calls PHP's unserialize on...

7.5CVSS0.00359EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/19 2:58 p.m.4 views

CVE-2025-71243

The 'Saisies pour formulaire' Saisies plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution RCE vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the server. Users should immediately update to version 5.11.1 or later...

9.8CVSS6.2AI score0.05126EPSS
Exploits5References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.6 views

PT-2026-4415

Name of the Vulnerable Software and Affected Versions COP UX Flat versions through 5.4.0 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Cross-site Scripting issue. This allows for Stored XSS attacks. Recommendations Update...

5.4CVSS5.1AI score0.00198EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-1274

Malware in sbrugna...

5.3CVSS5.3AI score0.01587EPSS
Exploits0References5
Rows per page
Query Builder