Lucene search
K

85 matches found

EUVD
EUVD
added 2026/07/02 6:45 p.m.7 views

EUVD-2026-41214

Craft CMS: Authorship spoofing in entries/save-entry via pre-check/post-mutation authorization gap...

7.6CVSS5.8AI score0.00245EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/02 4:2 p.m.7 views

EUVD-2026-41409

Craft CMS is a content management system CMS. Versions 5.7.0 and above, prior to 5.9.21 contain a mass-assignment flaw in the bulk-duplicate element action. An attacker who is only able to duplicate their own entires can submit an arbitrary id through the newAttributes request parameter. The...

7.1CVSS5.9AI score0.00253EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:16 a.m.9 views

CVE-2026-57759

Unauthenticated Cross Site Request Forgery CSRF in ProfileGrid = 5.9.9.7 versions...

8.8CVSS5.8AI score0.00142EPSS
Exploits0References2
NVD
NVD
added 2026/07/02 12:16 a.m.10 views

CVE-2026-55794

Craft CMS is a content management system CMS. In versions 5.9.0 and above prior to 5.10.0, control panel users with the ability to edit entries can execute unsandboxed Twig code via the HTTP Referrer header, potentially leading to authenticated RCE. The issue happens when a user is saving entries...

8.7CVSS0.00293EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.18 views

PT-2026-55266

Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.0.0-RC1 through 5.9.20 Craft CMS versions 4.0.0-RC1 through 4.17.13 Description An authorization issue exists where a forced folder move can delete a conflicting destination folder even if the user lacks the required...

7.1CVSS6AI score0.00207EPSS
Exploits0References7
CVE
CVE
added 2026/06/30 5:34 a.m.25 views

CVE-2026-12073

CVE-2026-12073 affects the ProfileGrid – User Profiles, Groups and Communities plugin for WordPress (versions ≤ 5.9.9.5). The root cause is the plugin not validating a user_login on some registration forms and mishandling errors, enabling unauthenticated attackers to overwrite the email of the ad...

9.8CVSS5.8AI score0.0031EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 9:16 p.m.4 views

UBUNTU-CVE-2026-6679

A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This...

8.8CVSS6AI score0.00385EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52587

Name of the Vulnerable Software and Affected Versions wolfSSL versions prior to 5.9.1 Description A heap buffer overflow occurs in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The issue stems from an integer truncation when calculating the length of the ACK...

8.8CVSS6AI score0.00385EPSS
Exploits0References8
NVD
NVD
added 2026/05/28 10:16 p.m.15 views

CVE-2026-44973

Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, multiple path traversal issues exist across different components of go-billy. Insufficient path sanitization and boundary enforcement may allow crafted paths e.g., using .. to escape intended base directories. While go-billy was...

8.1CVSS0.0031EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 9:26 p.m.10 views

EUVD-2026-33071

Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, multiple path traversal issues exist across different components of go-billy. Insufficient path sanitization and boundary enforcement may allow crafted paths e.g., using .. to escape intended base directories. While go-billy was...

8.1CVSS5.8AI score0.0031EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 1:27 p.m.7 views

CVE-2026-4609

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pminviteuser function in all versions up to, and including, 5.9.8.4. This makes it possible for authenticated attackers, with Subscriber-level...

7.1CVSS5.8AI score0.00219EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/08 3:53 p.m.31 views

CVE-2026-41889

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

9.8CVSS5.7AI score0.00356EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/21 11:32 p.m.37 views

CVE-2026-41128 Craft CMS has a Missing Authorization Check on User Group Removal via save-permissions Action

Craft CMS is a content management system CMS. In versions 5.6.0 through 5.9.14, the actionSavePermissions endpoint allows a user with only viewUsers permission to remove arbitrary users from all user groups. While saveUserGroups enforces per-group authorization for additions, it performs no...

5.3CVSS0.00248EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.7 views

PT-2026-34219

Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.6.0 through 5.9.14 Description The 'actionSavePermissions' endpoint allows a user possessing only viewUsers permission to remove arbitrary users from all user groups. This occurs because the saveUserGroups function enforce...

5.3CVSS5.4AI score0.00248EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.9 views

Juniper Junos OS Vulnerability (JSA107822)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA107822 advisory. - net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the INDEX of...

8.8CVSS6.2AI score0.01299EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 5:5 p.m.3 views

CVE-2026-25417

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Stored XSS.This issue affects ProfileGrid : from n/a through = 5.9.8.1...

6.5CVSS5.8AI score0.00156EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.5 views

CVE-2026-31859

Craft is a content management system CMS. The fix for CVE-2025-35939 in craftcms/cms introduced a striptags call in src/web/User.php to sanitize return URLs before they are stored in the session. However, striptags only removes HTML tags angle brackets -- it does not inspect or filter URL schemes...

6.9CVSS7.5AI score0.01174EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.12 views

CVE-2026-33157

Craft CMS is a content management system CMS. From version 5.6.0 to before version 5.9.13, a Remote Code Execution RCE vulnerability exists in Craft CMS, it can be exploited by any authenticated user with control panel access. This is a bypass of a previous fix. The existing patches add...

8.6CVSS5.8AI score0.0102EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.3 views

CVE-2026-31858

Craft is a content management system CMS. The ElementSearchController::actionSearch endpoint is missing the unset protection that was added to ElementIndexesController in CVE-2026-25495. The exact same SQL injection vulnerability including criteriaorderBy, the original advisory vector works on th...

8.8CVSS6AI score0.00502EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/25 6:31 p.m.7 views

EUVD-2026-15723

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Stored XSS.This issue affects ProfileGrid : from n/a through = 5.9.8.1...

6.5CVSS5.8AI score0.00156EPSS
Exploits0References2
Rows per page
Query Builder