Lucene search
+L

110 matches found

Patchstack
Patchstack
added 2026/04/22 4:4 p.m.10 views

WordPress Feed KuantoKusta for WooCommerce – Free plugin <= 5.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by TruongLV1 From FPT Night Wolf in WordPress Plugin Feed KuantoKusta for WooCommerce – Free versions = 5.3...

5.8AI score0.00283EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.10 views

CVE-2026-3841

A command injection vulnerability has been identified in the Telnet command-line interface CLI of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations. An authenticated attacker with elevated privileges may be able to execute...

8.5CVSS6AI score0.01774EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 2:10 p.m.13 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to handshake corruption due to the crypto/tls package (CVE-2025-68121)

Summary Crypto/tls is used as part of secure encryption by DataStage on Cloud Pak for Data. Vulnerability Details CVEID:CVE-2025-68121 DESCRIPTION: During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the...

10CVSS5.9AI score0.00765EPSS
Exploits1Affected Software1
EUVD
EUVD
added 2026/03/12 6:30 p.m.7 views

EUVD-2026-11655

A command injection vulnerability has been identified in the Telnet command-line interface CLI of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations. An authenticated attacker with elevated privileges may be able to execute...

8.5CVSS6AI score0.01774EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/10 7:7 a.m.18 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate with watsonx Assistant Cartridge version 5.3.1 Vulnerability Details CVEID:CVE-2025-58183 DESCRIPTION: tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A...

7.5CVSS5.7AI score0.01127EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/02/27 12:31 a.m.7 views

GHSA-429M-9874-RX9W PSI Probe vulnerable to Server-Side Request Forgery

A vulnerability has been found in psi-probe PSI Probe up to 5.3.0. This affects the function lookup of the file psi-probe-core/src/main/java/psiprobe/tools/Whois.java of the component Whois. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit h...

6.3CVSS5.4AI score0.00362EPSS
Exploits1References6
EUVD
EUVD
added 2026/02/26 10:33 p.m.6 views

EUVD-2026-8811

fast-xml-parser has stack overflow in XMLBuilder with preserveOrder...

6.9CVSS5.3AI score0.00478EPSS
Exploits0References4
NVD
NVD
added 2026/02/26 2:16 a.m.14 views

CVE-2026-27942

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with preserveOrder:true. Version 5.3.8 fixes the issue. As...

7.5CVSS0.00478EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/02/20 8:57 p.m.16 views

CVE-2026-25896

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot . in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow...

9.3CVSS7.3AI score0.00445EPSS
Exploits1
CVE
CVE
added 2026/02/20 3:47 p.m.18 views

CVE-2026-24943

CVE-2026-24943 is a Reflected Cross-Site Scripting vulnerability in ThemeGoods Grand Conference (grandconference) for WordPress, due to improper input neutralization during web page generation. Affected: Grand Conference versions up to 5.3.4. Root cause: insufficient sanitization of user-supplied...

7.1CVSS5.5AI score0.00151EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/20 3:47 p.m.27 views

CVE-2026-24943 WordPress Grand Conference theme <= 5.3.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Conference grandconference allows Reflected XSS.This issue affects Grand Conference: from n/a through = 5.3.4...

7.1CVSS0.00151EPSS
Exploits0References1
OSV
OSV
added 2026/02/19 7:40 p.m.7 views

CVE-2026-26278 fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit)

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible ...

7.5CVSS5.6AI score0.00811EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-26278

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1...

7.5CVSS6.1AI score0.00811EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.6 views

Nsasoft SpotAuditor 安全漏洞

Nsasoft SpotAuditor is a advanced password recovery software developed by the US company Nsasoft. It is designed to restore passwords lost or forgotten from over 40 popular Windows programs and tools. Version 5.3.2 of Nsasoft SpotAuditor contains a security vulnerability; this vulnerability stems...

7.5CVSS5.8AI score0.00422EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.6 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004428)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004428 advisory. In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka...

4.9CVSS6.4AI score0.00451EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.6 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004102)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004102 advisory. A memory leak in the mwifiexpciealloccmdrspbuf function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a...

4.7CVSS6.4AI score0.00387EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

Unity Linux 20.1060a Security Update: kernel (UTSA-2026-003889)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003889 advisory. vcswrite in drivers/tty/vt/vcscreen.c in the Linux kernel through 5.3.13 does not prevent write access to vcsu devices, aka CID-0c9acb1af77a. Tenable has extracted t...

7.8CVSS6.7AI score0.00422EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/01/09 9:26 a.m.6 views

CVE-2023-4482

The Auto Amazon Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access to inject...

6.4CVSS5AI score0.00323EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/29 7:28 a.m.5 views

Security Bulletin: Vulnerability in markdown-it affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in markdown-it has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

6.9CVSS5.1AI score0.00229EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/29 7:26 a.m.7 views

Security Bulletin: Vulnerability in node.js affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in node.js has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

3.4CVSS6.3AI score0.00174EPSS
Exploits0Affected Software1
Rows per page
Query Builder