Lucene search
K

99 matches found

EUVD
EUVD
added 2026/07/02 8:33 a.m.7 views

EUVD-2026-41270

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter in all versions up to, and including, 4.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS5.8AI score0.00441EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/06/27 1:27 a.m.34 views

CVE-2026-13333 Groundhogg <= 4.5.5 - Authenticated (Sales Rep+) SQL Injection via 'query[select]' Parameter

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via 'queryselect' Parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS0.00344EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.60 views

CVE-2026-9643 WP Meta SEO <= 4.5.18 - Unauthenticated Stored Cross-Site Scripting via REQUEST_URI in 404 Logging

The WP Meta SEO plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting via the REQUESTURI server variable in all versions up to, and including, 4.5.18. When the plugin's wpmsTemplateRedirect hook detects a 404, it concatenates $SERVER'HTTPHOST' with the raw...

7.2CVSS0.00241EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/15 8:18 p.m.11 views

EUVD-2026-36813

Unauthenticated SQL Injection in Order Delivery Date for WooCommerce = 4.5.1 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.9 views

CVE-2026-42266

A flaw was found in JupyterLab, an extensible environment for interactive computing. The PyPI Extension Manager, responsible for installing extensions, failed to properly enforce its allow-list of approved extensions. This vulnerability allowed for the installation of unauthorized extensions from...

8.8CVSS6.4AI score0.0053EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:31 a.m.13 views

CVE-2026-8938

The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJLcertification function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/21 7:35 a.m.15 views

EUVD-2026-31222

An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification via crafted hexadecimal input...

3.1CVSS5.8AI score0.00257EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/21 7:35 a.m.16 views

EUVD-2026-31223

A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string processing...

3.1CVSS5.8AI score0.00294EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in libpgjava

pgjdbc is an open-source PostgreSQL JDBC driver. In affected versions, when a prepared statement is executed using either PreparedStatement.setTextint, InputStream or PreparedStatement.setByteaint, InputStream, a temporary file will be created if the InputStream exceeds 2 kilobytes in size. This...

5.5CVSS6.5AI score0.0048EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/05/08 1:7 p.m.161 views

Exploit for CVE-2026-3844

CVE-2026-3844 — Breeze Cache Unauthenticated Arbitrary File Up...

9.8CVSS6.5AI score0.36512EPSS
Exploits8
ATTACKERKB
ATTACKERKB
added 2026/05/07 11:53 a.m.7 views

CVE-2026-42285

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. In version 4.4.0, an unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending a specially crafted BGP UPDATE message. When the server receives a message with inconsistent...

7.5CVSS5.8AI score0.00418EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.13 views

JD Cloud JDCOS 注入漏洞

JD Cloud JDCOS is a cloud object storage service provided by JD.com, a Chinese e-commerce company. The version JD Cloud JDCOS 4.5.1.r4518 contains a vulnerability due to an injection flaw in the Service Interface component. This flaw stems from the function setiptvinfo in the file/jdcap, which...

6.5CVSS6.6AI score0.01158EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/12 12:0 a.m.8 views

eBrigade ERP SQL注入漏洞

eBrigade ERP is a comprehensive business system for enterprise resource planning management developed by the French company eBrigade. Version 4.5 of eBrigade ERP contains a SQL injection vulnerability, which stems from insufficient input validation for the id parameter in the pdf.php file. This...

7.1CVSS5.9AI score0.00269EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/10 7:23 p.m.6 views

EUVD-2026-21160

PraisonAI has Unrestricted Upload Size in WSGI Recipe Registry Server that Enables Memory Exhaustion DoS...

6.2CVSS5.8AI score0.00334EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.7 views

PT-2026-31781

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the Flask API endpoint in src/praisonai/api.py renders agent output as HTML without effective sanitization. The sanitize html function relies on the nh3 library, which is not listed as a required or optional dependency in pyproject.toml...

5.4CVSS6AI score0.00216EPSS
Exploits1References4
OSV
OSV
added 2026/04/08 8:44 p.m.2 views

CVE-2026-39889 PraisonAI has Unauthenticated SSE Event Stream Exposes All Agent Activity in A2U Server

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the A2U Agent-to-User event stream server in PraisonAI exposes all agent activity without authentication. The createa2uroutes function registers the following endpoints with NO authentication checks: /a2u/info, /a2u/subscribe,...

7.5CVSS5.9AI score0.00425EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/03 10:54 p.m.12 views

EUVD-2026-18925

PraisonAI is a multi-agent teams system. Prior to version 4.5.97, OAuthManager.validatetoken returns True for any token not found in its internal store, which is empty by default. Any HTTP request to the MCP server with an arbitrary Bearer token is treated as authenticated, granting full access t...

9.1CVSS6AI score0.00375EPSS
Exploits1References1
OSV
OSV
added 2026/04/02 3:16 p.m.6 views

DEBIAN-CVE-2026-33533

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, the Glances XML-RPC server activated with glances -s or glances --server sends Access-Control-Allow-Origin: on every HTTP response. Because the XML-RPC handler does not validate the Content-Type header, an...

6.5CVSS5.4AI score0.00409EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/03/20 12:24 a.m.8 views

SUSE CVE-2026-32633

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, the /api/4/serverslist endpoint returns raw server objects from GlancesServersList.getserverslist. Those objects are mutated in-place during background polling and can contain a uri...

9.1CVSS5.8AI score0.00472EPSS
Exploits1References3
NVD
NVD
added 2026/03/19 3:16 p.m.5 views

CVE-2026-30711

Devome GRR v4.5.0 was discovered to contain multiple authenticated SQL injection vulnerabilities in the include/session.inc.php file via the referer and user-agent...

8.8CVSS0.00259EPSS
Exploits0References2
Rows per page
Query Builder