Lucene search
K

789 matches found

RedHat Linux
RedHat Linux
added yesterday2 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.21.22 bug fix and security update

Red Hat OpenShift Container Platform release 4.21.22 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.21. Red Hat Product Security has rated this update as having a...

9.2CVSS5.8AI score0.00848EPSS
Exploits1References3
Cvelist
Cvelist
added 4 days ago38 views

CVE-2026-13331 Groundhogg <= 4.5.5 - Authenticated (Marketer+) SQL Injection via 'search' Parameter

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS0.0028EPSS
Exploits0References7
CVE
CVE
added 5 days ago15 views

CVE-2026-57658

CVE-2026-57658 concerns the WordPress TemplateSpare plugin, specifically versions

9.1CVSS5.8AI score0.00278EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-39710

Subscriber PHP Object Injection in RealHomes = 4.5.3 versions...

8.8CVSS5.8AI score0.00391EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-39615

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter in all versions up to, and including, 4.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS6AI score0.00281EPSS
Exploits0References8
CVE
CVE
added 6 days ago13 views

CVE-2026-54917

CVE-2026-54917 affects SeaweedFS prior to 4.30. The S3 gateway and Iceberg REST catalog gateway construct routers with mux.NewRouter().SkipClean(true); when path cleaning is disabled, a .. segment in URLs can survive routing (example: GET /bucket-A/../evil-bucket/key) and be parsed as a valid buc...

10CVSS5.9AI score0.00345EPSS
Exploits1References2Affected Software1
CVE
CVE
added last week14 views

CVE-2026-9643

WP Meta SEO for WordPress insert(). This allows injection of arbitrary scripts that execute when an administrator visits the 404 & Redirects admin page (/wp-admin/admin.php?page=metaseo_broken_link). Exploitation details are not provided beyond the generic flow; no fixes, mitigations, or exploita...

7.2CVSS6AI score0.00241EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/23 9:54 p.m.9 views

EUVD-2026-37008

Slim has Reflected XSS in the HtmlErrorRenderer...

6.1CVSS5.8AI score0.00167EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in syslog-ng

syslog-ng is an enhanced logging daemon. Prior to version 4.8.2, the tlswildcardmatch function matched against certificates like foo..bar, although this is not allowed. It is also possible to pass partial wildcards, such as foo.ac.bar, which glib logs match, but this should be avoided/disabled...

7.5CVSS7.1AI score0.00301EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/18 3:27 p.m.16 views

CVE-2026-56024 WordPress WP EasyPay plugin <= 4.4.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal WP EasyPay allows Cross Site Request Forgery. This issue affects WP EasyPay: from n/a through 4.4.0...

6.5CVSS0.00124EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/18 2:21 p.m.5 views

WordPress APIExperts Square for WooCommerce plugin <= 4.7.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Peng Zhou in WordPress Plugin APIExperts Square for WooCommerce versions = 4.7.3...

8.3CVSS5.8AI score0.00182EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.15 views

PT-2026-50801

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.1.4 Description Missing authorization in the public API allows users to bypass role permission checks. The system only verifies a shared API key header via the hasValidToken function instead of validating individua...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2026-37647

Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...

7.5CVSS5.2AI score0.00467EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 5:21 p.m.19 views

CVE-2026-30803

RTI Connext Micro (Core Libraries) is affected by an Integer Underflow (wrap/wraparound) vulnerability that allows overread of buffers. Affected versions are Connext Micro 4.0.0 up to (but not including) 4.3.0. The issue is documented across CVE-2026-30803 entries in NVD and CVE records; no explo...

8.8CVSS5.2AI score0.00276EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 9:0 a.m.12 views

CVE-2025-68045

CVE-2025-68045 concerns the WordPress WP Event Solution plugin, affected versions

7.5CVSS5.1AI score0.00232EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 9:30 p.m.10 views

EUVD-2026-36969

Subscriber Arbitrary File Upload in WP-BusinessDirectory = 4.0.0 versions...

9.9CVSS5.2AI score0.00465EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.8 views

EUVD-2026-36955

Subscriber Insecure Direct Object References IDOR in EventPrime = 4.3.0.0 versions...

7.1CVSS5.2AI score0.00278EPSS
Exploits0References2
CVE
CVE
added 2026/06/15 8:18 p.m.12 views

CVE-2026-42655

CVE-2026-42655 affects the WordPress plugin “Best Payments Plugin for WP” (versions ≤ 4.6.19). The vulnerability is an unauthenticated payment bypass (unvalidated access) in the plugin, enabling bypass without credentials. CVSS‑3.1 base score 5.9 (MEDIUM) with attack vector Network, attack comple...

5.9CVSS5.2AI score0.00249EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/15 5:15 p.m.5 views

NPM: JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases

NPM: JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases vulnerability discovered by ? in WordPress Npm js-yaml versions = 4.1.1...

5.3CVSS5.8AI score0.00259EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49301

Name of the Vulnerable Software and Affected Versions Kandji Agent versions prior to 4.7.55374 Description A client validation gap in the software allows a local attacker to escalate privileges and invoke restricted agent functionality. Recommendations Update to version 4.7.55374 or later...

8.4CVSS5.2AI score0.00118EPSS
Exploits0References9
Rows per page
Query Builder