Lucene search
K

301 matches found

CVE
CVE
added 2026/06/29 8:18 p.m.20 views

CVE-2026-34597

CVE-2026-34597 affects Coolify prior to 4.0.0-beta.470. The vulnerability lies in how user-supplied build parameters for the Nixpacks build pack are handled: the install_command provided by a user is directly concatenated into a shell command string executed on the deployment host during the buil...

8.8CVSS6.2AI score0.00526EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.15 views

PT-2026-53749

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Server and project lookups are not scoped to the current team, which allows any...

7.7CVSS5.8AI score0.00201EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/28 4:4 a.m.9 views

CVE-2026-10646

Zephyr's BSD-sockets getaddrinfo implementation subsys/net/lib/sockets/getaddrinfo.c passes a pointer to a stack-allocated state object struct getaddrinfostate aistate as the userdata of an asynchronous DNS resolver query. The socket layer waits on a semaphore with a timeout deliberately set...

7.4CVSS5.8AI score0.00255EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/26 2:53 p.m.6 views

CVE-2026-57628

Administrator SQL Injection in WP All Import = 4.0.1 versions...

7.6CVSS5.8AI score0.00279EPSS
Exploits0References2
NVD
NVD
added 2026/06/18 5:16 p.m.11 views

CVE-2026-56024

Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal WP EasyPay allows Cross Site Request Forgery. This issue affects WP EasyPay: from n/a through 4.5.0...

6.5CVSS0.00124EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 11:17 p.m.11 views

CVE-2026-50268

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Encryption 4.0.0 through 4.1.0, configuring encrypt:rsa:algorithm=OAEP does not enable OAEP encryption. Due to an incorrect BouncyCastle...

1.9CVSS0.00046EPSS
Exploits0References2
CVE
CVE
added 2026/06/15 8:18 p.m.11 views

CVE-2026-39591

The CVE-2026-39591 entry concerns the WordPress WP-BusinessDirectory plugin up to version 4.0.0, where a Subscriber Arbitrary File Upload vulnerability is reported. Connected sources confirm the affected product and vulnerability class but do not provide exploit details or mitigation steps beyond...

9.9CVSS5.2AI score0.00465EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 6:1 p.m.161 views

CVE-2026-12143 form-data does not escape CR/LF/quote in multipart field names and filenames (CRLF injection)

form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the field argument to FormDataappend and the filename option are concatenated verbatim into the Content-Disposition header without escaping carriage return CR, line feed LF, or double-quote "...

8.7CVSS5.4AI score0.00409EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 p.m.11 views

CVE-2026-41031

A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 Build 63255 allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and sessio...

9.3CVSS5.6AI score0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 9:51 a.m.51 views

CVE-2026-41031 A Stored Cross-Site Scripting (XSS) vulnerability occurs in Vinna Process Monitor

A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 Build 63255 allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and sessio...

9.3CVSS0.00242EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 9:51 a.m.20 views

EUVD-2026-35390

A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 Build 63255 allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and sessio...

9.3CVSS5.6AI score0.00242EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.18 views

PT-2026-47731

A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 Build 63255 allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and sessio...

9.3CVSS5.6AI score0.00242EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.12 views

CVE-2025-14774

Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...

7.4CVSS5.4AI score0.0018EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.9 views

CVE-2026-7509

The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's the-subtitle shortcode before and after attributes in all versions up to, and including, 4.0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS5.7AI score0.00249EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.13 views

CVE-2026-43897

Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. This vulnerability is fixed in 4.0.1...

8.7CVSS5.4AI score0.00432EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.10 views

CVE-2026-35672

phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers can send an empty x-pmf-token header to bypass token validation and inject malicious content via PO...

8.7CVSS5.5AI score0.00384EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 9:40 a.m.9 views

EUVD-2025-210046

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...

8CVSS5.8AI score0.00181EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.12 views

PT-2026-45909

Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...

7.4CVSS5.8AI score0.0018EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.6 views

ABB T-MAC Plus 安全漏洞

ABB T-MAC Plus is a shipboard equipment status monitoring and predictive maintenance management system developed by the Swiss company ABB. Version 4.0-24 of ABB T-MAC Plus contains a security vulnerability, which stems from incorrect authorization settings...

7.4CVSS5.2AI score0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 3:16 p.m.11 views

EUVD-2026-33686

Missing Authorization vulnerability in Ben Balter WP Document Revisions allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Document Revisions: from n/a before 4.0.0...

7.5CVSS5.8AI score0.00232EPSS
Exploits0References1
Rows per page
Query Builder