Lucene search
K

50 matches found

EUVD
EUVD
added 2026/06/25 8:13 p.m.7 views

EUVD-2026-39557

A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This...

8.8CVSS6.1AI score0.00385EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 7:16 a.m.16 views

CVE-2026-8884

The Instant-Quote.co Quotation Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00217EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/22 7:45 a.m.29 views

CVE-2026-4280 Breaking News WP <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Local File Inclusion/Read

The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwpajaxform AJAX endpoint lacking both authorization checks and CSRF verification, combined with insufficient path validation when the brnwptheme option...

6.5CVSS0.00814EPSS
Exploits0References7
OSV
OSV
added 2026/04/17 3:31 p.m.14 views

GHSA-8WMW-PRW8-2GGM Craftql vulnerable to Server-Side Request Forgery

Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery SSRF which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file...

7.5CVSS6.1AI score0.00463EPSS
Exploits0References4
OSV
OSV
added 2026/04/10 12:31 p.m.3 views

GHSA-5568-6QCG-G7FX Apache ActiveMQ: Denial of Service via Out of Memory vulnerability

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ. ActiveMQ NIO SSL transports do not correctly handle TLSv1.3 handshake KeyUpdates triggered by clients. This makes it possible for a client to rapidly trigger updates which causes...

7.5CVSS5.8AI score0.00896EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/03 10:39 p.m.9 views

EUVD-2026-18903

Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra default docker-compose deployment contains a SQL Injection vulnerability that leads to Remote Code Execution RCE in the following endpoint "GET /api/v1/main/flows/search". Once a user is authenticated,...

9.9CVSS6.1AI score0.00656EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/30 7:43 p.m.23 views

CVE-2026-32275 Tautulli: Unsanitized JSONP callback parameter allows cross-origin script injection and API key theft

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 1.3.10 to before version 2.17.0, an unsanitized JSONP callback parameter allows cross-origin script injection and API key theft. This issue has been patched in version 2.17.0...

7.4CVSS0.00341EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.10 views

PT-2026-25299

CVE-2026-32455 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows DOM-Based XSS.This issue affects ... https://t.co/yGGoLxAaYH...

6.5CVSS5.8AI score0.00129EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.4 views

PT-2026-23064

Name of the Vulnerable Software and Affected Versions Vaultwarden versions 1.34.3 and prior Description Vaultwarden, a Bitwarden compatible server, is susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a user’s account can exploit this...

6CVSS5.2AI score0.0026EPSS
Exploits1References11
EUVD
EUVD
added 2026/02/25 3:31 p.m.6 views

EUVD-2026-8658

A vulnerability was determined in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this vulnerability is an unknown functionality of the file /api/admin/sys-user/reset/password/ of the component Password Reset Handler. This manipulation of the argument userId causes use of default...

6.5CVSS5.1AI score0.00222EPSS
Exploits1References8
NVD
NVD
added 2026/02/20 4:22 p.m.7 views

CVE-2025-69385

Missing Authorization vulnerability in AgniHD Cartify - WooCommerce Gutenberg WordPress Theme cartify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cartify - WooCommerce Gutenberg WordPress Theme: from n/a through = 1.3...

6.5CVSS0.00279EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 4:22 p.m.5 views

CVE-2025-69307

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Medinik Core medinik-core allows Blind SQL Injection.This issue affects Medinik Core: from n/a through = 1.3.6...

9.3CVSS0.00283EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.8 views

PT-2026-2983

Name of the Vulnerable Software and Affected Versions Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress versions up to and including 1.3.9.2 Description The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is susceptible to unauthorized...

7.4CVSS5.5AI score0.00196EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/12/03 7:5 p.m.13 views

CVE-2025-66458

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, there are multiple XSS due to unsafe use of f-strings in Markup. The issue requires a malicious 3rd party server responding with a JSON document...

6.1CVSS6.4AI score0.00161EPSS
Exploits0References1
CVE
CVE
added 2025/11/26 10:23 p.m.36 views

CVE-2025-66030

CVE-2025-66030 (node-forge) is a vulnerability in the Forge/ node-forge TLS implementation for JavaScript. The issue is an integer overflow in versions 1.3.1 and earlier, allowing remote, unauthenticated attackers to craft ASN.1 structures with oversized arcs. These arcs can be decoded as smaller...

6.3CVSS6.5AI score0.00276EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/11/14 12:0 a.m.2 views

Fedora 41 : runc (2025-6924245627)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-6924245627 advisory. Update to release v1.3.3 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

7.5CVSS7.2AI score0.00626EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/11 3:30 a.m.13 views

CVE-2025-12658 Preload Current Images <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Preload Current Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'complete' parameter in the 'preloadprogressbar' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS0.00193EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.8 views

PT-2025-45316

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Academist academist.This issue affects Academist: from n/a through 1.3...

8.1CVSS7.1AI score0.00392EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/26 8:31 a.m.12 views

CVE-2025-60147 WordPress HT Feed Plugin <= 1.3.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HT Plugins HT Feed ht-instagram allows Stored XSS.This issue affects HT Feed: from n/a through = 1.3.0...

6.5CVSS0.0019EPSS
Exploits0References1
OSV
OSV
added 2025/06/27 2:15 a.m.3 views

CVE-2025-47819

Flock Safety Gunshot Detection devices before 1.3 have an on-chip debug interface with improper access control...

6.8CVSS5.8AI score0.00216EPSS
Exploits0References4
Rows per page
Query Builder