Lucene search
+L

322 matches found

Nuclei
Nuclei
added yesterday6 views

Gogs < 0.14.3 - Unauthenticated Organization Teams Disclosure

Gogs before version 0.14.3 contains an unauthenticated information disclosure vulnerability. The GET /api/v1/orgs/:orgname/teams endpoint returns all teams for any organization without requiring authentication. The route group lacks the reqToken middleware, exposing team IDs, names, descriptions,...

6.9CVSS6.1AI score0.01553EPSS
Exploits0References2
NVD
NVD
added 2026/07/10 5:16 a.m.8 views

CVE-2026-21057

Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory...

6.8CVSS0.00116EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 6:0 a.m.18 views

CVE-2026-11570

CVE-2026-11570 affects the User Submitted Posts WordPress plugin prior to 20260608, where an input value is not escaped before being output in an admin-configured display template, allowing unauthenticated users to trigger a Stored XSS when a non-default display option is enabled. The issue is de...

4.2CVSS5.7AI score0.00137EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 2:17 p.m.9 views

CVE-2026-57923

In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings...

7.5CVSS0.00159EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.9 views

Curl 8.11.1 < 8.21.0 Netrc Password Leak

The version of curl installed on the remote host is 8.11.1 prior to 8.21.0. It is, therefore, affected by a credential disclosure vulnerability: - When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a username, curl could wrongly get and use the...

9.1CVSS6AI score0.0061EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/24 5:5 p.m.7 views

CVE-2026-49851 Mistune: Potential DoS via quadratic-time parsing in parse_link_text

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear approximately On² behavior in parselinktext. When parsing Markdown containing many consecutive characters, parselinktext repeatedly scans the input usin...

8.7CVSS5.9AI score0.0035EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/22 8:42 a.m.8 views

WordPress Pie Register plugin < 3.8.4.10 - Unauthenticated Email Verification Bypass via Predictable Token vulnerability

Unauthenticated Email Verification Bypass via Predictable Token vulnerability discovered by Haitam Lazaar in WordPress Plugin Pie Register versions 3.8.4.10...

5.3CVSS5.8AI score0.00129EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/19 5:3 p.m.19 views

CVE-2026-49286 PhpWeasyPrint vulnerable to PHAR deserialization via output filename (CVE-2023-28115 case-insensitive bypass)

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, pontedilana/php-weasyprint guarded the output filename against the phar:// stream wrapper with a case-sensitive blacklist. PHP stream wrappers are case-insensitive, so PHAR://, Phar://, etc...

8.1CVSS0.00555EPSS
Exploits0References4
NVD
NVD
added 2026/06/17 1:19 p.m.10 views

CVE-2025-58952

Unauthenticated Local File Inclusion in Neuronet 1.14.0 versions...

8.1CVSS0.00338EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/16 7:1 p.m.6 views

NPM: n8n: Merge Node SQL Mode Prototype Pollution

NPM: n8n: Merge Node SQL Mode Prototype Pollution vulnerability discovered by ? in WordPress Npm n8n versions 2.25.7...

7.7CVSS5.9AI score0.00316EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/12 10:16 p.m.14 views

CVE-2025-7003

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.56...

7.8CVSS0.00131EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 6:0 a.m.44 views

CVE-2026-9060 Agile Store Locator < 1.6.6 - Admin+ Stored XSS via map_style

The Store Locator WordPress plugin before 1.6.6 does not sanitize and escape one of its settings before storing it and outputting it on the Store Locator WordPress plugin before 1.6.6 admin page, allowing high-privileged users such as administrators to perform Stored Cross-Site Scripting attacks...

0.00138EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Atril 命令注入漏洞

Atril is a simple multi-page document viewer developed under the MATE Desktop open source project. Versions of Atril prior to 1.26.3 and 1.28.4 contained a command injection vulnerability. This vulnerability stemmed from the evspawn function in shell/ev-application.c, which did not apply...

8.4CVSS5.8AI score0.00529EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.10 views

CVE-2026-6268

The EventPress WordPress theme before 22.2 does not sanitize or escape the 'id' parameter in the eventpresscustomizernotifydismissaction AJAX handler before outputting it back in the response, allowing unauthenticated attackers to perform Reflected Cross-Site Scripting attacks against logged-in...

7.1CVSS5.5AI score0.00164EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.9 views

CVE-2026-8410

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/logs/bulk/delete. The The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks...

8.8CVSS5.5AI score0.00142EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.11 views

Ericsson Packet Core Gateway 安全漏洞

Ericsson Packet Core Gateway is a data packet gateway platform for mobile communication core networks developed by the Swedish company Ericsson. Versions of Ericsson Packet Core Gateway prior to version 1.30 contained security vulnerabilities. These vulnerabilities stemmed from improper handling ...

7.1CVSS5.4AI score0.00165EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 11:17 p.m.9 views

CVE-2026-11197

Insufficient policy enforcement in Workers in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS0.00201EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.13 views

Dovestones ADPhonebook 安全漏洞

Dovestones ADPhonebook is a corporate address book and employee directory management system developed by the Canadian company Dovestones. Versions of Dovestones ADPhonebook prior to 4.0.1.1 contained security vulnerabilities. These vulnerabilities stemmed from insufficient input validation and...

4.8CVSS5.4AI score0.0018EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a resource management vulnerability. This vulnerability stemmed from the reuse of the FileSystem component after its release, which could allow a remote attacker to exploit the...

9.6CVSS5.4AI score0.00325EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/28 10:25 p.m.8 views

CVE-2026-9881

Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: Critical...

5.8AI score0.00203EPSS
Exploits0References2
Rows per page
Query Builder