Lucene search
K

217 matches found

NVD
NVD
added 5 days ago9 views

CVE-2026-59817

Ghost is a Node.js content management system. From 6.27.0 before 6.44.0, Ghost's public donation checkout flow allowed an unauthenticated attacker to control donation checkout metadata and obtain full paid gift memberships for a minimal payment without exposing customer or member data or stealing...

5.3CVSS0.00257EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago5 views

PT-2026-56516

Name of the Vulnerable Software and Affected Versions Astro version 6.4.7 Description Astro performs authorization decisions on a partially decoded pathname after reaching the iterative URL decoder limit. Subsequently, rewrite route matching performs an additional decodeURI operation, which can...

8.2CVSS6.1AI score0.00267EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/06/29 1:36 p.m.6 views

CVE-2026-57339

Unauthenticated Broken Access Control in Business Directory = 6.4.23 versions...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/29 1:36 p.m.31 views

CVE-2026-57328 WordPress Business Directory plugin <= 6.4.22 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

6.5CVSS0.00211EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 7:17 p.m.12 views

CVE-2026-54298

Astro is a web framework. Prior to 6.4.6, the spreadAttributes function in Astro's server-side rendering pipeline iterates over object keys and passes them directly to addAttribute, which interpolates the key into the HTML output without escaping. When a developer uses the spread syntax ...props ...

6.1CVSS0.0016EPSS
Exploits1References1
OSV
OSV
added 2026/06/22 1:27 p.m.5 views

MINI-VG67-5V64-VR6M

Bulletin has no description...

8CVSS5.7AI score0.00472EPSS
Exploits0
EUVD
EUVD
added 2026/06/15 9:30 p.m.9 views

EUVD-2026-36935

Author PHP Object Injection in ShortPixel Image Optimizer = 6.4.3 versions...

7.2CVSS5.3AI score0.00446EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.11 views

CVE-2026-53698

Silverpeas through 6.4.6 mishandles the "Personal space" feature that is selected when no componentId is set...

6.5CVSS5.5AI score0.00327EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.12 views

CVE-2026-30139

A reflected cross-site scripting XSS vulnerability in the AdvancedSearch functionality of Silverpeas Core before version 6.4.6 allows attackers to execute arbitrary JavaScript in the context of a user's browser via crafted input...

6.1CVSS5.6AI score0.00188EPSS
Exploits1References1
Patchstack
Patchstack
added 2026/06/05 2:25 p.m.12 views

WordPress Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin <= 6.6.4 - Missing Authorization to Unauthenticated Information Exposure vulnerability

Missing Authorization to Unauthenticated Information Exposure vulnerability discovered by Anirudh Makkar in WordPress Plugin Essential Addons for Elementor versions = 6.6.4...

5.3CVSS5.5AI score0.0515EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/06/02 9:32 p.m.32 views

CVE-2021-4481 Dräger Protector Software Local Privilege Escalation via Insecure File Permissions

Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execu...

8.3CVSS0.00107EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.27 views

PT-2026-45861

Name of the Vulnerable Software and Affected Versions Dräger Protector Software versions prior to 6.4.2 Description Insecure file system permissions allow local attackers to execute arbitrary code with elevated privileges. This is achieved by replacing binaries or loaded modules on the host syste...

8.3CVSS6.2AI score0.00107EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/01 12:0 a.m.44 views

CVE-2026-10205 Metasoft 美特软件 MetaCRM upload.jsp unrestricted upload

A security vulnerability has been detected in Metasoft 美特软件 MetaCRM 6.4.0. The impacted element is an unknown function of the file develop/systparam/softlogo/upload.jsp. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed publicly an...

6.5CVSS0.00201EPSS
Exploits0References5
CVE
CVE
added 2026/05/14 6:35 p.m.20 views

CVE-2026-44589

Nuxt-og-image (nuxt-og-image) contains an SSRF issue tracked as CVE-2026-44589. The isBlockedUrl validator in [email protected] is incomplete: IPv6 prefix handling is limited (only ::1, fc, fd, fe80) and there is no redirect re-validation, enabling bypass paths such as IPv6-mapped addresses and...

3.7CVSS5.8AI score0.00171EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.16 views

PT-2026-40869

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to stored cross-site scripting via the menu hover click parameter of the Navigation Menu Lite widget in all versions up to, and including, 6.4.11 due to...

6.4CVSS5.8AI score0.00205EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.12 views

SUSE SLES15 Security Update : kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP6) (SUSE-SU-2026:1771-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1771-1 advisory. This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.47 fixes various security issues The following security issues were fixed: -...

7.8CVSS6.9AI score0.96267EPSS
Exploits230References19
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.9 views

Silverpeas Core 跨站脚本漏洞

Silverpeas Core is an open-source project developed by Silverpeas, used for building and running collaborative and social web portals. Versions of Silverpeas Core prior to 6.4.6 contained a cross-site scripting vulnerability. This vulnerability stemmed from the AdvancedSearch feature having...

6.1CVSS5.9AI score0.00188EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/17 1:18 p.m.5 views

CVE-2026-40458

PAC4J is vulnerable to Cross-Site Request Forgery CSRF. A malicious attacker can craft a specially designed website which, when visited by a user, will automatically submit a forged cross-site request with a token whose hash collides with the victim's legitimate CSRF token. Importantly, the...

7CVSS5.6AI score0.00165EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.47 views

pac4j 安全漏洞

pac4j is a simple yet powerful Java security engine developed by pac4j OpenSource. It is used to authenticate users, retrieve their configuration files, and manage authorizations, thereby protecting web applications and web services. There were security vulnerabilities in versions of pac4j before...

7CVSS5.9AI score0.00165EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.1 views

SUSE SLES15 Security Update : kernel (Live Patch 0 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:1283-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1283-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.60 fixes various security issues The following security issues were fixed: -...

7.8CVSS6.8AI score0.00344EPSS
Exploits7References25
Rows per page
Query Builder