Lucene search
K

140 matches found

NVD
NVD
added 13 hours ago2 views

CVE-2026-57383

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eyecix JobSearch wp-jobsearch allows Stored XSS.This issue affects JobSearch: from n/a through = 3.2.9...

7.1CVSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-59926 Mistune: XSS via unescaped class option in Admonition directive

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, renderadmonition in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into the HTML class attribute without escaping, allowing attribute injection and cross-site scripting even...

5.3CVSS0.00191EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 11:53 a.m.2 views

SUSE-SU-2026:22293-1 Security update for openCryptoki

This update for openCryptoki fixes the following issues Upgrade openCryptoki to version 3.27 jscPED-14609: Add base support for PKCS11 v3.2. Add support for PKCS11 v3.2 CVerifySignatureInit|Update|Final. Add support for PKCS11 v3.2 CEncapsulateKey/CDecapsulateKey. Soft/ICA/CCA/EP11: Add support f...

6.8CVSS5.8AI score0.00237EPSS
Exploits2References5
CVE
CVE
added 2026/06/01 5:49 p.m.27 views

CVE-2026-40989

CVE-2026-40989 affects Spring Cloud Function lineages (3.2.x, 4.1.x, 4.2.x, 4.3.x, 5.0.x) with older/unsupported versions also impacted. The issue is an infinite recursion in the routing layer that can cause an Out-Of-Memory (OOM) condition during request handling. The root cause is not fully dis...

6.5CVSS5.8AI score0.00211EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.20 views

PT-2026-43664

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Ludwig You QuickWebP Compress / Optimize Images & Convert WebP | SEO Friendly quickwebp allows Path Traversal.This issue affects QuickWebP Compress / Optimize Images & Convert WebP | SEO Friendly: from n...

9.9CVSS5.8AI score0.00336EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Wireshark

In Wireshark versions 3.2.0 to 3.2.4, the GVCP dissector could enter an infinite loop. This issue was addressed in the epan/dissectors/packet-gvcp.c file by ensuring that the offset increased in all situations...

7.5CVSS7.2AI score0.03101EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/13 1:17 p.m.10 views

WordPress Redirection for Contact Form 7 plugin <= 3.2.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by JongHwan Shin in WordPress Plugin Redirection for Contact Form 7 versions = 3.2.8...

5.8AI score0.00237EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/05/08 9:26 a.m.39 views

CVE-2026-7475 Sky Addons <= 3.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Script

The Sky Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sky-custom-scripts custom post type in all versions up to, and including, 3.3.2. This is due to the custom post type being registered with capabilitytype = 'post' and showinrest = true, combined with...

6.4CVSS0.00244EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.12 views

PT-2026-38333

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.0.0 through 3.2.8 OpenEXR versions 3.3.0 through 3.3.10 OpenEXR versions 3.4.0 through 3.4.10 Description An integer overflow exists in the ImageChannel::resize function, which can lead to a heap out-of-bounds OOB write—a...

8.8CVSS5.9AI score0.00355EPSS
Exploits1References34
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.10 views

GRASSMARLIN 代码问题漏洞

GRASSMARLIN is an open-source network security posture awareness tool for industrial control systems developed by the NSA Cybersecurity Directorate. Version GRASSMARLIN v3.2.1 contains a code vulnerability. This vulnerability stems from insufficient hardening of the XML parsing process, which may...

5.5CVSS6.1AI score0.00197EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/09 12:31 p.m.9 views

Apache Airflow: JWT token still valid after logout

When user logged out, the JWT token the user had authtenticated with was not invalidated, which could lead to reuse of that token in case it was intercepted. In Airflow 3.2 we implemented the mechanism that implements token invalidation at logout. Users who are concerned about the logout scenario...

9.1CVSS5.8AI score0.00667EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.7 views

WordPress plugin Theme Editor 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

9.6CVSS5.8AI score0.00143EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/14 12:0 a.m.10 views

Fedora 42 : freerdp (2026-53fe996a57)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-53fe996a57 advisory. Update to 3.23.0 to fix CVE-2026-26965, CVE-2026-26955, CVE-2026-26271, CVE-2026-25997, CVE-2026-25959, CVE-2026-25955, CVE-2026-25954,...

9.8CVSS5.9AI score0.00599EPSS
Exploits10References12
RedhatCVE
RedhatCVE
added 2026/03/10 2:12 a.m.6 views

CVE-2025-70048

An issue pertaining to CWE-319: Cleartext Transmission of Sensitive Information was discovered in Nexusoft NexusInterface v3.2.0-beta.2...

7.5CVSS5.8AI score0.00185EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.2 views

PT-2026-24070

An issue pertaining to CWE-319: Cleartext Transmission of Sensitive Information was discovered in Nexusoft NexusInterface v3.2.0-beta.2...

5.8AI score0.00185EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/05 6:30 a.m.4 views

EUVD-2026-9626

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Musico musico allows Reflected XSS.This issue affects Musico: from n/a through = 3.2.4...

5.9AI score0.0018EPSS
Exploits0References2
OSV
OSV
added 2026/03/01 10:16 a.m.8 views

UBUNTU-CVE-2026-3388

A vulnerability was found in Squirrel up to 3.2. This affects the function SQCompiler::Factor/SQCompiler::UnaryOP of the file squirrel/sqcompiler.cpp. Performing a manipulation results in uncontrolled recursion. The attack needs to be approached locally. The exploit has been made public and could...

5.5CVSS5.2AI score0.00166EPSS
Exploits1References7
OSV
OSV
added 2026/02/27 1:16 p.m.8 views

SUSE-SU-2026:20616-1 Security update for haproxy

This update for haproxy fixes the following issues: - Update to version 3.2.12+git0.6011f448e - CVE-2026-26081: Fixed a DOS vulnerability in QUIC. bsc1257976 - CVE-2026-26080: Fixed a DOS vulnerability in QUIC. bsc1257976...

5.8AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/20 7:39 p.m.4 views

CVE-2026-26201

emp3r0r is a C2 designed by Linux users for Linux environments. Prior to version 3.21.2, multiple shared maps are accessed without consistent synchronization across goroutines. Under concurrent activity, Go runtime can trigger fatal error: concurrent map read and map write, causing C2 process cra...

7.5CVSS5.5AI score0.00291EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/02/18 6:24 p.m.7 views

CVE-2026-2659

A vulnerability was determined in Squirrel up to 3.2. Affected by this vulnerability is the function SQFuncState::PopTarget of the file src/squirrel/squirrel/sqfuncstate.cpp. Executing a manipulation of the argument targetstack can lead to out-of-bounds read. It is possible to launch the attack o...

7.8CVSS5.5AI score0.00213EPSS
Exploits1References6
Rows per page
Query Builder