Lucene search
K

573 matches found

Cvelist
Cvelist
added 6 hours ago2 views

CVE-2026-57398 WordPress Real Estate Manager Pro plugin <= 12.8.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebCodingPlace Real Estate Manager Pro real-estate-manager-pro allows Reflected XSS.This issue affects Real Estate Manager Pro: from n/a through = 12.8.3...

7.1CVSS
Exploits0References1
CVE
CVE
added 5 days ago8 views

CVE-2026-3144

CVE-2026-3144 affects IBM API Connect 12.1.0.0 through 12.1.0.3. The issue is the use of default credentials, which could allow an attacker to gain unauthorized access to the application before the system enforces a credential update. Exploitation details or a remediation/fix are not provided in ...

9.8CVSS5.9AI score0.00412EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 6 days ago12 views

PT-2026-56204

Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS versions prior to 12.2 Description Esri Portal for ArcGIS on Windows, Linux, and Kubernetes contains a flaw where a critical function lacks proper authentication. This allows a remote, unauthenticated attacker to access ...

9.8CVSS6AI score0.0041EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-55379

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...

7.5CVSS6AI score0.00364EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added last week6 views

CVE-2026-55798

Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.getcommand constructed a cmd.exe shell command by directly embedding a file path into an f-string without escaping and passed the result to subprocess.Popen..., shell=True, allowing shell metacharacters in the file path to inject...

4.5CVSS6AI score0.00136EPSS
Exploits1
Vulnrichment
Vulnrichment
added last week7 views

CVE-2026-9181 Directory Traversal in ArcGIS Server

Esri ArcGIS Server contains a directory traversal vulnerability. ArcGIS Enterprise on Kubernetes is not impacted. An unauthenticated attacker could exploit this issue by sending crafted path parameters. Successful exploitation could allow overwriting sensitive files on the system. Abuse of this...

9.8CVSS6AI score0.00727EPSS
Exploits0References1
OSV
OSV
added 2026/07/02 10:17 a.m.3 views

RHSA-2026:34362 Red Hat Security Advisory: postgresql:12 security update

Bulletin has no description...

8.8CVSS6.8AI score0.00668EPSS
Exploits0References23
EUVD
EUVD
added 2026/06/30 7:42 p.m.6 views

EUVD-2026-40393

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns...

6.5CVSS5.8AI score0.0042EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/29 1:23 p.m.5 views

WordPress Novalnet Payment Gateway for WooCommerce plugin <= 12.10.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by qdtad in WordPress Plugin Novalnet Payment Gateway for WooCommerce versions = 12.10.3...

9.8CVSS5.8AI score0.00336EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:17 a.m.6 views

CVE-2026-57878

An unauthenticated stack-based buffer overflow vulnerability exists in thttpd in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing web request parameters in a specific request path. A remote attacker may exploit this...

9.8CVSS6.4AI score0.00531EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.18 views

PT-2026-49908

Name of the Vulnerable Software and Affected Versions Oracle Unified Directory version 12.2.1.4.0 Oracle Unified Directory version 14.1.2.1.0 Description An issue exists in the OUD Core component of the Oracle Unified Directory product of Oracle Fusion Middleware. An unauthenticated attacker with...

9.8CVSS5.8AI score0.00518EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-49907

Name of the Vulnerable Software and Affected Versions Oracle Unified Directory versions 12.2.1.4.0 Oracle Unified Directory versions 14.1.2.1.0 Description An issue in the OUD Core component of Oracle Fusion Middleware allows an unauthenticated attacker with network access via LDAP Lightweight...

9.8CVSS5.8AI score0.00518EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/11 1:47 p.m.11 views

EUVD-2026-36246

A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic...

7CVSS5.5AI score0.00253EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/06/11 6:23 a.m.22 views

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat attack techniques that abuse the "npm install" command to trigger the execution of malicious code...

6.6AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/10 12:43 p.m.7 views

CVE-2026-52759 Ghidra < 12.1.1 - Denial of Service via Uncontrolled Memory Allocation in Mach-O Parser

Ghidra before 12.1.1 contains an uncontrolled memory allocation vulnerability in the Mach-O binary parser that allows attackers to cause denial of service. An attacker can supply a crafted Mach-O binary with an arbitrarily large ncmds load command count value, forcing the parser to allocate...

6.7CVSS5.5AI score0.00151EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/10 12:39 p.m.8 views

CVE-2026-52752 Ghidra < 12.0.2 - Path Traversal in Extension Installer via ZIP Entry Names

Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabli...

8.4CVSS5.8AI score0.00215EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

NSA Ghidra 路径遍历漏洞

NSA Ghidra is an open-source reverse-engineering tool developed by the National Security Agency National Security Agency of the United States. Prior to version 12.2 of NSA Ghidra, there was a path traversal vulnerability. This vulnerability stemmed from IsfServer not verifying the namespace strin...

6.5CVSS5.4AI score0.00457EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/09 3:39 p.m.34 views

CVE-2026-0409 Netgear Orbi 370 Series Remote Code Execution vulnerability

A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Internet to run commands on your device when the device administrator performs certain specific management actions. This issue affects NETGEAR Orbi 370 series devices...

7.5CVSS0.00256EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.11 views

PT-2026-47814

Name of the Vulnerable Software and Affected Versions NETGEAR Orbi 370 series versions prior to V12.1.2.7 Description A security issue exists that allows an attacker capable of intercepting and tampering with traffic between the router and the Internet to execute commands on the device. This occu...

7.5CVSS6AI score0.00256EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.10 views

CVE-2026-34302

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite component: Workflow Loader. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Workflow. While the...

5.5CVSS7.3AI score0.00241EPSS
Exploits0References1
Rows per page
Query Builder