Lucene search
K

150 matches found

CVE
CVE
added 2026/04/07 8:57 a.m.12 views

CVE-2026-34903

The CVE-2026-34903 entry describes a Missing Authorization vulnerability in OceanWP Ocean Extra, affecting Ocean Extra up to version 2.5.3. The issue is categorized as a Broken Access Control with CVSS 3.1 base score 5.4 (Network, Low Privileges Required, No User Interaction, Confidentiality None...

5.4CVSS5.9AI score0.00293EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/27 9:23 p.m.4 views

EUVD-2026-16870

LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...

6.5CVSS5.8AI score0.00318EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/26 4:58 p.m.24 views

CVE-2026-33438 Stirling-PDF vulnerable to DoS via add-watermark

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Versions starting in 2.1.5 and prior to 2.5.2 have Denial of Service DoS vulnerability in the Stirling-PDF watermark functionality /api/v1/security/add-watermark endpoint. The vulnerabilit...

6.5CVSS0.00398EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.10 views

Tabs Mail Carrier 缓冲区错误漏洞

Tabs Mail Carrier is an email server software for email sending and mailing list management developed by the Tabs company. Version 2.5.1 of Tabs Mail Carrier contains a buffer error vulnerability. This vulnerability stems from a buffer overflow in the MAIL FROM SMTP command, which could allow a...

9.8CVSS6.4AI score0.00912EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.9 views

JIZHICMS 安全漏洞

JIZHICMS is an open-source content management system developed by JIZHI Corporation in China. JIZHICMS versions 2.5.6 and earlier contained security vulnerabilities. These vulnerabilities were caused by insufficient input cleaning in the publish function of the app/home/c/UserController.php file,...

5.4CVSS5.7AI score0.00165EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.7 views

File Thingie 安全漏洞

File Thingie is a file manager personally developed by Frances Leese. Version 2.5.7 of File Thingie has a security vulnerability, which stems from the improper handling of the function for creating folders from URLs. This vulnerability may lead to directory traversal attacks...

4.3CVSS5.8AI score0.00612EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.9 views

Jenkins 安全漏洞

Jenkins is an open-source application developed by Jenkins Project. The open-source automation server Jenkins offers hundreds of plugins to support building, deploying, and automating any project. Jenkins versions 2.554 and earlier, as well as LTS 2.541.2 and earlier, have security vulnerabilitie...

8.8CVSS6.1AI score0.01161EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/16 2:19 p.m.8 views

CVE-2026-4185

A vulnerability was found in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. This vulnerability affects the function swfdefbitsjpeg of the file src/scenemanager/swfparse.c of the component MP4Box. The manipulation of the argument szName results in stack-based buffer overflow. It is possible to laun...

6.5CVSS6.8AI score0.00252EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/05 5:54 a.m.4 views

CVE-2026-28081 WordPress Windsor theme <= 2.5.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Windsor windsor allows PHP Local File Inclusion.This issue affects Windsor: from n/a through = 2.5.0...

8.1CVSS5.9AI score0.00415EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 3:46 p.m.3 views

CVE-2025-69328 WordPress Booking and Rental Manager plugin <= 2.5.9 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Object Injection.This issue affects Booking and Rental Manager: from n/a through = 2.5.9...

5.4AI score0.00344EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/02/19 8:44 p.m.7 views

Pannellum has a XSS vulnerability in hot spot attributes

Impact The hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hosting the standalone viewer HTML file and any other use of untrusted JSON config files bypassing the...

6.1CVSS6.1AI score0.00319EPSS
Exploits0References4Affected Software1
Packet Storm News
Packet Storm News
added 2026/02/02 12:0 a.m.9 views

Booked Scheduler 2.5.15 Cross Site Request Forgery

A cross site request forgery vulnerability exists in Booked Scheduler version 2.5.15. The vulnerability allows remote attackers to perform unauthorized actions on behalf of authenticated users. This issue is older research added to the archive...

5.2AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/01/27 6:43 p.m.5 views

CVE-2026-24883

In GnuPG before 2.5.17, a long signature packet length causes parsesignature to return success with sig-data set to a NULL value, leading to a denial of service application crash...

3.7CVSS5.9AI score0.00447EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/21 9:40 p.m.6 views

EUVD-2026-3773

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.0.0 through 2.54.0, users that have the staff status may freely change their permissions, including giving themselves superuser status and joining the admin group, which gives them full access to...

8.5CVSS5.6AI score0.00255EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/17 4:34 a.m.4 views

CVE-2025-12825 User Registration Using Contact Form 7 <= 2.5 - Authenticated (Subscriber+) Information Exposure

The User Registration Using Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getcf7formdata' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to retrieve form settings...

5.3CVSS5.5AI score0.00535EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/01/11 11:15 a.m.6 views

CVE-2025-15506

A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has...

4.8CVSS5.5AI score0.00165EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/01/06 12:25 a.m.6 views

SUSE CVE-2025-65799

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...

4.3CVSS7.2AI score0.00185EPSS
Exploits1References2
EUVD
EUVD
added 2026/01/02 6:44 p.m.5 views

EUVD-2026-0757

Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cross-site request forgery CSRF. This can lead to a user being forced to post an article with arbitrary, attacker-controlled content. This, when combined with stored cross-site...

8.3CVSS6AI score0.00151EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/01/02 12:0 a.m.6 views

emlog 安全漏洞

emlog is emlog open source a set of PHP and MySQL based CMS website building system. A security vulnerability exists in version 2.5.23 of emlog, the vulnerability stems from the administrator can set the control item, which may lead to users can not be edited or deleted after posting articles...

5.1CVSS6.6AI score0.00204EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/12/31 11:6 a.m.7 views

CVE-2025-69023

Missing Authorization vulnerability in Marketing Fire Discussion Board wp-discussion-board allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Discussion Board: from n/a through = 2.5.7...

4.3CVSS7AI score0.00152EPSS
Exploits0References1
Rows per page
Query Builder