Lucene search
K

9 matches found

Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.9 views

PT-2026-56564

Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.14.0 NATS Server versions prior to 2.12.7 NATS Server versions prior to 2.11.16 Description An authenticated user can receive messages on denied subjects. This occurs when a wildcard subscription overlaps with a...

6.5CVSS6.1AI score0.00465EPSS
Exploits0References12
OSV
OSV
added 2026/03/24 8:55 p.m.5 views

CVE-2026-33215 NATS is vulnerable to MQTT hijacking via Client ID

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issu...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/02/26 12:25 a.m.3 views

SUSE CVE-2026-27585

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the path sanitization routine in file matcher doesn't sanitize backslashes which can lead to bypassing path related security protections. It affects users with specific Caddy and environment configurations...

8.2CVSS5.8AI score0.00323EPSS
Exploits1References4
NVD
NVD
added 2025/12/21 4:16 a.m.5 views

CVE-2025-13220

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode attributes in all versions up to, and including, 2.11.0 due to insufficient input...

6.4CVSS0.0021EPSS
Exploits0References8
Patchstack
Patchstack
added 2025/10/13 11:7 a.m.8 views

WordPress Web Accessibility By accessiBe plugin <= 2.10 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Moose Love in WordPress Plugin Web Accessibility By accessiBe versions = 2.10...

4.3CVSS6.8AI score0.00151EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/14 3:5 p.m.9 views

CVE-2025-26357

A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests...

4.9CVSS6.6AI score0.00728EPSS
Exploits0References1
OSV
OSV
added 2025/02/12 2:15 p.m.6 views

CVE-2025-26352

A CWE-35 "Path Traversal" in the template deletion mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests...

6.5CVSS5.8AI score0.01034EPSS
Exploits0References1
OSV
OSV
added 2021/07/26 9:21 p.m.2 views

GHSA-H86X-MV66-GR5Q OS Command Injection in Locutus

php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attacker to achieve code execution...

9.8CVSS7.3AI score0.02931EPSS
Exploits0References4
CNNVD
CNNVD
added 2020/11/16 12:0 a.m.5 views

Nugmubs ChronoForms Cross-Site Scripting Vulnerability

Nugmubs ChronoForms is a plugin from the individual developers of Nugmubs for providing discussion functionality to Joomla. A cross-site scripting vulnerability exists in Nugmubs ChronoForms version 2.0.11, which originates when inserting a crafted payload into a post. If any user sees the post,...

6.1CVSS6.3AI score0.00799EPSS
Exploits0References2
Rows per page
Query Builder