Lucene search
+L

8103 matches found

Cvelist
Cvelist
added 3 days ago28 views

CVE-2026-48799 Postiz: Unauthenticated arbitrary lifetime PRO grant via Nowpayments webhook

Postiz is an AI social media scheduling tool. Prior to 2.21.8, Postiz fails to verify Nowpayments IPN callback authenticity against the payment provider shared secret and reads the target subscription identifier from the untrusted request body, allowing a low-privileged account to grant arbitrary...

7.7CVSS0.00164EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 3 days ago8 views

PT-2026-60198

Name of the Vulnerable Software and Affected Versions Penpot versions prior to 2.14.5 Description An issue exists where invitation tokens from create-team-invitations in teams invitations.clj are exposed. Additionally, an existing profile id is embedded in prepare-register-profile within auth.clj...

9.9CVSS5.3AI score0.00283EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 3 days ago8 views

Linux Distros Unpatched Vulnerability : CVE-2026-15713

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in libsoup's HTTP/2 protocol implementation. The library fails to correctly release memory context blocks under specific stream...

5.9CVSS6.1AI score0.00349EPSS
Exploits0References3
CVE
CVE
added 4 days ago7 views

CVE-2026-15713

This CVE affects Libsoup’s HTTP/2 implementation. The issue is a memory leak where memory context blocks are not properly released under specific stream termination conditions (e.g., window exhaustion or explicit stream resets). A remote, unauthenticated attacker acting as a malicious network pee...

5.9CVSS6.1AI score0.00349EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 4 days ago3 views

CVE-2026-49788 HTTP/2 Denial of Service Vulnerability

...

7.5CVSS6.1AI score0.00797EPSS
Exploits0References1
CVE
CVE
added 4 days ago11 views

CVE-2026-49788

CVE-2026-49788 : An HTTP/2 denial-of-service vulnerability due to unbounded resource allocation allows an unauthenticated network attacker to exhaust resources and disrupt service. CVSSv3.1 base score 7.5 (HIGH); vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. No product/vendor/version details are p...

7.5CVSS6.1AI score0.00797EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-51105

Buffer Overflow vulnerability in aMULE-Project aMule v.2.3.3 allows a remote attacker to cause a denial of service via the OPSERVERMESSAGE Handler...

7.5CVSS0.00318EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 4 days ago6 views

HTTP/2 Denial of Service Vulnerability

Allocation of resources without limits or throttling in HTTP/2 allows an unauthorized attacker to deny service over a network...

7.5CVSS6.1AI score0.00797EPSS
Exploits0
EUVD
EUVD
added 4 days ago4 views

EUVD-2026-43606

OpENer 2.3.0 master branch up to commit 76b95cf is vulnerable to a severe memory corruption issue caused by an integer underflow in the processing of connected explicit messages SendUnitData...

9.8CVSS6.1AI score0.00379EPSS
Exploits0References3
CVE
CVE
added 4 days ago8 views

CVE-2026-51105

CVE-2026-51105 affects aMULE-Project’s aMule 2.3.3. The root cause is a Buffer Overflow in the OP_SERVERMESSAGE Handler, enabling a remote attacker over the network with no user interaction to cause a denial of service. The CVSS indicates Network access, low complexity, no privileges, and a High ...

7.5CVSS6.1AI score0.00318EPSS
Exploits0References1
NVD
NVD
added 5 days ago8 views

CVE-2026-57772

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Inventory WP Inventory Manager wp-inventory-manager allows Blind SQL Injection.This issue affects WP Inventory Manager: from n/a through = 2.4.0...

8.5CVSS0.00253EPSS
Exploits0References1
NVD
NVD
added 5 days ago4 views

CVE-2026-57702

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Melograno Venture Studio Amelia ameliabooking allows Blind SQL Injection.This issue affects Amelia: from n/a through = 2.4.2...

9.3CVSS0.00291EPSS
Exploits0References1
CVE
CVE
added 5 days ago15 views

CVE-2026-57772

CVE-2026-57772 concerns WP Inventory Manager (WordPress plugin) with an SQL Injection issue in the wp-inventory-manager component. The vulnerability is described as Blind SQL Injection and affects WP Inventory Manager versions up to and including 2.4.0 (and from an unspecified starting version). ...

8.5CVSS6.1AI score0.00253EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-57744 WordPress RT-Theme 18 | Extensions plugin <= 2.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Object Injection.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...

9.8CVSS0.00313EPSS
Exploits0References1
CVE
CVE
added 5 days ago10 views

CVE-2026-61971

The CVE covers the WordPress plugin Metronet Profile Picture (Cozmoslabs User Profile Picture) insecure direct object references affecting versions

2.7CVSS6.1AI score0.00192EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-57802 WordPress Struktur theme <= 2.5.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affects Struktur: from n/a through = 2.5.1...

7.5CVSS0.00496EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago27 views

CVE-2026-57790 WordPress Billey theme <= 2.1.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Billey billey allows PHP Local File Inclusion.This issue affects Billey: from n/a through = 2.1.8...

7.5CVSS0.00496EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-57379 WordPress FormyChat plugin <= 2.15.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPPOOL FormyChat social-contact-form allows Stored XSS.This issue affects FormyChat: from n/a through = 2.15.3...

7.1CVSS0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-51541

OpENer 2.3.0 commit 76b95cf has an out-of-bounds read issue in CIP message parsing when handling malformed explicit requests with a forged EPath size. An attacker can send a valid ENIP SendRRData frame carrying a very short CIP payload whose pathsize field claims that many more path words are...

0.00379EPSS
Exploits0References2
CVE
CVE
added 5 days ago18 views

CVE-2026-51538

CVE-2026-51538 (OpENer 2.3.0) describes an Incorrect Access Control in encapsulation session handling. The server validates that a session_handle exists in the global list but does not verify that the handle belongs to the TCP connection issuing the request. With no strong binding between a sessi...

9.1CVSS6.1AI score0.00379EPSS
Exploits0References2
Rows per page
Query Builder