Lucene search
K

2730 matches found

EUVD
EUVD
added 4 days ago17 views

EUVD-2026-34067

morgan vulnerable to Log Forging via unneutralized control characters in :remote-user...

5.3CVSS6.1AI score0.00246EPSS
Exploits0References3
Nuclei
Nuclei
added 6 days ago77 views

Atlassian Bitbucket - Remote Command Injection

Atlassian Bitbucket Server and Data Center is susceptible to remote command injection. Multiple API endpoints can allow an attacker with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request, thus making it possible to obtain...

8.8CVSS7.7AI score0.99077EPSS
Exploits24References5
OSV
OSV
added 2026/07/06 9:17 a.m.4 views

EEF-CVE-2026-56810 mint buffers an entire chunked response chunk in memory in Mint.HTTP1.decode_body/5

Summary Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint Mint.HTTP1 module allows a denial of service via an oversized chunked transfer-encoded response. This vulnerability is associated with program files lib/mint/http1.ex and program routines...

8.7CVSS6AI score0.00344EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.7 views

PT-2026-56038

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description A low-privileged staff account can grant arbitrary module permissions to itself, leading to persistent privilege escalation. A user possessing the staff.create and edit staff permission can call...

8.5CVSS6AI score0.0024EPSS
Exploits0References5
OSV
OSV
added 2026/07/03 8:19 p.m.3 views

CVE-2026-27657 Gitea email settings allow changing another user's primary email address

Gitea versions before 1.25.5 allow a user to change another user's primary email address...

7.5CVSS5.9AI score0.00345EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-54390

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in Cast allows a remote attacker who has compromised the renderer process to perform privilege escalation via a crafted HTML page...

9.8CVSS6AI score0.00413EPSS
Exploits0References447
EUVD
EUVD
added 2026/06/26 2:53 p.m.5 views

EUVD-2026-39740

Contributor Cross Site Scripting XSS in SeedProd Pro 6.19.5 versions...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.20 views

PT-2026-51041

Name of the Vulnerable Software and Affected Versions Branda plugin for WordPress versions prior to 3.4.30 Description The plugin is susceptible to privilege escalation through account takeover. This occurs because the software fails to properly validate a user's identity before updating a...

9.8CVSS6AI score0.00625EPSS
Exploits1References13
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37662

Unauthenticated Broken Access Control in WordPress Dating Theme = 11.2.0 versions...

8.6CVSS5.1AI score0.00261EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.12 views

EUVD-2026-37657

Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate 6.7.7 versions...

8.5CVSS5.7AI score0.00347EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:55 p.m.9 views

EUVD-2026-37013

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In...

7.6CVSS5.3AI score0.00273EPSS
Exploits0References4
NVD
NVD
added 2026/06/15 9:16 p.m.15 views

CVE-2026-34902

Unauthenticated Cross Site Scripting XSS in WooCommerce Product Table Lite = 4.6.3 versions...

7.1CVSS0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:19 p.m.8 views

EUVD-2026-36870

Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce = 3.2.1 versions...

7.5CVSS5.2AI score0.00362EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.16 views

PT-2026-49532

Name of the Vulnerable Software and Affected Versions elixir-grpc versions 0.8.0 through 0.9.x Description Authenticated attackers can access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. This occurs in...

7.6CVSS5.3AI score0.00273EPSS
Exploits0References7
CVE
CVE
added 2026/06/12 6:11 p.m.16 views

CVE-2026-47236

CVE-2026-47236 affects the Solidtime open‑source time-tracking app prior to version 0.12.2. The root cause is insufficient access control in the Jetstream-backed team page: invitations:view and members:view permissions gate the official APIs, but the Jetstream page authorizes access with only bel...

4.3CVSS5.3AI score0.00183EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.42 views

Spring Framework 6.2.x < 6.2.18.1 / 7.0.x < 7.0.7.1 SSRF

The version of Spring Framework installed on the remote host is 6.2.x prior to 6.2.18.1, or 7.0.x prior to 7.0.7.1. It is, therefore, affected by a vulnerability: - Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL strin...

6.5CVSS5.3AI score0.00123EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 5:16 p.m.11 views

EUVD-2026-36087

In Splunk SOAR Security Orchestration, Automation, and Response versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute ANSI escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might...

4.3CVSS5.5AI score0.00199EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 5:15 p.m.11 views

EUVD-2026-36081

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious classic dashboard that...

5.7CVSS5.5AI score0.00247EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 5:0 a.m.10 views

CVE-2026-11572

Versions of the package degit before 2.8.6, from 3.0.0 and before 3.3.1 are vulnerable to Command Injection due to improper sanitisation of user input for git shell commands directly invoked with exec method by cloneWithGit and fetchRefs functions. An attacker can execute arbitrary operating syst...

8.8CVSS5.9AI score0.01057EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/06/05 3:17 p.m.5 views

CVE-2026-48101

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An uninitialized memory disclosure vulnerability in the UEFI capsule .scap parser in 7-Zip. The OpenCapsule function allocates a heap buffer of attacker-declared CapsuleImageSize up to 1 GiB without...

6.5CVSS5.6AI score0.00277EPSS
Exploits1References1
Rows per page
Query Builder