Lucene search
K

472 matches found

EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42564

The Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteFiles function in all versions up to, and including, 3.1.1 This makes it possible for...

7.1CVSS6.7AI score0.00691EPSS
Exploits0References13
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-14372 Bit Form <= 3.1.1 - Authenticated (Subscriber+) Arbitrary File Deletion via '_old' Parameter

The Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteFiles function in all versions up to, and including, 3.1.1 This makes it possible for...

7.1CVSS0.00691EPSS
Exploits0References13
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-14372

The Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteFiles function in all versions up to, and including, 3.1.1 This makes it possible for...

7.1CVSS6.7AI score0.00691EPSS
Exploits0References14
CVE
CVE
added 2026/06/26 1:8 p.m.15 views

CVE-2026-57940

CVE-2026-57940 affects HTMLy 3.1.1 and describes an SSRF in the RSS feed import. The vulnerable code path is get_feed() in system/admin/admin.php, which passes user-supplied feed_url directly to file_get_contents() without validation. An authenticated admin can exploit this by supplying a crafted...

2.1CVSS5.8AI score0.00229EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:12 p.m.13 views

CVE-2026-56054

CVE-2026-56054 affects the WordPress JS Help Desk plugin (versions &lt;= 3.1.1). The vulnerability allows Arbitrary File Deletion within the plugin, with impact described as high (availability impact) and CVSS 3.1 base score 7.7. The advisory does not provide root cause specifics or remediation s...

7.7CVSS5.8AI score0.0045EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:12 p.m.5 views

EUVD-2026-39383

Subscriber Arbitrary File Deletion in JS Help Desk = 3.1.1 versions...

7.7CVSS5.8AI score0.0045EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52435

Name of the Vulnerable Software and Affected Versions JS Help Desk versions prior to 3.1.2 Description Low-privileged subscribers can remotely delete critical files due to a path traversal issue. Path traversal is a flaw that allows an attacker to access or manipulate files outside the intended...

7.7CVSS5.8AI score0.0045EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/11 3:53 p.m.36 views

CVE-2026-11945 PostgreSQL Anonymizer: SQL injection in the rules import functions

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the importdatabaserules or importrolesrules functions, the malicious code is executed with...

6.4CVSS0.00247EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/11 3:53 p.m.9 views

EUVD-2026-36266

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the importdatabaserules or importrolesrules functions, the malicious code is executed with...

6.4CVSS5.5AI score0.00247EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.23 views

PT-2026-48676

Name of the Vulnerable Software and Affected Versions PostgreSQL Anonymizer versions prior to 3.1.1 Description An issue exists where a user can obtain superuser privileges by creating a JSON document containing malicious code within a specific key-value pair. This occurs when a superuser execute...

7.5CVSS5.5AI score0.00247EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:32 p.m.12 views

CVE-2026-46480

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.3AI score0.00335EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/29 12:0 a.m.7 views

OPENSUSE-SU-2026:10889-1 distribution-registry-3.1.1-3.1 on GA media

These are all security issues fixed in the distribution-registry-3.1.1-3.1 package on the GA media of openSUSE Tumbleweed...

9.6CVSS5.8AI score0.00781EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.7 views

Unity Linux 20.1060e / 20.1070e Security Update: sphinx (UTSA-2026-016628)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016628 advisory. SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal in conjunction with CVE-2019-14511 because the mysql client can be used for CALL...

7.5CVSS7AI score0.02166EPSS
Exploits2References4
Patchstack
Patchstack
added 2026/05/20 3:45 p.m.15 views

NPM: Flowise: Cross-Workspace Chatflow Disclosure via chatflows/apikey Endpoint Returns All Unprotected Chatflows

NPM: Flowise: Cross-Workspace Chatflow Disclosure via chatflows/apikey Endpoint Returns All Unprotected Chatflows vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

5.8AI score
Exploits0References2Affected Software1
OPENSUSE Linux
OPENSUSE Linux
added 2026/05/20 12:0 a.m.9 views

distribution-registry-3.1.1-1.1 on GA media (moderate)

distribution-registry-3.1.1-1.1 on GA media Announcement ID: openSUSE-SU-2026:10812-1 Rating: moderate Cross-References: CVE-2026-41888 CVSS scores: CVE-2026-41888 SUSE : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVE-2026-41888 SUSE : 6.3...

6.5CVSS5.8AI score0.00294EPSS
Exploits1
OSV
OSV
added 2026/05/19 12:0 a.m.8 views

OPENSUSE-SU-2026:10812-1 distribution-registry-3.1.1-1.1 on GA media

These are all security issues fixed in the distribution-registry-3.1.1-1.1 package on the GA media of openSUSE Tumbleweed...

6.5CVSS5.8AI score0.00294EPSS
Exploits1References1
OSV
OSV
added 2026/05/14 6:16 p.m.24 views

DEBIAN-CVE-2026-41888

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...

6.5CVSS5.8AI score0.00294EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/05/14 6:16 p.m.22 views

CVE-2026-41888

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...

6.5CVSS5.8AI score0.00294EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/14 4:53 p.m.42 views

CVE-2026-41888 Distribution: Tag deletion bypasses `storage.delete.enabled` configuration

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...

6.3CVSS0.00294EPSS
Exploits1References1
CVE
CVE
added 2026/05/14 4:53 p.m.25 views

CVE-2026-41888

CVE-2026-41888 affects the Distribution toolkit (prior to v3.1.1). The issue is that DELETE /v2//manifests/ can bypass storage.delete.enabled: false, letting API clients remove tags from repositories even when deletion is disabled. Impact: unauthorized tag deletions. Remediation: upgrade to v3.1....

6.5CVSS5.8AI score0.00294EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder