Lucene search
K

1014 matches found

EUVD
EUVD
added 5 days ago6 views

EUVD-2025-210356

Unauthenticated Insecure Direct Object References IDOR in BookPro = 1.1.0 versions...

5.3CVSS5.8AI score0.00228EPSS
Exploits0References2
CVE
CVE
added 5 days ago7 views

CVE-2025-66123

The CVE-2025-66123 entry describes an unauthenticated Insecure Direct Object References (IDOR) vulnerability in the WordPress BookPro plugin, versions

5.3CVSS5.8AI score0.00228EPSS
Exploits0References1
Patchstack
Patchstack
added 5 days ago5 views

WordPress BookPro plugin <= 1.1.0 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Phat RiO in WordPress Plugin BookPro versions = 1.1.0...

5.3CVSS5.8AI score0.00228EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 5 days ago7 views

WordPress WCBoost &#8211; Products Compare plugin <= 1.1.0 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WCBoost Products Compare versions = 1.1.0...

5.3CVSS5.8AI score0.0024EPSS
Exploits0Affected Software1
EUVD
EUVD
added 6 days ago3 views

EUVD-2026-39540

The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creation endpoint, allowing authenticated users with a connected Google account to share Google Drive files to unauthorized private channels and disclose private channel membership...

4.2CVSS5.8AI score0.00119EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 11:28 a.m.14 views

CVE-2026-11373

Summary of CVE-2026-11373 (Net::Statsite::Client) : The Perl client (versions through 1.1.0) is vulnerable to metric injections because metric names are not sanitized for newlines or other protocol control characters (e.g., colons, pipes), and newlines are not removed from metrics. This can allow...

9.1CVSS5.8AI score0.00352EPSS
Exploits0References6
CVE
CVE
added 2026/06/19 8:12 p.m.21 views

CVE-2026-49346

CVE-2026-49346 affects libde265 up to version 1.0.x; a crafted H.265 bitstream with large SPS dimensions and 16-bit depth triggers a signed integer overflow in de265_image_get_buffer(), causing an undersized allocation (~1 KB) but later writing ~4 GB due to size_t math in fill_image. This is fixe...

7.1CVSS5.9AI score0.00227EPSS
Exploits1References2Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 5:37 p.m.5 views

Malicious code in free-claude (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e5cf1276f4faf6de26e95f05cc2bb95d90c71473c20e9542c9e88c2d949dfb9 Package name 'free-claude' and author 'anthropic-claude' impersonate Anthropic's Claude product, with a README claiming to install the official Claud...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/06/19 5:37 p.m.9 views

MAL-2026-6232 Malicious code in free-claude (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e5cf1276f4faf6de26e95f05cc2bb95d90c71473c20e9542c9e88c2d949dfb9 Package name 'free-claude' and author 'anthropic-claude' impersonate Anthropic's Claude product, with a README claiming to install the official Claud...

5.8AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/17 5:50 p.m.11 views

CVE-2026-48818 Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows

Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as \attacker.com\share can cause os.path.realpath to initiate an outbound SMB connection before the path is rejected, exposing the service account’s...

7.5CVSS5.3AI score0.00368EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/17 5:50 p.m.5 views

CVE-2026-48818

Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as \attacker.com\share can cause os.path.realpath to initiate an outbound SMB connection before the path is rejected, exposing the service account’s...

7.5CVSS5.3AI score0.00368EPSS
Exploits0
NVD
NVD
added 2026/06/17 1:19 p.m.8 views

CVE-2025-69141

Unauthenticated Local File Inclusion in Kelly Young = 1.1.0 versions...

8.1CVSS0.00348EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 11:35 p.m.21 views

CVE-2026-48797 Backpropagate: backprop ui --auth and backprop ui --share do not enforce authentication

Backpropagate is a Python library for fine-tuning large language models on a single GPU. In versions 1.1.0 and 1.1.1, the optional Reflex web UI exposes a training control plane without authentication: dataset upload, model load, training start/stop, multi-run orchestration, GGUF export, and...

9.3CVSS0.00324EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-50132

Name of the Vulnerable Software and Affected Versions Backpropagate versions 1.1.0 through 1.1.1 Description The optional Reflex web UI exposes a training control plane without authentication, despite CLI flags --auth and --share suggesting that security controls are active. The Reflex backend...

9.3CVSS6AI score0.00324EPSS
Exploits0References8
NVD
NVD
added 2026/06/15 8:16 p.m.7 views

CVE-2026-50878

An issue in the attachment handling component of Feuerhamster MailForm v1.1.0 allows attackers to cause a Denial of Service DoS via a crafted request...

7.5CVSS0.00441EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.9 views

PT-2026-49319

An issue in the attachment handling component of Feuerhamster MailForm v1.1.0 allows attackers to cause a Denial of Service DoS via a crafted request...

5.3AI score0.00441EPSS
Exploits0References2
CVE
CVE
added 2026/06/15 12:0 a.m.15 views

CVE-2026-50878

CVE-2026-50878 affects Feuerhamster MailForm v1.1.0 in its attachment handling component. The issue allows a crafted request to trigger a Denial of Service (DoS). CVSS v3.1 base score 7.5 (HIGH): Network attack vector, no privileges required, no user interaction, and impact limited to availabilit...

7.5CVSS5.3AI score0.00441EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.32 views

CVE-2026-50878

An issue in the attachment handling component of Feuerhamster MailForm v1.1.0 allows attackers to cause a Denial of Service DoS via a crafted request...

0.00441EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.8 views

CVE-2026-44427

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. From 1.1.0 to 1.7.4, the TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path e.g., //evil.com/ tha...

5.5AI score0.00409EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.9 views

CVE-2026-6808

The Pricing Tables for WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.7AI score0.00255EPSS
Exploits0References1
Rows per page
Query Builder