Lucene search
K

455048 matches found

CVE
CVE
added yesterday6 views

CVE-2026-50721

Libreswan, via the function RSAauthenticatehashsignaturerawrsa, did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS 1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to for...

8.1CVSS6.3AI score
Exploits0References4
EUVD
EUVD
added yesterday9 views

EUVD-2026-33278

Mautic has an Authorization Bypass in API v2 Endpoints...

7.1CVSS5.8AI score0.00201EPSS
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-41214

Craft CMS: Authorship spoofing in entries/save-entry via pre-check/post-mutation authorization gap...

7.6CVSS5.8AI score
Exploits0References3
CVE
CVE
added yesterday7 views

CVE-2026-7311

The TinyPNG – JPEG, PNG & WebP image compression plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteconvertedimagesize function in all versions up to, and including, 3.6.13. This makes it possible for authenticated attackers, with...

8.1CVSS6.5AI score
Exploits0References6
EUVD
EUVD
added yesterday10 views

EUVD-2026-36195

Dulwich's submodule path traversal in porcelain.submoduleupdate / porcelain.clonerecursesubmodules=True yields RCE via attacker-dropped .git/hooks payload...

7.5CVSS5.8AI score0.00448EPSS
Exploits0References3
NVD
NVD
added yesterday6 views

CVE-2026-54891

Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl tlsgenconnection module allows a network-positioned attacker to inject unauthenticated plaintext that the TLS client application later treats as authenticated server data. The...

6.3CVSS
Exploits0References5
NVD
NVD
added yesterday5 views

CVE-2026-50281

Craft CMS is a content management system CMS. Versions 5.7.0 and above, prior to 5.9.21 contain a mass-assignment flaw in the bulk-duplicate element action. An attacker who is only able to duplicate their own entires can submit an arbitrary id through the newAttributes request parameter. The...

7.1CVSS
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-58455

Dockwatch through 0.6.567 contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands by exploiting a missing exit after an authentication redirect in loader.php combined with unsanitized input passed to shellexec in...

9.8CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday7 views

CVE-2026-50281 Craft CMS: Mass assignment via id in newAttributes during bulk duplicate overwrites existing elements

Craft CMS is a content management system CMS. Versions 5.7.0 and above, prior to 5.9.21 contain a mass-assignment flaw in the bulk-duplicate element action. An attacker who is only able to duplicate their own entires can submit an arbitrary id through the newAttributes request parameter. The...

7.1CVSS
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-41409

Craft CMS is a content management system CMS. Versions 5.7.0 and above, prior to 5.9.21 contain a mass-assignment flaw in the bulk-duplicate element action. An attacker who is only able to duplicate their own entires can submit an arbitrary id through the newAttributes request parameter. The...

7.1CVSS5.9AI score
Exploits0References2
Cvelist
Cvelist
added yesterday7 views

CVE-2026-44941 libzypp path traversal via "keyhint" in repomd.xml

A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root...

8.4CVSS
Exploits0References2
EUVD
EUVD
added yesterday3 views

EUVD-2026-41404

A shellcode injection in the mercurial handler of the obs tarscm source service before version 0.12.4 could be used by attackers able to provide a service file to execute code as the source service or the local user checking out the malicious services...

10CVSS5.9AI score
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-4767

Missing authentication for critical function vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Authentication Abuse. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117...

9.8CVSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-5524

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the doimageupload function where user-supplied input from the acceptFileTypes POST...

9.8CVSS
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-4772

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Stored XSS. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117...

5.4CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-4772 Stored XSS in TR7's WAF-ASP

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Stored XSS. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117...

5.4CVSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-4772

CVE-2026-4772 describes a stored cross-site scripting vulnerability in TR7 Cyber Defense Inc. WAF-ASP. Affected versions range from v1.0.324.900 up to, but not including, v1.4.0.117. The issue arises from improper neutralization of input during web page generation. The CVE is confirmed by multipl...

5.4CVSS5.8AI score
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-41370

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Stored XSS. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117...

5.4CVSS5.8AI score
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-57764

Contributor Cross Site Scripting XSS in Surbma | Yoast SEO Breadcrumb Shortcode = 1.2 versions...

6.5CVSS
Exploits0References1
NVD
NVD
added yesterday6 views

CVE-2026-57761

Unauthenticated Cross Site Request Forgery CSRF in SEOWP = 3.12.2 versions...

7.1CVSS
Exploits0References1
Rows per page
Query Builder