Lucene search
K

2028 matches found

EUVD
EUVD
added 2026/06/18 12:56 p.m.7 views

EUVD-2026-37885

UBB.threads is vulnerable to Blind SQL Injection, allowing attackers with access to the Members in Control Panel to interact with the underlying database. Due to insufficient input sanitization, an attacker can extract sensitive information, such as user credentials, by manipulating SQL queries...

8.6CVSS5.6AI score0.00305EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 12:56 p.m.8 views

CVE-2026-54222

UBB.threads is vulnerable to Blind SQL Injection, allowing attackers with access to the Members in Control Panel to interact with the underlying database. Due to insufficient input sanitization, an attacker can extract sensitive information, such as user credentials, by manipulating SQL queries...

8.6CVSS5.6AI score0.00305EPSS
Exploits0References3
CVE
CVE
added 2026/06/18 12:56 p.m.19 views

CVE-2026-54221

UBB.threads is affected by a Reflected XSS vulnerability (CVE-2026-54221). The issue is confirmed in version 7.7.5 and may affect other versions. The vulnerability allows an attacker to execute arbitrary JavaScript in a victim’s browser when the user clicks a crafted link, with user interaction r...

5.1CVSS5.8AI score0.00293EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 12:56 p.m.18 views

CVE-2026-54220

CVE-2026-54220 : uBB.threads is vulnerable to a Cross-Site Request Forgery (CSRF) due to a lack of protective mechanisms, confirmed in version 7.7.5 and possibly earlier. The flaw allows an attacker to trick an authenticated user into performing unintended actions. The CVSS metrics indicate high ...

8.6CVSS5.2AI score0.00187EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 12:56 p.m.16 views

CVE-2026-54220 Cross-Site Request Forgery in UBB.threads

uBB.threads is vulnerable to a Cross-Site Request Forgery CSRF due to a lack of protective mechanisms. This allows an attacker to trick an authenticated user into executing unintended actions. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version...

8.6CVSS0.00187EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 10:53 a.m.9 views

CVE-2026-46768

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: VMSVGA device. The supported version that is affected is 7.2.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

6CVSS0.0015EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:40 a.m.8 views

CVE-2026-35275

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Shared Folders. The supported version that is affected is 7.2.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...

7.5CVSS0.00123EPSS
Exploits0References1
OSV
OSV
added 2026/06/17 10:8 a.m.5 views

RHSA-2026:26306 Red Hat Security Advisory: redis:7 security update

Bulletin has no description...

8.8CVSS5.3AI score0.02995EPSS
Exploits4References19
Cvelist
Cvelist
added 2026/06/17 9:51 a.m.30 views

CVE-2026-54185 WordPress Cornerstone plugin < 7.8.8 - SQL Injection vulnerability

Subscriber SQL Injection in Cornerstone 7.8.8 versions...

8.5CVSS0.00342EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.15 views

PT-2026-50123

Unauthenticated Cross Site Scripting XSS in Enfold = 7.1.4 versions...

7.1CVSS5.2AI score0.00186EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.13 views

PT-2026-49902

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue exists in the VMSVGA device component of Oracle VM VirtualBox. A high-privileged attacker with access to the infrastructure where the software executes can compromise the system. This may...

6CVSS5.8AI score0.0015EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.15 views

PT-2026-50074

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue exists in the VMSVGA device component of Oracle VM VirtualBox. A high-privileged attacker with logon access to the infrastructure where the software executes can compromise the system. Th...

3.2CVSS5.8AI score0.00162EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/15 9:30 p.m.8 views

EUVD-2026-36979

Unauthenticated Cross Site Scripting XSS in Coupon Affiliates = 7.5.3 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.8 views

EUVD-2026-36973

Unauthenticated Broken Access Control in Redsys for WooCommerce Light = 7.0.0 versions...

7.5CVSS5.1AI score0.00246EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.5 views

CVE-2026-40790

Subscriber Sensitive Data Exposure in WP SMS = 7.2.1 versions...

6.5CVSS0.00326EPSS
Exploits0References1
OSV
OSV
added 2026/06/15 8:6 p.m.3 views

GHSA-84G9-W2XQ-VCV6 React Router: Potential CSRF via PUT/PATCH/DELETE document requests

Certain CSRF checks in React Router v7 Framework Mode were insufficient and run on POST requests, but were bypassed on PUT/PATCH/DELETE requests. This is a low severity vulnerability because modern browser protections CORS preflight, SameSite cookies already block the cross-origin attack vectors...

3.1CVSS5.4AI score0.00106EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.7 views

PT-2026-49360

Unauthenticated Deserialization of untrusted data in Paid Videochat Turnkey Site = 7.3.23 versions...

8.1CVSS5.2AI score0.00317EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.14 views

PT-2026-49344

Name of the Vulnerable Software and Affected Versions FV Flowplayer Video Player versions prior to 7.5.51.7212 Description Cross Site Scripting XSS is possible for users with the Subscriber role. This issue allows an attacker to inject malicious scripts into web pages viewed by other users...

6.5CVSS5.1AI score0.00166EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 7:16 p.m.13 views

CVE-2026-53407

Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access...

9.8CVSS0.00231EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 10:7 a.m.7 views

RHSA-2026:25219 Red Hat Security Advisory: redis:7 security update

Bulletin has no description...

8.8CVSS5AI score0.02995EPSS
Exploits4References19
Rows per page
Query Builder