Lucene search
+L

421 matches found

Patchstack
Patchstack
added 2026/03/23 12:30 p.m.7 views

WordPress KIDZ theme <= 5.24 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme KIDZ versions = 5.24...

9.8CVSS5.8AI score0.00375EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/03/20 9:39 p.m.29 views

CVE-2026-33171 Statamic has a path traversal in file dictionary fieldtype

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.14 and 6.7.0, authenticated Control Panel users could read arbitrary .json, .yaml, and .csv files from the server by manipulating the file dictionary's filename configuration parameter in the fieldtype's...

4.3CVSS0.00348EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/20 8:25 p.m.3 views

CVE-2026-33155 DeepDiff has Memory Exhaustion DoS through SAFE_TO_IMPORT

DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle unpickler RestrictedUnpickler validates which classes can be loaded but does not limit their constructor arguments. A few of the types in SAFETOIMPORT have...

8.7CVSS5.8AI score0.00452EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/20 1:35 a.m.2 views

CVE-2026-32875 UltraJSON has an integer overflow handling large indent leads to buffer overflow or infinite loop

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.10 through 5.11.0 are vulnerable to buffer overflow or infinite loop through large indent handling. ujson.dumps crashes the Python interpreter segmentation fault when the product of the indent...

7.5CVSS6.1AI score0.00469EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.7 views

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft Studio. Vulnerabilities existed in versions of Craft CMS from 4.0.0-RC1 to 4.17.6, as well as in versions 5.0.0-RC1 to 5.9.12. These vulnerabilities stemmed from a potential exploit where low-privilege users or unverified...

9.8CVSS5.8AI score0.0773EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/09 1:59 p.m.5 views

CVE-2026-29784

Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost...

8.8CVSS5.7AI score0.00157EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/05 5:54 a.m.4 views

CVE-2026-28103

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup LBG Zoominoutslider lbgzoominoutslider allows Reflected XSS.This issue affects LBG Zoominoutslider: from n/a through = 5.4.5...

5.9AI score0.0018EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/04 9:31 a.m.9 views

be.yildiz-games:module-messaging-activemq (>=1.0.0 <=1.0.1), cn.codeforfun:jfinal-activemq (=0.3) +215 more potentially affected by CVE-2025-66168 +1 more via org.apache.activemq:activemq-all (>=5.0.0 <=5.19.1)

org.apache.activemq:activemq-all MAVEN version =5.0.0, =1.0.0, =6.0.03, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.3-rc1, =2.0.0, =3.0.0, =8.0.0, =2.0.0, =1.0.0, =1.0.1, =1.0.2 and more Source cves: CVE-2025-66168, CVE-2026-40046 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-15426350...

8.8CVSS6AI score0.0078EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/03/03 9:29 a.m.6 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Squashfs: negative file sizes are now rejected in squashfsread inode. Syskaller reports a “WARNING in ovlcopyupfile” in overlayfs. This warning occurs because the underlying Squashfs file system returns a file with a negative...

6AI score0.00193EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.10 views

Digital Arts FinalCode Client 安全漏洞

Digital Arts FinalCode Client is an enterprise-level information rights management client software developed by Digital Arts Inc. The Digital Arts FinalCode Client Ver.5 series and Ver.6 series contain security vulnerabilities. These vulnerabilities stem from incorrect default permissions, which...

8.5CVSS7.3AI score0.0012EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/24 2:45 a.m.5 views

CVE-2026-27129

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation uses gethostbyname, which only resolves IPv4 addresses. When a hostname has only AAAA IPv6 records, the function returns the...

7.1CVSS5.3AI score0.00427EPSS
Exploits2References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/20 1:26 p.m.7 views

CVE-2026-25368

Missing Authorization vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Calculated Fields Form: from n/a through = 5.4.4.1...

6.5CVSS5.4AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/20 1:26 p.m.6 views

CVE-2026-25388

Missing Authorization vulnerability in scripteo Ads Pro ap-plugin-scripteo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads Pro: from n/a through = 5.0...

5.4CVSS5.5AI score0.00209EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/20 8:12 a.m.9 views

WordPress Ads Pro plugin <= 5.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Ads Pro versions = 5.0...

5.4CVSS5.4AI score0.00209EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/20 7:42 a.m.4 views

CVE-2026-26370

WordPress Plugin "Survey Maker" versions 5.1.7.7 and prior contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web browser...

6.1CVSS5.3AI score0.00193EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/19 8:30 p.m.9 views

Statamic affected by privilege escalation via stored cross-site scripting

Impact Stored XSS vulnerability in html fieldtypes allow authenticated users with field management permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Patches This has been fixed in 6.3.2 and 5.73.9...

8.1CVSS5.4AI score0.0028EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.8 views

WordPress plugin WpEvently 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

9.8CVSS5.8AI score0.00383EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/18 1:19 p.m.8 views

WordPress WpEvently plugin <= 5.1.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Plugin WpEvently versions = 5.1.1...

9.8CVSS5.5AI score0.00383EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/02/16 7:17 a.m.6 views

CVE-2026-2543

A vulnerability was identified in vichan-devel vichan up to 5.1.5. This vulnerability affects unknown code of the file inc/mod/pages.php of the component Password Change Handler. The manipulation of the argument Password leads to unverified password change. The attack can be initiated remotely. T...

5.1CVSS0.00271EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.8 views

Craft CMS 代码问题漏洞

Craft CMS is an open-source content management system developed by Craft CMS. There are code vulnerabilities in versions 4.0.0-RC1 to 4.16.17, and from 5.0.0-RC1 to 5.8.21 of Craft CMS. These vulnerabilities stem from the IP address validation function’s inability to recognize alternate...

6.9CVSS5.9AI score0.00359EPSS
Exploits1References3
Rows per page
Query Builder