Lucene search
+L

390 matches found

patchstack
patchstack
added 6 days ago6 views

WordPress NEX-Forms – Ultimate Forms Plugin for WordPress plugin <= 9.2.2 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification vulnerability

Missing Authorization to Unauthenticated Arbitrary Form Entry Modification vulnerability discovered by Michael Iden Mickhat in WordPress Plugin NEX-Forms versions = 9.2.2...

5.3CVSS6.1AI score0.00273EPSS
Exploits0References1Affected Software1
cve
cve
added 2026/06/30 8:50 p.m.22 views

CVE-2026-11594

CVE-2026-11594 affects IBM WebSphere Application Server components (8.5 and 9.0; with related advisories also mentioning 9.1) where the administrative console is vulnerable to cross-site scripting. The core issue is XSS in the administrative console login/page rendering. Public bulletins from IBM...

8.5CVSS5.6AI score0.00337EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2026/06/30 8:17 p.m.6 views

CVE-2026-11708

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console's integrated help system...

9.3CVSS0.00217EPSS
Exploits0References1
nvd
nvd
added 2026/06/25 2:16 p.m.9 views

CVE-2026-47153

In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted...

7.1CVSS0.00249EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/23 12:53 a.m.8 views

CVE-2026-11833

Overview: A vulnerability has been found in FAST/TOOLS and CI Server. The web server may return a response containing the CI Server setting information. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages:...

8.2CVSS5.7AI score0.00217EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/22 2:46 p.m.4 views

CVE-2026-9006

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery SSRF with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure...

7.4CVSS5.8AI score0.00221EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2026/06/17 10:54 a.m.17 views

CVE-2026-46905

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime Security. Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...

9.8CVSS0.00483EPSS
Exploits0References1
ibm
ibm
added 2026/06/16 3:21 p.m.5 views

Security Bulletin: IBM WebSphere Application Server is affected by an authentication bypass vulnerability (CVE-2026-10845)

Summary IBM WebSphere Application Server is affected by a an authentication bypass when a JAX-WS application is deployed. Vulnerability Details CVEID:CVE-2026-10845 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to bypass authentication and gain unauthorized access to...

7.3CVSS5.4AI score0.00337EPSS
Exploits0Affected Software1
osv
osv
added 2026/06/16 2:33 p.m.7 views

GHSA-7Q4V-2MR6-5GPX Microsoft Security Advisory CVE-2026-45491 – .NET Tampering Vulnerability

Executive Summary Microsoft is releasing this security advisory to provide information about a vulnerability in System.Formats.Tar. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A tampering vulnerability exists in the...

6.8CVSS5.7AI score0.00388EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/06/15 8:19 p.m.9 views

CVE-2026-52702 WordPress SEO Redirection plugin <= 9.17 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in SEO Redirection = 9.17 versions...

7.1CVSS5.1AI score0.00145EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/06/05 12:0 a.m.10 views

Open XDMoD 操作系统命令注入漏洞

Open XDMoD is an open-source tool developed by the Center for Computational Research for managing high-performance computing resources. Versions 9.5.0 to 11.0.2 of Open XDMoD contain a vulnerability related to operating system command injection. This vulnerability allows attackers to remotely...

9.8CVSS5.8AI score0.00388EPSS
Exploits1References4
euvd
euvd
added 2026/06/01 5:49 p.m.15 views

EUVD-2026-33735

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls...

9CVSS6.4AI score0.00508EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/01 5:49 p.m.12 views

CVE-2026-9311 IBM WebSphere Application Server is affected by remote code execution

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls...

9CVSS6.4AI score0.00508EPSS
Exploits0References1
ibm
ibm
added 2026/05/29 9:0 a.m.10 views

Security Bulletin: There is a vulnerability in bcprov-jdk18on-1.81.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-14813)

Summary There is a vulnerability in bcprov-jdk18on-1.81.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA...

9.9CVSS7.1AI score0.00691EPSS
Exploits0Affected Software1
ibm
ibm
added 2026/05/28 7:28 p.m.17 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM HTTP Server have been published in a security bulletin CVE-2026-8834, CVE-2026-8852, CVE-2026-8856, CVE-2026-8850, CVE-2026-8854, CVE-2026-8855, CVE-2026-8835,...

9.8CVSS5.9AI score0.00488EPSS
Exploits1Affected Software1
cve
cve
added 2026/05/27 2:54 a.m.32 views

CVE-2026-2253

Hitachi Vantara Pentaho Data Integration & Analytics is affected by an XXE issue in XML parsing. Versions before 10.2.0.7 and 11.0.0.0 (including 9.3.x and 8.3.x) do not sufficiently restrict external entities, enabling potential confidentiality impact. CVSSv3.1 base score 7.7 (HIGH) with NETWORK...

7.7CVSS5.8AI score0.00201EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2026/05/26 6:16 p.m.24 views

CVE-2026-8856

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration...

9.1CVSS0.00197EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/26 4:56 p.m.39 views

CVE-2026-8856 IBM HTTP Server is affected by multiple vulnerabilities

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration...

7.7CVSS0.00197EPSS
Exploits0References1
cve
cve
added 2026/05/26 4:56 p.m.24 views

CVE-2026-8856

IBM HTTP Server 8.5 and 9.0 are affected by CVE-2026-8856, a denial-of-service condition triggered when an attacker with write access to parts of the server configuration can consume resources. The IBM Security Bulletin lists this CVE among multiple vulnerabilities in IBM HTTP Server (bundled wit...

9.1CVSS5.8AI score0.00197EPSS
Exploits0References1Affected Software1
euvd
euvd
added 2026/05/26 4:54 p.m.15 views

EUVD-2026-31894

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module modibmupload...

7.5CVSS5.8AI score0.0038EPSS
Exploits0References1
Rows per page
Query Builder