Lucene search
+L

499 matches found

CVE
CVE
added 14 hours ago8 views

CVE-2026-15457

Vulnerability summary (CVE-2026-15457) : The Kirki – Freeform Page Builder, Website Builder & Customizer WordPress plugin is vulnerable to a Directory Traversal in all versions up to and including 6.0.13 via the 'family' parameter . Authenticated attackers with editor-level access or higher can d...

4.9CVSS6.2AI score
Exploits0References10
CVE
CVE
added 3 days ago35 views

CVE-2025-53379

Fortinet FortiAuthenticator is affected by CVE-2025-53379, an out-of-bounds read vulnerability in FortiAuthenticator 6.6.0–6.6.2 and all 6.5 versions. A remote unauthenticated attacker could potentially retrieve sensitive information via a specially crafted request. The CVSSv3.1 vector is NETWORK...

7.5CVSS6.1AI score0.00385EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/07/10 5:41 a.m.9 views

WordPress LoginPress Pro plugin <= 6.2.3 - Unauthenticated Authentication Bypass vulnerability

Unauthenticated Authentication Bypass vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin LoginPress Pro versions = 6.2.3...

8.1CVSS5.9AI score0.00422EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/07/10 4:17 a.m.9 views

CVE-2026-14894

The Super Forms – Drag & Drop Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 6.3.313 via the submitform function. This is due to missing file type validation and the absence of any capability check on the submitform nopriv AJAX...

9.8CVSS0.00523EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.6 views

PT-2026-56404

Name of the Vulnerable Software and Affected Versions Essential Addons for Elementor versions prior to 6.6.3 Description Stored Cross-Site Scripting XSS occurs in the Event Calendar widget due to insufficient input sanitization and output escaping on event titles sourced from The Events Calendar...

6.4CVSS5.5AI score0.00187EPSS
Exploits0References6
NVD
NVD
added 2026/07/02 12:16 p.m.6 views

CVE-2025-69153

Unauthenticated Cross Site Scripting XSS in Trendy Travel = 6.7 versions...

7.1CVSS0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 11:46 a.m.8 views

EUVD-2026-40298

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Stored XSS. This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.4.0. NOTE: The vendor was contacted and it...

6.1CVSS5.8AI score0.00149EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52386

Name of the Vulnerable Software and Affected Versions MainWP Child versions prior to 6.1.2 Description An unauthenticated broken access control issue exists, allowing unauthorized users to bypass access restrictions. Recommendations Update to a version newer than 6.1.1...

7.5CVSS5.8AI score0.00223EPSS
Exploits0References3
CVE
CVE
added 2026/06/15 2:6 p.m.20 views

CVE-2026-8683

Mattermost Desktop App

6.5CVSS5.2AI score0.00199EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/10 10:2 p.m.2 views

CVE-2026-53460 ImageMagick: Policy Bypass can trigger out-of-Memory condition

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, a missing check for maximum memory request in AcquireAlignedMemory could trigger an out-of-Memory condition. This issue has been patched in versions 6.9.13-50 a...

7.5CVSS5.9AI score0.00346EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/10 9:45 p.m.38 views

CVE-2026-46559 ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an incorrect check in the JP2 will result in an heap buffer over-write of a single byte when specifying certain options. This issue has been patched in versions...

4CVSS0.00116EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.8 views

CVE-2026-47935 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00207EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 4:48 p.m.33 views

CVE-2026-47990 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.7 views

CVE-2026-48265 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00283EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.12 views

CVE-2026-48266 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00283EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 3:51 a.m.10 views

CVE-2026-41850 Spring Framework Algorithmic Denial of Service via SpEL Expressions

Applications that evaluate user-supplied Spring Expression Language SpEL expressions are vulnerable to an Algorithmic Denial of Service DoS. By providing a specially crafted expression, an attacker can trigger excessive resource consumption during evaluation, leading to application degradation or...

7.5CVSS5.5AI score0.0036EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...

5.4CVSS5.1AI score0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among...

5.4CVSS5.2AI score0.00207EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 12:59 p.m.19 views

CLEANSTART-2026-RE02723 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-27139, CVE-2026-27142, CVE-2026-32281, CVE-2026-32283, CVE-2026-33186, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39836, CVE-2026-39883, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42506, CVE-2026-42508, CVE-2026-46595, CVE-2026-46597, CVE-2026-46598, ghsa-9h8m-3fm2-qjrq, ghsa-p77j-4mvh-x3m3 applied in versions: 6.1.0-r0, 6.1.0-r1, 6.1.0-r2, 6.1.0-r3, 6.1.0-r4

Multiple security vulnerabilities affect the kubernetes-csi-external-provisioner-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.5AI score0.01945EPSS
Exploits4References91
vulnersOsv
vulnersOsv
added 2026/06/08 12:0 a.m.4 views

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +23855 more potentially affected by CVE-2026-41851 via org.springframework:spring-core (>=6.1.0 <=6.2.18)

org.springframework:spring-core MAVEN version =6.1.0, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo =0.1.0 -...

7.5CVSS5.7AI score0.0036EPSS
Exploits0
Rows per page
Query Builder