Lucene search
K

473 matches found

EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42846

The Easy Upload Files During Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.0.1. This is due to missing authorization checks in the ufdccustominit function, which processes the 'eufdc-delete' parameter without any nonce verification,...

5.3CVSS6.2AI score0.00243EPSS
Exploits0References8
CVE
CVE
added 2026/06/30 10:38 p.m.20 views

CVE-2026-13937

CVE-2026-13937 concerns Google Chrome where insufficient policy enforcement in passwords handling within the Chromium-based renderer allowed a remote attacker who had already compromised the renderer to leak cross-origin data via a crafted HTML page. The vulnerability is described in multiple sou...

6.5CVSS5.8AI score0.00288EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-371 Open Source Kubectl MCP Server vulnerable to arbitrary code execution via user interaction with crafted HTML page

An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page...

9.8CVSS6.2AI score0.00578EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/25 1:12 p.m.30 views

CVE-2026-56042 WordPress Advanced Order Export For WooCommerce plugin <= 4.0.9 - Cross Site Scripting (XSS) vulnerability

Customer Cross Site Scripting XSS in Advanced Order Export For WooCommerce = 4.0.9 versions...

7.1CVSS0.0018EPSS
Exploits0References1
NVD
NVD
added 2026/06/18 8:16 a.m.11 views

CVE-2026-11395

The CF7 to Webhook plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.0 via the pullthetrigger. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be...

7.2CVSS0.00231EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.12 views

CVE-2026-42249

Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers. When downloading updates, the application constructs local file paths using values derived from HTTP headers without validation. These...

9.8CVSS6.6AI score0.00625EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 8:48 p.m.11 views

CVE-2026-42538

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...

6.3CVSS5.8AI score0.00175EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/28 4:50 p.m.16 views

EUVD-2026-32970

OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, there is a cross-tenant IDOR on feature-flag and assist-stats routes via projectid case mismatch. ProjectAuthorizer.call OSS api/auth/authproject.py:14-38 and EE ee/api/auth/authproject.py:14-46 only runs...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References1
OSV
OSV
added 2026/05/26 9:16 p.m.15 views

UBUNTU-CVE-2026-44708

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the mistune math plugin renders inline math $...$ and block math $$...$$ by concatenating the raw user-supplied content directly into the HTML output without any HTML escaping. This occurs even when the parser is...

6.1CVSS5.8AI score0.00228EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.39 views

CVE-2026-6391 Sentence To SEO (keywords, description and tags) <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Page Parameters

The Sentence To SEO keywords, description and tags plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the createadminpage function. This makes it possible for unauthenticated attackers...

6.1CVSS0.00174EPSS
Exploits0References9
CVE
CVE
added 2026/05/14 3:27 a.m.24 views

CVE-2026-7525

The CVE pertains to WordPress plugin My Calendar – Accessible Event Manager (versions ≤ 3.7.9). It describes an authorization bypass: authenticated users with custom-level access can tamper with the POST body (e.g., event_approved) to publish events or set statuses (cancelled, private) beyond the...

4.3CVSS5.8AI score0.00341EPSS
Exploits0References12
CVE
CVE
added 2026/05/13 5:4 p.m.56 views

CVE-2026-44579

Next.js vulnerability CVE-2026-44579 affects Next.js releases prior to 15.5.16 and 16.2.5 where Partial Prerendering via Cache Components can cause a connection-exhaustion DoS through crafted POST requests to a server action. A malicious request may trigger a request-body handling deadlock, leavi...

7.5CVSS5.8AI score0.00546EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Inbox Zero 信息泄露漏洞

Inbox Zero is an AI email assistant developed by Elie Steinbock. It automatically organizes the inbox, drafts responses, and manages schedules. Versions of Inbox Zero prior to 2.29.3 had a vulnerability related to information leakage. This vulnerability stemmed from the use of shared Redis...

4.3CVSS5.8AI score0.00228EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/16 7:24 p.m.28 views

CVE-2026-33122 DataEase has SQL Injection via Datasource Management

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource update process. When a new table definition is added during a datasource update via /de2api/datasource/update, the deTableName field from th...

8.6CVSS0.00405EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.10 views

Bouncy Castle Java 安全漏洞

Bouncy Castle Java is an open-source encryption algorithm developed by Legion of the Bouncy Castle Inc. Versions of Bouncy Castle Java prior to 1.84 contained security vulnerabilities, which were caused by improper handling of special elements in LDAP queries. These vulnerabilities could lead to...

6.9CVSS5.8AI score0.00527EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.9 views

WordPress plugin ProSolution WP Client 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

9.8CVSS6.3AI score0.00578EPSS
Exploits1References3
NVD
NVD
added 2026/04/06 7:16 a.m.5 views

CVE-2026-5632

A vulnerability was found in assafelovic gpt-researcher up to 3.4.3. This impacts an unknown function of the component HTTP REST API Endpoint. Performing a manipulation results in missing authentication. It is possible to initiate the attack remotely. The exploit has been made public and could be...

7.5CVSS0.00414EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.5 views

Kaleris Yard Management Solutions 安全漏洞

Kaleris Yard Management Solutions is a management system developed by the American company Kaleris, designed to optimize the scheduling of station vehicles and logistics operations. Version 7.2.2.1 of Kaleris Yard Management Solutions contains a security vulnerability. This vulnerability stems fr...

9.8CVSS5.8AI score0.00382EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.8 views

Dataease SQLBot 代码问题漏洞

Dataease SQLBot is a robot plugin developed by Dataease as open source. Versions of Dataease SQLBot 1.6.0 and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect operations with the getesdatabyhttp function parameters in the ElasticSearch Handler component located...

5.8CVSS5.9AI score0.00218EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/26 3:5 p.m.3 views

CVE-2026-31891

Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any deployment where the /api/content/aggregate/model endpoint is...

7.7CVSS5.9AI score0.00397EPSS
Exploits0References1
Rows per page
Query Builder