Lucene search
+L

5 matches found

CVE
CVE
added 2026/03/20 8:27 a.m.13 views

CVE-2026-33071

CVE-2026-33071 concerns FileRise, a self-hosted web file manager/WebDAV server. Affected versions prior to 3.8.0 allow WebDAV uploads to bypass the filename validation enforced by the regular upload path, since createFile() and put() accept filenames directly from the WebDAV client without valida...

8.8CVSS6.1AI score0.00621EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/03 6:46 a.m.4 views

CVE-2026-1874

Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior and Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP versions 1.000 and prior allo...

8.7CVSS5.4AI score0.00421EPSS
Exploits0References4Affected Software2
EUVD
EUVD
added 2026/01/30 3:11 p.m.7 views

EUVD-2026-5025

Vendure is an open-source headless commerce platform. Prior to version 3.5.3, the NativeAuthenticationStrategy.authenticate method is vulnerable to a timing attack that allows attackers to enumerate valid usernames email addresses. In packages/core/src/config/auth/native-authentication-strategy.t...

6.9CVSS5.9AI score0.00364EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/09/18 2:38 p.m.4 views

CVE-2025-59417 Lobe Chat Desktop Vulnerable to Remote Code Execution via XSS in Chat Messages

Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.129.4, there is a a cross-site scripting XSS vulnerability when handling chat message in lobe-chat that can be escalated to remote code execution on the user’s machine. In lobe-chat, when the response from the...

7.7CVSS6.2AI score0.00371EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/04/24 12:0 a.m.7 views

PT-2023-16896 · WordPress · Easy Forms For Mailchimp

Name of the Vulnerable Software and Affected Versions: Easy Forms for Mailchimp WordPress plugin versions prior to 6.8.8 Description: The issue is related to a Reflected Cross-Site Scripting problem, where some parameters are not properly sanitised and escaped before being outputted in the...

6.1CVSS6.3AI score0.00559EPSS
Exploits2References6
Rows per page
Query Builder