Lucene search
K

5805 matches found

CVE
CVE
added yesterday13 views

CVE-2026-15509

Leantime up to 3.8.0 is affected by a vulnerability in the JSON-RPC Endpoint functions editUser/addUser where manipulating the role argument leads to improper authorization. The issue is exploitable remotely and has been publicly disclosed; vendor response was not provided. Affected impact includ...

6.5CVSS6.2AI score
Exploits0References5
Nuclei
Nuclei
added yesterday77 views

Extreme Management Center 8.4.1.24 - Cross-Site Scripting

Extreme Management Center 8.4.1.24 contains a cross-site scripting vulnerability via a parameter in a GET request. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6.5AI score0.04015EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday61 views

DedeCMS 5.7.109 - Server-Side Request Forgery

Manipulation of the rssurl parameter in codo.php leads to server-side request forgery in DedeCMS version 5.7.109. id: CVE-2023-3578 info: name: DedeCMS 5.7.109 - Server-Side Request Forgery author: ritikchaddha severity: critical description: | Manipulation of the rssurl parameter in codo.php lea...

9.8CVSS6.5AI score0.0357EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday190 views

qdPM 9.2 - Directory Traversal

qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI. id: CVE-2023-45855 info: name: qdPM 9.2 - Directory Traversal author: DhiyaneshDk severity: high description: | qdPM 9.2 allows Directory Traversal to list files and directories by navigating to t...

7.5CVSS7AI score0.0333EPSS
Exploits1References3
CVE
CVE
added 3 days ago8 views

CVE-2026-59155

Nezha Monitoring (self-hosted) had a credential exposure flaw prior to version 2.2.5. The GET endpoints /api/v1/ddns and /api/v1/notification returned full resource objects that included plaintext third-party API credentials (Cloudflare API tokens, TencentCloud SecretKeys, Slack/Discord/Telegram ...

6.9CVSS6.1AI score0.00304EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-39123

SiYuan: Stored XSS to RCE via CSS-snippet breakout in renderSnippet...

9.9CVSS6.1AI score0.00307EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 3 days ago5 views

CVE-2026-13430

The Post Export Import with Media plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.13.1 via the importmediafilesecure function. This is due to insufficient file extension validation caused by a trailing-dot filename bypass, where the extension...

7.2CVSS6.6AI score0.00615EPSS
Exploits0References8
NVD
NVD
added 5 days ago9 views

CVE-2026-56297

FreeRDP before 3.22.0 contains a use-after-free vulnerability in dvcmanchannelclose and dvcmancallonreceive due to improper synchronization of channelcallback access. A malicious RDP server can trigger a race condition by sending DYNVCDATA and DYNVCCLOSE messages concurrently, causing...

8.3CVSS0.00281EPSS
Exploits1References2
CVE
CVE
added 5 days ago13 views

CVE-2026-6740

CVE-2026-6740 affects the Nexter Blocks – Gutenberg Blocks, Page Builder & AI Website Builder plugin for WordPress. The vulnerability is a Stored XSS via the ‘commentIcon’ block attribute, caused by insufficient input sanitization and output escaping. It affects all versions up to and including 4...

6.4CVSS6.1AI score0.00156EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago6 views

EUVD-2025-210440

The Website Builder by SeedProd - Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's seedprodnestedmenuwidget shortcode in all versions up to, and including, 6.20.2 due to insufficient input...

6.4CVSS6.1AI score0.00156EPSS
Exploits0References2
NVD
NVD
added last week8 views

CVE-2025-53830

Anti-Virus for ownCloud is an anti-virus application for file storage, synchronization, and sharing application ownCloud. Versions of Anti-Virus for ownCloud before 1.2.3 are vulnerable to Server-Side Request Forgery SSRF. This corresponds to versions of ownCloud 10 prior to 10.15.3. Upgrade...

9.1CVSS0.00257EPSS
Exploits0References1
OSV
OSV
added 2026/07/02 7:44 p.m.2 views

GHSA-GVJC-3W7C-92JX Zebra has sync restart poisoning from single unauthenticated peer via above-lookahead block

Am I affected You are affected if: 1. You run zebrad up to and including v4.4.1. 2. Your node accepts inbound P2P connections and is syncing or catching up to the chain tip. Summary A malicious peer can answer Zebra's outbound getblocks/FindBlocks request with a small two-hash inventory, then ser...

5.3CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.37 views

CVE-2026-57749 WordPress SportsPress Pro plugin <= 2.7.29 - Local File Inclusion vulnerability

Contributor Local File Inclusion in SportsPress Pro = 2.7.29 versions...

7.5CVSS0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 11:58 a.m.9 views

EUVD-2026-40952

MCO is vulnerable to Path Disclosure and Path Traversal in file handling functionality related to data export and upload. Improper validation of the filename parameter allows writing files to arbitrary locations as well as indirect disclosure of absolute server paths through error messages. Becau...

7.1CVSS5.9AI score0.00339EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 12:34 a.m.11 views

EUVD-2026-40651

Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00174EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.19 views

EUVD-2026-40591

Race in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensitive information from process memory via physical access to the device. Chromium security severity: Medium...

4.2CVSS5.8AI score0.00092EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2026-40465

Use after free in Chromoting in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via malicious network traffic. Chromium security severity: Critical...

6.2AI score0.00366EPSS
Exploits0References3
Talos
Talos
added 2026/07/01 12:0 a.m.9 views

GeoVision GeoWebPlayer Websocket Server lack of authentication vulnerability

Summary A lack of authentication vulnerability exists in the Websocket Server functionality of GeoWebPlayer versions: 1.1.1.0. A specially crafted websocket connection can lead to execute priviledged operation. An attacker can stage a malicious webpage to trigger this vulnerability. Confirmed...

8.8CVSS5.9AI score0.00227EPSS
Exploits0
OSV
OSV
added 2026/06/30 11:17 p.m.2 views

DEBIAN-CVE-2026-13903

Insufficient policy enforcement in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS5.8AI score0.00345EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/30 10:39 p.m.6 views

CVE-2026-14130

Incorrect security UI in Omnibox in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00202EPSS
Exploits0
Rows per page
Query Builder