Lucene search
+L

201 matches found

OSV
OSV
added 4 days ago3 views

ROOT-OS-UBUNTU-2204-CVE-2026-23085 CVE-2026-23085 in rootio-linux - Patched by Root

Root has patched CVE-2026-23085 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

5.5CVSS5.4AI score0.00123EPSS
Exploits0
CVE
CVE
added 2026/07/06 10:49 p.m.9 views

CVE-2026-53643

FOSSBilling (free/open-source billing and client management system) is affected in versions prior to 0.8.0. The vulnerability arises from a combination of a can_always_access module flag that grants broad access to certain modules and insufficient permission checks or unsafe parameter handling on...

8.7CVSS6AI score0.00226EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 10:30 p.m.16 views

CVE-2026-53640

CVE-2026-53640 (FOSSBilling) affects the FOSSBilling project prior to version 0.8.0, where low-privileged staff could read sensitive data via admin API endpoints that lack proper authorization checks on read operations. The issue contrasts with write endpoints that have fine-grained permissions, ...

2.3CVSS6AI score0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 8:38 a.m.37 views

CVE-2026-24013 Apache IoTDB: Authentication Bypass via Forged SessionID in Thrift RPC

Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests with a forged sessionId and, without performing openSession authentication, receive valid query results. This...

0.00471EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.15 views

PT-2026-56039

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.5.6 through 0.7.2 Description When a ClientPasswordReset record already exists for a client from a previous unexpired request, subsequent calls to the reset password guest API endpoint reuse the existing token instead of...

7.7CVSS6AI score0.00215EPSS
Exploits1References5
CVE
CVE
added 2026/07/01 3:43 a.m.17 views

CVE-2026-12090

The Taskbuilder WordPress plugin (Taskbuilder – Project Management & Task Management Tool With Kanban Board) is affected by a generic SQL Injection via the wppm_proj_filter parameter in all versions up to 5.0.8. The root cause is insufficient escaping of the user-supplied parameter and an inadequ...

6.5CVSS5.9AI score0.00319EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.39 views

CVE-2025-68075 WordPress BNE Testimonials plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting XSS in BNE Testimonials = 2.0.8 versions...

6.5CVSS0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 2:25 p.m.40 views

CVE-2026-27604 FOSSBilling: Improper API Role Validation (system) Enables Unauthenticated Access to Privileged Admin Functions

FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API role handling allows unauthenticated access to privileged /api/system/ endpoints. Because system resolves to the cron admin identity,...

10CVSS0.00408EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/21 10:45 p.m.7 views

CVE-2026-12814

A flaw has been found in Comfast CF-WR631AX V3 up to 2.7.0.8. This issue affects the function system of the file /cgi-bin/mbox-config?section=pingconfig of the component API Endpoint. This manipulation of the argument destination causes os command injection. The attack is possible to be carried o...

6.5CVSS6.1AI score0.01182EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/06/15 2:16 p.m.15 views

CVE-2026-52704

Improper Control of Generation of Code 'Code Injection' vulnerability in Edgar Rojas WooCommerce PDF Invoice Builder allows Remote Code Inclusion. This issue affects WooCommerce PDF Invoice Builder: from n/a through 2.0.8...

10CVSS0.00314EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 10:16 p.m.14 views

CVE-2026-47120

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks no ownership check. This issue has been patched in version 2.0.8...

7.1CVSS0.00261EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 9:2 p.m.31 views

CVE-2026-47120 Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks no ownership check. This issue has been patched in version 2.0.8...

7.1CVSS0.00261EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 12:46 p.m.9 views

CVE-2026-43926 FOSSBilling's password reset confirmation endpoint lacks rate limiting

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint /client/reset-password-confirm/:hash is handled by a non-API controller and is not covered by FOSSBilling's rate limiter, which only applies to /api/ routes...

6.3CVSS5.8AI score0.00217EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/04 12:46 p.m.41 views

CVE-2026-43926 FOSSBilling's password reset confirmation endpoint lacks rate limiting

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint /client/reset-password-confirm/:hash is handled by a non-API controller and is not covered by FOSSBilling's rate limiter, which only applies to /api/ routes...

6.3CVSS0.00217EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 2:0 a.m.13 views

EUVD-2026-33535

A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function getsafetywarning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit h...

7.5CVSS6.7AI score0.01336EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/26 11:54 a.m.37 views

CVE-2026-8479

IEC 60870-5-104 used in bidirectional mode in RTU500 is vulnerable for a NULL pointer dereferencing, if a specially crafted sequence of messages is sent for a certain time, causing Denial of Service impact. Product is only affected if IEC 60870-5-104 functionality in bidirectional mode BCI is...

6.9CVSS0.0017EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/25 10:5 p.m.27 views

CVE-2026-48837

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection. This issue affects Unlimited Elements For Elementor: from n/a through 2.0.8...

8.5CVSS5.8AI score0.00373EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Python-Django

A issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters are vulnerable to a denial-of-service attack due to very large inputs containing a specific sequence of characters...

7.5CVSS6.6AI score0.01258EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.18 views

PT-2026-41388

Name of the Vulnerable Software and Affected Versions NukeViet CMS versions prior to 4.5.08 Description Stored Cross-Site Scripting XSS occurs due to insufficient server-side input sanitization in the Request class. The application relies on client-side filtering to sanitize HTML tags and...

8.7CVSS5.8AI score0.00349EPSS
Exploits0References6
Microsoft Security Update
Microsoft Security Update
added 2026/05/12 5:0 p.m.24 views

2026-05 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1607 for x64 (KB5087065)

2026-05 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1607 for x64 KB5087065...

5.8AI score
Exploits0
Rows per page
Query Builder