Lucene search
K

4556 matches found

The Hacker News
The Hacker News
added 5 days ago7 views

URGENT - Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers Over Security Threat

Progress Software has told ShareFile customers to shut down the Windows servers running their Storage Zone Controllers, confirming to The Hacker News that it is responding to a "credible external security threat." The company has temporarily disabled access to the affected accounts, a step it say...

9.8CVSS7AI score0.95076EPSS
Exploits2
Positive Technologies
Positive Technologies
added 5 days ago11 views

PT-2026-57246

Name of the Vulnerable Software and Affected Versions HestiaCP versions prior to 1.9.5 Description An authenticated OS command injection allows low-privilege users to execute arbitrary commands as root. The issue stems from insufficient input validation in the is dns record format valid function...

8.8CVSS6.6AI score0.02077EPSS
Exploits0References6
NVD
NVD
added 2026/07/02 12:16 p.m.5 views

CVE-2025-69156

Unauthenticated Cross Site Scripting XSS in Kids Zone - Children WordPress Theme = 5.4 versions...

7.1CVSS0.0018EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 12:16 p.m.5 views

CVE-2025-69155

Unauthenticated Cross Site Scripting XSS in Fitness Zone WordPress Theme = 5.7 versions...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:14 a.m.11 views

CVE-2025-69156

CVE-2025-69156 details unauthenticated Cross Site Scripting in the WordPress Kids Zone – Children WordPress Theme, affected Versions

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:14 a.m.33 views

CVE-2025-69156 WordPress Kids Zone - Children WordPress Theme theme <= 5.4 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Kids Zone - Children WordPress Theme = 5.4 versions...

7.1CVSS0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 11:14 a.m.6 views

EUVD-2025-210407

Unauthenticated Cross Site Scripting XSS in Fitness Zone WordPress Theme = 5.7 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:14 a.m.14 views

CVE-2025-69155

CVE-2025-69155 affects the Fitness Zone WordPress Theme up to version 5.7. It is described as an unauthenticated Cross Site Scripting (XSS) vulnerability in the theme, with CVSS v3.1 base score 7.1 (HIGH). Attack vector: NETWORK; Attack complexity: LOW; Privileges required: NONE; User interaction...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:14 a.m.34 views

CVE-2025-69155 WordPress Fitness Zone WordPress Theme theme <= 5.7 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Fitness Zone WordPress Theme = 5.7 versions...

7.1CVSS0.0018EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.11 views

PT-2026-54969

Unauthenticated Cross Site Scripting XSS in Kids Zone - Children WordPress Theme = 5.4 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.8 views

PT-2026-54968

Name of the Vulnerable Software and Affected Versions Fitness Zone WordPress Theme versions prior to 5.8 Description An unauthenticated Cross Site Scripting XSS issue exists, which allows an attacker to inject malicious scripts into web pages viewed by other users. Recommendations Update Fitness...

7.1CVSS5.9AI score0.0018EPSS
Exploits0References4
Circl
Circl
added 2026/06/30 5:55 p.m.11 views

CVE-2026-9263

creationtimestamp| type| source ---|---|--- 2026-06-30 17:55:03+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpjl45ebsn2t...

8.1CVSS5.8AI score0.00201EPSS
Exploits1References1
Patchstack
Patchstack
added 2026/06/30 1:26 p.m.5 views

WordPress Fitness Zone WordPress Theme theme <= 6.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Fitness Zone WordPress Theme versions = 6.0...

7.1CVSS6.1AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/30 1:25 p.m.6 views

WordPress Kids Zone - Children WordPress Theme theme <= 6.9 - Cross Site Scripting (XSS) vulnerability

WordPress Kids Zone - Children WordPress Theme theme = 6.9 - Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Kids Zone - Children WordPress Theme versions = 6.9...

7.1CVSS6.1AI score0.0018EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/29 1:50 p.m.7 views

CVE-2026-12244

A flaw was found in nsd. When nsd is configured as a secondary server for a zone, a remote attacker, acting as the primary server for that zone, can send a specially crafted DNS message within an AXFR Asynchronous Full Zone Transfer request. This message, containing a malformed SVCB Service Bindi...

8.8CVSS6.2AI score0.00303EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/29 1:50 p.m.6 views

CVE-2026-12490

A flaw was found in nsd. When a 'provide-xfr' is configured with a 'tls-auth-name', the server incorrectly allows zone transfers without requiring a client certificate if the request comes over TLS on the regular 'tls-port' or over TCP on the regular port, provided other access control conditions...

8.2CVSS5.8AI score0.00139EPSS
Exploits0References3
NVD
NVD
added 2026/06/28 2:16 a.m.51 views

CVE-2026-58052

7-Zip for Windows through 26.01 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an archive-supplied Zone.Identifier stream matches the exact name 'Zone.Identifier' while a RAR5 STM record named ':Zone.Identifier:$DATA' is not matched...

4.8CVSS0.00119EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/28 1:32 a.m.36 views

CVE-2026-58052 7-Zip - Mark-of-the-Web Bypass via RAR5 Alternate Data Stream Name Collision

7-Zip for Windows through 26.01 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an archive-supplied Zone.Identifier stream matches the exact name 'Zone.Identifier' while a RAR5 STM record named ':Zone.Identifier:$DATA' is not matched...

4.8CVSS6.1AI score0.00119EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/28 1:32 a.m.10 views

EUVD-2026-39972

7-Zip for Windows through 26.02 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an archive-supplied Zone.Identifier stream matches the exact name 'Zone.Identifier' while a RAR5 STM record named ':Zone.Identifier:$DATA' is not matched...

4.8CVSS5.8AI score0.00119EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.39 views

CVE-2026-58052 7-Zip - Mark-of-the-Web Bypass via RAR5 Alternate Data Stream Name Collision

7-Zip for Windows through 26.01 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an archive-supplied Zone.Identifier stream matches the exact name 'Zone.Identifier' while a RAR5 STM record named ':Zone.Identifier:$DATA' is not matched...

4.8CVSS0.00119EPSS
Exploits0References3
Rows per page
Query Builder