Lucene search
K

364820 matches found

NVD
NVD
•added 2026/06/10 8:16 a.m.•13 views

CVE-2026-8613

The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'titletag' Widget Setting in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.002EPSS
Exploits0References8
NVD
NVD
•added 2026/06/10 8:16 a.m.•13 views

CVE-2026-8853

The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above,...

4.4CVSS0.00201EPSS
Exploits0References6
NVD
NVD
•added 2026/06/10 8:16 a.m.•12 views

CVE-2026-10721

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7...

8.4CVSS0.0014EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 7:16 a.m.•26 views

CVE-2026-9067

The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any fil...

9.1CVSS0.00426EPSS
Exploits1References1
NVD
NVD
•added 2026/06/10 7:16 a.m.•17 views

CVE-2026-29115

A vulnerability has been found in some Dahua products could allow an authenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpectedly, resulting in a denial of service...

6.9CVSS0.00362EPSS
Exploits2References1
NVD
NVD
•added 2026/06/10 7:16 a.m.•15 views

CVE-2026-29116

A vulnerability has been found in some Dahua products could allow an unauthenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpectedly, resulting in a denial of service...

8.7CVSS0.00395EPSS
Exploits3References1
NVD
NVD
•added 2026/06/10 7:16 a.m.•12 views

CVE-2026-9060

The Store Locator WordPress plugin before 1.6.6 does not sanitize and escape one of its settings before storing it and outputting it on the Store Locator WordPress plugin before 1.6.6 admin page, allowing high-privileged users such as administrators to perform Stored Cross-Site Scripting attacks...

3.5CVSS0.00138EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 7:16 a.m.•15 views

CVE-2026-8071

The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content within a custom shortcode used in its email-encoding feature, allowing unauthenticated attackers to inject arbitrary web scripts into approved comments that will execute when any user...

8.8CVSS0.00296EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 7:16 a.m.•20 views

CVE-2026-3326

The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

8.6CVSS0.00282EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 7:16 a.m.•15 views

CVE-2026-29114

A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients and undermine the certificate trust chain...

2.3CVSS0.0019EPSS
Exploits1References1
NVD
NVD
•added 2026/06/10 7:16 a.m.•13 views

CVE-2026-10846

NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as stub resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of t...

8.2CVSS0.00147EPSS
Exploits0References2
NVD
NVD
•added 2026/06/10 7:16 a.m.•18 views

CVE-2026-11815

An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution...

5.3CVSS0.00317EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 5:16 a.m.•12 views

CVE-2026-26241

A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later...

9.1CVSS0.00318EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 5:16 a.m.•12 views

CVE-2026-26240

A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later...

9.1CVSS0.00318EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 5:16 a.m.•21 views

CVE-2026-11837

A local privilege escalation vulnerability was found in the ansible.posix authorizedkey module. The module's keyfile function uses os.chown instead of os.lchown and opens files without ONOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage symbolic links in their...

7.3CVSS0.00161EPSS
Exploits0References3
NVD
NVD
•added 2026/06/10 5:16 a.m.•16 views

CVE-2025-8444

The Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the multiple parameters in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. Th...

6.4CVSS0.00155EPSS
Exploits0References2
NVD
NVD
•added 2026/06/10 4:17 a.m.•15 views

CVE-2026-26239

A buffer overflow vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5208 and later...

8.7CVSS0.00292EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 4:17 a.m.•10 views

CVE-2026-26237

A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later...

8.7CVSS0.00322EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 4:17 a.m.•12 views

CVE-2026-24720

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We ha...

6.5CVSS0.0028EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 4:17 a.m.•14 views

CVE-2026-24719

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...

8.6CVSS0.00977EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 4:17 a.m.•14 views

CVE-2026-24724

An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass intended access restrictions. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.52...

8.6CVSS0.00259EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 4:17 a.m.•16 views

CVE-2026-22899

A NULL pointer dereference vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: File Station 5...

6.5CVSS0.0028EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 4:17 a.m.•16 views

CVE-2026-24716

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

7.2CVSS0.00331EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 4:17 a.m.•14 views

CVE-2026-24717

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the...

6.5CVSS0.00392EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 4:17 a.m.•19 views

CVE-2025-66281

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build...

7.2CVSS0.00456EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 4:17 a.m.•14 views

CVE-2026-22893

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...

8.6CVSS0.00988EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 4:17 a.m.•12 views

CVE-2025-66279

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...

8.6CVSS0.01049EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 4:17 a.m.•16 views

CVE-2025-66273

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...

8.6CVSS0.01049EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 4:17 a.m.•14 views

CVE-2025-66280

An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the...

7.2CVSS0.00435EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 4:17 a.m.•11 views

CVE-2025-62851

A path traversal vulnerability has been reported to affect License Center. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: License...

6.9CVSS0.00259EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 4:17 a.m.•16 views

CVE-2025-62850

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

7.2CVSS0.00331EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 3:16 a.m.•17 views

CVE-2025-58468

A cross-site request forgery CSRF vulnerability has been reported to affect Notification Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities. We have already fixed the vulnerability in the following version: Notification Center 1.10.0.3291...

5.1CVSS0.00184EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 3:16 a.m.•13 views

CVE-2025-59382

QTS, QuTS hero, QuTScloud are not affected. We have already fixed the vulnerability in the following version:...

5.1CVSS0.00288EPSS
Exploits1References1
NVD
NVD
•added 2026/06/10 3:16 a.m.•14 views

CVE-2025-66276

QuTS hero is not affected. We have already fixed the vulnerability in the following version: QTS 5.2.7.3256 build 20250913 and later...

9.8CVSS0.0029EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 2:16 a.m.•15 views

CVE-2026-45542

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the Security Scheme 2 SRP6a session-setup path of the protocomm component. The first-phase handler handlesessioncommand0 in...

7.1CVSS0.00325EPSS
Exploits0References7
NVD
NVD
•added 2026/06/10 2:16 a.m.•13 views

CVE-2026-46532

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0, an out-of-bounds read exists in the BlueDroid AVRCP vendor-command parser avrcparsvendorcmd in components/bt/host/bluedroid/stack/avrc/avrcparstg.c. This issue has been patched ...

4.6CVSS0.00228EPSS
Exploits0References7
NVD
NVD
•added 2026/06/10 2:16 a.m.•15 views

CVE-2026-45541

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a NULL-pointer dereference exists in the WebSocket subprotocol-negotiation path of the esphttpserver component. While parsing the client-supplied Sec-WebSocket-Protocol request...

7.5CVSS0.00439EPSS
Exploits0References7
NVD
NVD
•added 2026/06/10 2:16 a.m.•16 views

CVE-2026-45329

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in espsecureservices.c and espsecureservicesiram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked...

7.1CVSS0.00117EPSS
Exploits0References4
NVD
NVD
•added 2026/06/10 2:16 a.m.•11 views

CVE-2026-45160

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser parseoptions in components/lwip/apps/dhcpserver/dhcpserver.c shipped with ESP-IDF's lwIP component. The pars...

6.5CVSS0.00246EPSS
Exploits0References7
NVD
NVD
•added 2026/06/10 2:16 a.m.•12 views

CVE-2026-45328

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, the esptee component exposes secure-service wrappers in espsecureservices.c and espsecureservicesiram.c that bridge calls from the user application i.e. the REE to TEE-protected hardware peripherals...

9.3CVSS0.00126EPSS
Exploits0References7
NVD
NVD
•added 2026/06/10 1:16 a.m.•14 views

CVE-2026-46546

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to version 2.53.0, an authenticated user could supply specially crafted content in certain user-editable fields that, when surfaced in page metadata, caused visitors' browsers to navigate to...

5.4CVSS0.00136EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 1:16 a.m.•15 views

CVE-2026-44634

SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy BLE. Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. There is a stack overflow vulnerability in the dongl backend’s Protocol::simpleblewrite function local,...

8.7CVSS0.00333EPSS
Exploits0References4
NVD
NVD
•added 2026/06/10 12:16 a.m.•10 views

CVE-2026-53675

BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the friends REST API that allows any authenticated attacker to enumerate another user's complete friend list. Attackers can query the friends endpoint with an arbitrary userid because the getitemspermissionscheck meth...

5.3CVSS0.00193EPSS
Exploits0References3
NVD
NVD
•added 2026/06/10 12:16 a.m.•13 views

CVE-2026-53673

BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated attackers to access arbitrary private message threads by supplying a userid parameter in the request. Attackers can pass another user's identifier to the...

8.6CVSS0.00294EPSS
Exploits0References3
NVD
NVD
•added 2026/06/10 12:16 a.m.•19 views

CVE-2026-53674

BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a REGEXP database clause by crafting mention names containing regex metacharacters. Attackers can submit...

7.1CVSS0.00288EPSS
Exploits0References3
NVD
NVD
•added 2026/06/10 12:16 a.m.•19 views

CVE-2026-46545

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote, unauthenticated denial-of-service vulnerability in MerkleRadixTrie::putchunk allows any state-sync peer to crash any node performing state...

7.5CVSS0.00339EPSS
Exploits0References3
NVD
NVD
•added 2026/06/10 12:16 a.m.•19 views

CVE-2026-46540

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macrohea...

6.5CVSS0.00259EPSS
Exploits0References3
NVD
NVD
•added 2026/06/10 12:16 a.m.•14 views

CVE-2026-46541

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, iIn handledhtget, the DhtResults accumulator is only initialized when the first DHT record passes verification. If the first record fails from a malicious DHT...

7.5CVSS0.00346EPSS
Exploits0References3
NVD
NVD
•added 2026/06/10 12:16 a.m.•13 views

CVE-2026-46543

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls getepochchunks which iterates...

5.3CVSS0.00291EPSS
Exploits0References3
NVD
NVD
•added 2026/06/10 12:16 a.m.•11 views

CVE-2026-46539

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a logic flaw in BlockInclusionProof::isblockproven causes the function to return true without performing any cryptographic verification when getinterlinkhops...

5.9CVSS0.0015EPSS
Exploits0References3
Total number of security vulnerabilities364820