Lucene search
K

363767 matches found

NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2026-30040

A heap overflow in the FSViewer.exe process of FastStone Image Viewer v8.3 allows attackers to cause a execute arbitrary code in the context of the current process via supplying a crafted JPEG 2000 JP2 file...

6.5CVSS0.00465EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-24547

Unauthenticated Broken Access Control in SiteGround Email Marketing = 1.7.5 versions...

5.3CVSS0.00214EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2025-68074

Contributor Cross Site Scripting XSS in Image Carousel = 1.0.0.41 versions...

6.5CVSS0.00161EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2025-68063

Contributor Local File Inclusion in Splash - Sport Club WordPress Theme for Basketball, Football, Hockey = 4.4.3 versions...

7.5CVSS0.0032EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.8 views

CVE-2025-68064

Contributor Local File Inclusion in Goya Core 1.0.9.4 versions...

7.5CVSS0.0032EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2025-68052

Unauthenticated Cross Site Request Forgery CSRF in Eagle Booking = 1.3.4.3 versions...

8.8CVSS0.00143EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2025-66123

Unauthenticated Insecure Direct Object References IDOR in BookPro = 1.1.0 versions...

5.3CVSS0.00228EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2025-68075

Contributor Cross Site Scripting XSS in BNE Testimonials = 2.0.8 versions...

6.5CVSS0.00161EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.8 views

CVE-2025-64637

Unauthenticated Content Injection in Auros Core = 5.3.1 versions...

5.3CVSS0.0024EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2025-63079

Contributor Broken Access Control in Live Copy Paste for Elementor = 1.5.3 versions...

4.3CVSS0.00197EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.8 views

CVE-2025-63078

Subscriber Broken Access Control in Restaurant Menu by MotoPress = 2.4.11 versions...

4.3CVSS0.00243EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2025-64636

Unauthenticated Broken Access Control in Donation Thermometer = 2.2.7 versions...

5.3CVSS0.00214EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2025-63041

Contributor Broken Access Control in Forget About Shortcode Buttons = 2.1.3 versions...

5.4CVSS0.00209EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 2:17 p.m.8 views

CVE-2026-57926

In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack...

9.8CVSS0.00178EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 2:17 p.m.7 views

CVE-2026-57924

In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details...

5.3CVSS0.00167EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 2:17 p.m.10 views

CVE-2026-57940

HTMLy 3.1.1 contains a Server-Side Request Forgery SSRF vulnerability in the RSS feed import functionality. The function getfeed in system/admin/admin.php passes user-supplied $feedurl directly to filegetcontents without any validation. An authenticated attacker with administrative privileges can...

2.1CVSS0.00229EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 2:17 p.m.9 views

CVE-2026-57923

In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings...

7.5CVSS0.00159EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 2:17 p.m.9 views

CVE-2026-57925

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags...

5.3CVSS0.00167EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 2:17 p.m.14 views

CVE-2026-57922

In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible...

5.3CVSS0.00143EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 2:17 p.m.6 views

CVE-2026-57921

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint...

7.5CVSS0.00177EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 2:17 p.m.12 views

CVE-2026-53914

In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata...

9.8CVSS0.00196EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 2:17 p.m.8 views

CVE-2026-13426

The Mattermost Go module github.com/mattermost/mattermost/server/public versions v0.1.22 fail to validate path parameters when constructing API route paths which allows an attacker to redirect API calls to unintended endpoints via crafted IDs containing path traversal components. Mattermost...

5.4CVSS0.00197EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 1:16 p.m.7 views

CVE-2026-57920

Peplink InControl 2 through 2.14.2 before 2026-06-03 allows use of a semicolon to bypass access-control rules for certain /rest/o/orgId endpoints...

7.7CVSS0.0022EPSS
Exploits1References1
NVD
NVD
added 2026/06/26 1:16 p.m.8 views

CVE-2026-57915

It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended to upgrade to version 2.1.2, which fixes this issue...

7.3CVSS0.00321EPSS
Exploits0References5
NVD
NVD
added 2026/06/26 1:16 p.m.10 views

CVE-2026-40711

Dell Dell Container Storage Modules, versions csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with remote access...

8CVSS0.00954EPSS
Exploits1References1
NVD
NVD
added 2026/06/26 1:16 p.m.9 views

CVE-2025-55017

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 2.0.0 before 2.0.6, from 1.0.0 before 1.3.6. Users are recommended to upgrade to version 1.3.6 and 2.0.6, which fixes the issue...

9.1CVSS0.00382EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 1:16 p.m.13 views

CVE-2025-64152

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.6, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.6 and 2.0.7, which fixes the issue...

9.1CVSS0.00382EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 12:16 p.m.9 views

CVE-2026-57914

By sending a deeply nested ASN1 structure to a Apache Kerby client or service, it's possible to trigger a StackOverFlow Exception which can lead to denial of service issues. Users are recommended to upgrade to version 2.1.2, which fixes this issue...

6.5CVSS0.00294EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 12:16 p.m.11 views

CVE-2026-57620

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tim Strifler Exclusive Addons Elementor allows Stored XSS. This issue affects Exclusive Addons Elementor: from n/a through 2.7.9.8...

6.5CVSS0.0013EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 11:16 a.m.10 views

CVE-2026-57913

Johnson & Johnson Audit Tracking Management System ATMS before 2026-04-21 allows viewing of meeting minutes and transcripts...

7.5CVSS0.00245EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 11:16 a.m.9 views

CVE-2026-57473

A vulnerability exists in the netclient and factory services of Reolink Home Hub versions prior to v3.3.0.45626031911 due to the possibility of brute-force cracking the credentials. This issue could allow attackers on the same local network to intercept traffic between the Hub and associated...

5.8CVSS0.00145EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 11:16 a.m.9 views

CVE-2026-57912

Johnson & Johnson Campus Recruiting before 2025-10-31 allows viewing of data provided by recruited students, and notes entered about students by interviewers...

7.5CVSS0.00245EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 11:16 a.m.12 views

CVE-2026-57918

libnfs through 6.0.2 before 935b8db has an xid integer underflow in READIOVEC in rpcreadfromsocket in lib/socket.c during a connection to a crafted NFS server, when the expected pdu size exceeds the absolute pdu size from the xid/record-marker...

7.1CVSS0.00195EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 11:16 a.m.8 views

CVE-2025-7958

A Code Injection vulnerability existed in Trellix Network Security CM and NX. A locally authenticated admin user can execute arbitrary code using the web interface and Alert artifact details...

8.5CVSS0.00197EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 11:16 a.m.9 views

CVE-2026-13325

A flaw was found in KubeVirt's migration proxy. When spec.configuration.migrations.disableTLS is set to true on the KubeVirt custom resource, the target virt-handler binds a plain TCP listener on all interfaces 0.0.0.0/:: on a random port with no authentication, peer allow-list, or handshake toke...

8.5CVSS0.00175EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 10:16 a.m.8 views

CVE-2026-6658

A vulnerability in jupyter/nbconvert versions tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export...

5.4CVSS0.00134EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 9:16 a.m.10 views

CVE-2026-1869

The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing validation checks in the confirmpayment function in all...

6.5CVSS0.0018EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 9:16 a.m.10 views

CVE-2026-11625

Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced...

7.5CVSS0.00309EPSS
Exploits0References5
NVD
NVD
added 2026/06/26 9:16 a.m.8 views

CVE-2026-11702

Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes. When an object is initialised before forking, then the internal state for the PRNG is shared across processes and identical random streams will be produced. Secrets generated in multiprocess...

7.5CVSS0.00292EPSS
Exploits0References5
NVD
NVD
added 2026/06/26 8:16 a.m.11 views

CVE-2026-57881

An unauthenticated stack-based buffer overflow vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient length validation when processing remote login data. A remote attacker may exploit this vulnerability by sending craft...

9.8CVSS0.00376EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 8:16 a.m.9 views

CVE-2026-57872

An unauthenticated directory traversal vulnerability exists in getfcont.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient validation of user-supplied file path input before the requested file is accessed by the CGI component. A remote attack...

7.5CVSS0.00969EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 8:16 a.m.9 views

CVE-2026-57873

An unauthenticated NULL pointer dereference vulnerability exists in IEEE8021xupload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of multipart upload headers when processing certificate-related upload fields. A remote attacker may...

7.5CVSS0.00206EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 8:16 a.m.9 views

CVE-2026-57878

An unauthenticated stack-based buffer overflow vulnerability exists in thttpd in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing web request parameters in a specific request path. A remote attacker may exploit this...

9.8CVSS0.00531EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 8:16 a.m.7 views

CVE-2026-57880

An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing RTSP Digest authentication fields. A remote attacker may exploit this vulnerability by...

9.8CVSS0.0053EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 8:16 a.m.10 views

CVE-2026-57875

An unauthenticated NULL pointer dereference vulnerability exists in the HTTP request parsing logic of multiple CGI components in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of required HTTP request metadata before it is used by the...

7.5CVSS0.01266EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 8:16 a.m.11 views

CVE-2026-57874

An unauthenticated buffer overflow vulnerability exists in IEEE8021xupload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing filename values in multipart upload data. A remote attacker may exploit this...

7.5CVSS0.00318EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 8:16 a.m.8 views

CVE-2026-57876

An unauthenticated out-of-bounds write vulnerability exists in onvif.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing HTTP request body data. A remote attacker may exploit this vulnerability by sending a...

7.5CVSS0.00313EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 8:16 a.m.10 views

CVE-2026-57877

An unauthenticated format string vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper handling of externally controlled input during log message formatting in the login processing path. A remote attacker may exploit this...

8.6CVSS0.00247EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 8:16 a.m.8 views

CVE-2026-57879

An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing RTSP custom authentication data. A remote attacker may exploit this vulnerability by...

9.8CVSS0.0053EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 8:16 a.m.7 views

CVE-2026-49486

The Apache Airflow FTP provider's FTPSHook.getconn created an ftplib.FTPTLS connection but never called protp, so although the control channel was TLS-protected the data channel was transmitted in cleartext. Any deployment using FTPSHook or FTPSFileTransmitOperator to move files over FTPS exposed...

7.5CVSS0.00264EPSS
Exploits0References3
Total number of security vulnerabilities363767