Lucene search
K

363779 matches found

NVD
NVD
added 2026/06/17 3:16 p.m.12 views

CVE-2026-10850

Plane CE 1.3.1 allows a low-privileged project member to submit arbitrary HTML/JS in the descriptionhtml field when creating an intake work item through the API v1 intake endpoint...

6.9CVSS0.00165EPSS
Exploits1References2
NVD
NVD
added 2026/06/17 3:16 p.m.13 views

CVE-2026-11311

When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens field and the...

8.6CVSS0.00567EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 3:16 p.m.13 views

CVE-2024-47477

Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack in tandem with DNS cache poisoning...

6.5CVSS0.00124EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:18 p.m.9 views

CVE-2026-55738

A stack-based buffer overflow exists in the rawtoheader function in src/microtar.c in rxi microtar 0.1.0. The function copies the 100-byte name and linkname fields of a TAR header with strcpy without guaranteeing null termination of the source. The POSIX ustar format permits these fixed-width...

8.8CVSS0.00635EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 2:18 p.m.10 views

CVE-2026-9591

Cross-site request forgery CSRF in NewsItemApiController in SimplCommerce prior to commit 6233d73e allows an unauthenticated remote attacker to create or modify news items as an administrator via a crafted form submitted to /api/news-items, due to missing anti-CSRF protection...

6.9CVSS0.00197EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 2:17 p.m.10 views

CVE-2026-54813

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Brainstorm Force SureDash allows Blind SQL Injection. This issue affects SureDash: from n/a through 1.8.0...

8.5CVSS0.00211EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.10 views

CVE-2026-54817

Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation. This issue affects MStore API: from n/a through 4.18.4...

6.5CVSS0.00261EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.9 views

CVE-2026-54816

Improper Control of Generation of Code 'Code Injection' vulnerability in Monetizemore Advanced Ads allows Remote Code Inclusion. This issue affects Advanced Ads: from n/a through 2.0.21...

7.5CVSS0.00292EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.8 views

CVE-2026-54818

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics: from n/a through 5.4.11...

8.5CVSS0.00211EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.9 views

CVE-2026-54815

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6...

9.3CVSS0.00236EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.15 views

CVE-2026-54819

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Webilia Inc. Listdom allows Blind SQL Injection. This issue affects Listdom: from n/a through 5.4.0...

9.3CVSS0.00236EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.10 views

CVE-2026-54814

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in StylemixThemes Motors allows PHP Local File Inclusion. This issue affects Motors: from n/a through 1.4.109...

8.1CVSS0.00337EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.9 views

CVE-2026-54193

Contributor Arbitrary File Deletion in Fusion Builder = 3.15.4 versions...

7.7CVSS0.00337EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.9 views

CVE-2026-54809

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VillaTheme GIFT4U allows Blind SQL Injection. This issue affects GIFT4U: from n/a through 1.0.10...

9.3CVSS0.00241EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.10 views

CVE-2026-54808

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4...

9.3CVSS0.00317EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.11 views

CVE-2026-54417

An integer overflow in the mtarnext function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service uncontrolled CPU consumption / infinite loop via a crafted tar archive. mtarnext computes the offset to the next record as rounduph.size, 512 +...

8.7CVSS0.00417EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 2:17 p.m.8 views

CVE-2026-52707

Unauthenticated Local File Inclusion in Kastell = 2.0 versions...

8.1CVSS0.00428EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.11 views

CVE-2026-52716

Unauthenticated Arbitrary File Deletion in WorkScout-Core = 1.7.11 versions...

6.5CVSS0.00351EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.26 views

CVE-2026-49268

A remote attacker can inject LDAP special characters into the Distinguished Name DN construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate th...

9.1CVSS0.00494EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 2:17 p.m.9 views

CVE-2026-49108

Unauthenticated PHP Object Injection in Moderno 1.43 versions...

9.8CVSS0.00304EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.18 views

CVE-2026-40756

Unauthenticated PHP Object Injection in Zoya = 1.4 versions...

8.1CVSS0.0025EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.9 views

CVE-2026-40752

Unauthenticated PHP Object Injection in Manufaktur Solutions = 1.1.1 versions...

8.1CVSS0.00308EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.7 views

CVE-2026-40733

Unauthenticated PHP Object Injection in ShiftUp = 1.3 versions...

8.1CVSS0.00308EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.8 views

CVE-2026-40738

Unauthenticated PHP Object Injection in Eldon = 1.4.1 versions...

8.1CVSS0.00308EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.13 views

CVE-2026-40757

Unauthenticated PHP Object Injection in Château = 1.2.1 versions...

8.1CVSS0.0025EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.10 views

CVE-2026-39559

Unauthenticated Local File Inclusion in Uppercase 1.2.2 versions...

8.1CVSS0.00338EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.8 views

CVE-2026-39590

Unauthenticated Local File Inclusion in Atomlab = 2.4.5 versions...

8.1CVSS0.00338EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.8 views

CVE-2026-40720

Unauthenticated Cross Site Scripting XSS in Royal Elementor Addons Pro 1.7.1041 versions...

7.1CVSS0.00175EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.9 views

CVE-2026-39576

Unauthenticated PHP Object Injection in SingleMalt = 1.5 versions...

8.1CVSS0.00395EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.9 views

CVE-2026-39560

Unauthenticated PHP Object Injection in Hiroshi = 1.5.1 versions...

8.1CVSS0.00308EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.8 views

CVE-2026-39556

Unauthenticated PHP Object Injection in Konsept = 1.9 versions...

8.1CVSS0.00308EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.8 views

CVE-2026-39442

Unauthenticated PHP Object Injection in PressMart = 1.2.26 versions...

8.1CVSS0.00308EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.9 views

CVE-2026-39523

Unauthenticated Local File Inclusion in Solene Core = 2.3.2 versions...

8.1CVSS0.00338EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.11 views

CVE-2026-39445

Unauthenticated PHP Object Injection in Alukas 3.0.0 versions...

8.1CVSS0.00395EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.9 views

CVE-2026-10641

Zephyr's Bluetooth Classic Hands-Free Profile HFP Hands-Free role parser subsys/bluetooth/host/classic/hfphf.c contains an out-of-bounds write. During Service Level Connection setup the HF sends AT+CIND=? and parses the AG's +CIND: response in cindhandle, which assigns a per-entry counter index a...

7.1CVSS0.00282EPSS
Exploits1References2
NVD
NVD
added 2026/06/17 2:17 p.m.8 views

CVE-2025-69170

Unauthenticated Local File Inclusion in Eventicity = 1.5 versions...

8.1CVSS0.00348EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.8 views

CVE-2025-69174

Unauthenticated Local File Inclusion in Etude = 1.6 versions...

8.1CVSS0.00348EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.8 views

CVE-2025-69166

Unauthenticated Local File Inclusion in Gunslinger = 1.7 versions...

8.1CVSS0.00435EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.9 views

CVE-2025-69175

Unauthenticated Local File Inclusion in Line Agency = 1.3.1 versions...

8.1CVSS0.00348EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.9 views

CVE-2025-69189

Missing Authorization vulnerability in EMV JobBank allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobBank: from n/a through 1.2.3...

7.3CVSS0.00178EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.9 views

CVE-2025-69157

Unauthenticated Local File Inclusion in Gamic = 1.15 versions...

8.1CVSS0.00435EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.9 views

CVE-2025-69144

Unauthenticated Local File Inclusion in Preservation = 1.10 versions...

8.1CVSS0.00348EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.9 views

CVE-2025-69164

Unauthenticated Local File Inclusion in Skyward = 1.10 versions...

8.1CVSS0.00348EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.9 views

CVE-2025-69158

Unauthenticated Local File Inclusion in Granola = 1.13 versions...

8.1CVSS0.00348EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.7 views

CVE-2025-69140

Unauthenticated Cross Site Scripting XSS in SweetDate Core 1.1.5 versions...

7.1CVSS0.0018EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.12 views

CVE-2025-69127

Unauthenticated PHP Object Injection in Plumbing = 1.6 versions...

9.8CVSS0.00386EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.11 views

CVE-2025-69126

Unauthenticated Local File Inclusion in Fortius = 2.3.0 versions...

8.1CVSS0.00348EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.10 views

CVE-2025-69128

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in EMV JobCareer allows Path Traversal. This issue affects JobCareer: from n/a through 7.3...

8.6CVSS0.0046EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.10 views

CVE-2025-69130

Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme = 3.1.3 versions...

8.8CVSS0.00482EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.8 views

CVE-2025-69115

Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme = 1.2.2 versions...

8.1CVSS0.00348EPSS
Exploits0References1
Total number of security vulnerabilities363779