Lucene search
K
RedhatcveRecent

206580 matches found

RedhatCVE
RedhatCVE
•added 2026/06/05 7:35 p.m.•12 views

CVE-2026-5377

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that could have allowed an authenticated user to access titles of confidential or private issues in public projects due to improper access control in the issue description rendering process...

4.3CVSS5.5AI score0.00258EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:35 p.m.•11 views

CVE-2026-5427

The Kubio plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to and including 2.7.2. This is due to insufficient capability checks in the kubiorestpreinsertimportassets function, which is hooked to the restpreinsertposttype filter for posts, pages, templates, and template...

5.3CVSS5.4AI score0.00536EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:35 p.m.•8 views

CVE-2026-5829

A vulnerability was determined in code-projects Simple IT Discussion Forum 1.0. The impacted element is an unknown function of the file /pages/content.php. This manipulation of the argument postid causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...

7.5CVSS7AI score0.00254EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:35 p.m.•12 views

CVE-2026-5300

Unauthenticated functionality in CoolerControl/coolercontrold 4.0.0 allows unauthenticated attackers to view and modify potentially sensitive data via HTTP requests...

9.1CVSS5.5AI score0.00218EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:35 p.m.•8 views

CVE-2026-5508

The WowPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wowpress shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.7AI score0.00234EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:35 p.m.•19 views

CVE-2026-5737

The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.14.9. This is due to a public tracking route at /wp-json/iawp/search that accepts attacker-controlled referrerurl values when the signature matches, combined with a...

6.5CVSS5.6AI score0.00366EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:35 p.m.•8 views

CVE-2026-5247

The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapper' attribute of the futureaction shortcode in all versions up to, and including, 4.10.0. This is due to insufficient input sanitization on the wrapper attribute. The...

5.5CVSS5.7AI score0.00274EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:35 p.m.•11 views

CVE-2026-49053

Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementsKit Elementor addons Lite: from n/a through 3.9.6...

5.3CVSS5.4AI score0.00187EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:35 p.m.•10 views

CVE-2026-5841

A weakness has been identified in Tenda i3 1.0.0.62204. The affected element is the function R7WebsSecurityHandler of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack can be executed remotely. The exploit has been made available to the public and could b...

9.8CVSS6.9AI score0.00632EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:35 p.m.•9 views

CVE-2026-49323

Weak authentication between the Wireless Control Module WCM and the Engine Control Module ECM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the per-vehicle ECM immobilizer secret by passively...

4.3CVSS5.5AI score0.00107EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:35 p.m.•10 views

CVE-2026-5302

CORS misconfiguration in CoolerControl/coolercontrold 4.0.0 allows unauthenticated remote attackers to read data and send commands to the service via malicious websites...

8.1CVSS5.6AI score0.00261EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:35 p.m.•11 views

CVE-2026-5234

The LatePoint plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.3.2. The vulnerability exists because the OsStripeConnectController::createpaymentintentfortransaction action is registered as a public action no authentication required an...

5.3CVSS5.5AI score0.00689EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:35 p.m.•9 views

CVE-2026-49376

In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin...

6.5CVSS5.4AI score0.00208EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:35 p.m.•10 views

CVE-2026-49385

In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts...

6.5CVSS5.4AI score0.00213EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:35 p.m.•10 views

CVE-2026-49138

Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the webfetch tool that allows remote attackers to reach internal or private network hosts by supplying a URL that redirects to a loopback or private address via a 3xx Location header. Attackers can exploit the...

5.3CVSS5.6AI score0.00287EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:35 p.m.•12 views

CVE-2026-49192

The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping...

5.4CVSS5.5AI score0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:35 p.m.•11 views

CVE-2026-5962

A vulnerability was detected in Tenda CH22 1.0.0.6468. This issue affects the function R7WebsSecurityHandlerfunction of the component httpd. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used...

9.8CVSS7AI score0.00537EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:35 p.m.•11 views

CVE-2026-49051

Missing Authorization vulnerability in Prasad Kirpekar WP Meta and Date Remover allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Meta and Date Remover: from n/a through 2.3.6...

4.3CVSS5.4AI score0.0022EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:35 p.m.•9 views

CVE-2026-5296

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that when foundational flows were enabled at the group level, could have allowed an authenticated user with developer-role permissions to bypass flow...

4.3CVSS5.5AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:35 p.m.•12 views

CVE-2026-5926

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 uses weaker than expected cryptographic algorithms that could allow an...

6.5CVSS5.4AI score0.00181EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:35 p.m.•9 views

CVE-2026-49077

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data. This issue affects WP eMember: from n/a through v10.2.2...

5.3CVSS5.5AI score0.00192EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:35 p.m.•11 views

CVE-2026-49204

Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...

6.9CVSS5.4AI score0.00159EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:35 p.m.•10 views

CVE-2026-49059

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Facebook Facebook for WooCommerce allows Phishing. This issue affects Facebook for WooCommerce: from n/a through 3.7.0...

4.7CVSS5.4AI score0.00231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:34 p.m.•10 views

CVE-2026-5755

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.2, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the TIFF IFD offset in the image header before allocating memory, which allows authenticated users with file upload or posting permissions to cause a denial of service serve...

6.5CVSS5.5AI score0.00245EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:34 p.m.•11 views

CVE-2026-49044

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Justin Kruit Advanced Custom Fields: Font Awesome Field allows Stored XSS. This issue affects Advanced Custom Fields: Font Awesome Field: from n/a through 5.0.2...

6.5CVSS5.4AI score0.00182EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:34 p.m.•9 views

CVE-2026-49316

Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown by forcing the Wireless Control Module WCM into the CAN bus-off state. Using a well-known CAN...

4.6CVSS5.5AI score0.00181EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:34 p.m.•7 views

CVE-2026-49378

In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion...

4.3CVSS5.4AI score0.00211EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:34 p.m.•9 views

CVE-2026-49753

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.contentlengthheader/1 in...

6.3CVSS5.5AI score0.00301EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:34 p.m.•12 views

CVE-2026-49052

Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementsKit Elementor addons Lite: from n/a through 3.9.6...

4.3CVSS5.4AI score0.00152EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:34 p.m.•8 views

CVE-2026-49120

Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal network requests by creating FHIR Subscription resources with arbitrary endpoint URLs. Attackers can point subscription endpoints ...

8.5CVSS5.6AI score0.00229EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:34 p.m.•10 views

CVE-2026-49322

Weak authentication in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the user-set unlock PIN by passively observing a single PIN authentication exchange. The...

4.3CVSS5.5AI score0.00103EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:34 p.m.•9 views

CVE-2026-49384

In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible...

6.1CVSS5.4AI score0.00181EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:34 p.m.•11 views

CVE-2026-49325

Improper handling of physical conditions in the bike-shutdown control of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows a physical attacker with access to the Wireless Control Module WCM wiring harness to bypass the anti-theft shutdown. The WCM signals shutdown to a peer ECU via...

4.6CVSS5.5AI score0.0016EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:34 p.m.•9 views

CVE-2026-49379

In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names...

6.5CVSS5.4AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:34 p.m.•9 views

CVE-2026-49369

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages...

4.3CVSS5.4AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:34 p.m.•8 views

CVE-2026-49375

In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page...

6.1CVSS5.5AI score0.00215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:34 p.m.•9 views

CVE-2026-49140

Nanobot prior to version 0.2.1 contains a denial of service vulnerability in the Matrix channel media download handler that allows authenticated room members to exhaust process memory and bandwidth by sending media events with missing or invalid size metadata. Attackers can send multiple concurre...

5.3CVSS5.5AI score0.00268EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:34 p.m.•10 views

CVE-2026-49382

In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin...

7.8CVSS6AI score0.00135EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:34 p.m.•11 views

CVE-2026-49102

Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type e.g., text/plain...

6.1CVSS5.4AI score0.00155EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:34 p.m.•10 views

CVE-2026-49047

Missing Authorization vulnerability in DearHive DearFlip allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects DearFlip: from n/a through 2.4.27...

4.3CVSS5.4AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:34 p.m.•11 views

CVE-2026-49386

In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas...

6.5CVSS5.4AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:34 p.m.•10 views

CVE-2026-49782

Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elementor Website Builder: from n/a through 4.1.0...

5.4CVSS5.4AI score0.00145EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:34 p.m.•13 views

CVE-2026-49045

Missing Authorization vulnerability in WP Media Adminimize allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Adminimize: from n/a through 1.11.11...

4.3CVSS5.4AI score0.00213EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:34 p.m.•8 views

CVE-2026-1677

Zephyr sockets created with IPPROTOTLS13 can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS e.g. via mbedtlssslconfmintlsversion. The ClientHello advertises both versions and the peer can...

5.3CVSS5.4AI score0.00243EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:34 p.m.•13 views

CVE-2026-49324

Uncontrolled resource consumption in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with write access to the in-vehicle network to permanently immobilize the motorcycle. The WCM enforces a brute-force lockout on the...

4.6CVSS5.5AI score0.00174EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:34 p.m.•11 views

CVE-2026-1660

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to cause denial of service when importing issues due to improper input validation...

6.5CVSS5.5AI score0.00402EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:34 p.m.•10 views

CVE-2026-1930

The Emailchef plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pageoptionsajaxdisconnect function in all versions up to, and including, 3.5.1. This makes it possible for authenticated attackers, with Subscriber-level access and above...

4.3CVSS5.5AI score0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:34 p.m.•11 views

CVE-2026-1516

GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that in Code Quality reports could have allowed an authenticated user to leak IP addresses of users viewing the report via specially crafted content...

5.7CVSS5.5AI score0.00428EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:34 p.m.•10 views

CVE-2026-1543

The Avada Fusion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 3.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS5.6AI score0.00337EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:34 p.m.•9 views

CVE-2026-1354

Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with the motorcycle via Bluetooth. Once paired, an attacker can utilize over-the-air firmware updating functionality to potentially upload malicious firmware to the motorcycle. The motorcycle must first b...

6.4CVSS5.4AI score0.00134EPSS
Exploits0References1
Total number of security vulnerabilities206580