Lucene search
K
RedhatcveRecent

206514 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.8 views

CVE-2026-5776

The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks...

6.1CVSS5.4AI score0.00213EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.11 views

CVE-2026-5772

A 1-byte stack buffer over-read was identified in the MatchDomainName function src/internal.c during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. If a wildcard exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check,...

5.3CVSS5.6AI score0.00228EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.17 views

CVE-2026-5392

Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an OOB read on the heap. The missing bounds check is in the indefinite-length end-of-content verification loop in PKCS7VerifySignedData...

5.4CVSS5.4AI score0.00159EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.11 views

CVE-2026-5811

A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function saveproduct of the file /Actions.php of the component POST Parameter Handler. Such manipulation of the argument price leads to business logic errors. The attack may be performe...

5.5CVSS5.7AI score0.00246EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.9 views

CVE-2026-5082

Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id. The generatesessionid function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes using SHA-1 hash seeded with the built-in rand...

5.3CVSS5.4AI score0.00405EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.12 views

CVE-2026-5266

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Echo. This vulnerability is associated with program files includes/Api/ApiEchoNotifications.Php. This issue affects Echo: from before 1.43.7, 1.44.4, 1.45.2...

2.3CVSS5.4AI score0.00247EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.11 views

CVE-2026-5080

Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand function to return a number between 0 and...

5.9CVSS5.4AI score0.00374EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.12 views

CVE-2026-5834

A vulnerability was detected in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /admin/adminrunning.php. Performing a manipulation of the argument productname results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now publi...

4.8CVSS3.9AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.10 views

CVE-2026-5987

A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the function AbstractFreemarkerView.doRender of the file publiccms-parent/publiccms-core/src/main/java/com/publiccms/common/base/AbstractFreemarkerView.java of the component FreeMarker Template Handler...

5.8CVSS5.1AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.12 views

CVE-2026-5825

A vulnerability was detected in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /delmemberinfo.php. Performing a manipulation of the argument userid results in cross site scripting. The attack can be initiated remotely. The exploit is now public and ma...

5.3CVSS4.1AI score0.00357EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.8 views

CVE-2026-5222

A flaw was found in rust-cargo. The Cargo tool, used for managing Rust projects, incorrectly handled the URLs of third-party registries when using the sparse index protocol. This vulnerability could allow an attacker, who is able to publish packages in a registry, to obtain sensitive credentials...

6.5CVSS5.3AI score0.00328EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.10 views

CVE-2026-5335

The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information...

5.3CVSS5.5AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.10 views

CVE-2026-5803

A security flaw has been discovered in bigsk1 openai-realtime-ui up to 188ccde27fdf3d8fab8da81f3893468f53b2797c. The affected element is an unknown function of the file server.js of the component API Proxy Endpoint. Performing a manipulation of the argument Query results in server-side request...

6.5CVSS6.2AI score0.00227EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.10 views

CVE-2026-5840

A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impacted is an unknown function of the file /admin/checkavailability.php. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been...

5.8CVSS5.4AI score0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.12 views

CVE-2026-5537

A security vulnerability has been detected in halex CourseSEL up to 1.1.0. Affected by this vulnerability is the function checksel of the file Apps/Index/Controller/IndexController.class.php of the component HTTP GET Parameter Handler. The manipulation of the argument seid leads to sql injection...

6.5CVSS6.3AI score0.00246EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.13 views

CVE-2026-5999

A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown function of the component SysAnnouncementController. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor...

6.5CVSS6AI score0.00209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.15 views

CVE-2026-5847

A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impacted is an unknown function of the file /db/moviedb.sql of the component SQL Database Backup File Handler. Such manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been...

5.3CVSS5.2AI score0.00259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.9 views

CVE-2026-5085

Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...

9.1CVSS5.5AI score0.00339EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.9 views

CVE-2026-5306

The Check & Log Email WordPress plugin before 2.0.13 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks when the email encoder setting is enabled...

5.4CVSS5.4AI score0.00155EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.11 views

CVE-2026-49318

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

2.4CVSS5.5AI score0.00143EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.9 views

CVE-2026-49381

In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible...

4.8CVSS5.4AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.11 views

CVE-2026-5083

Ado::Sessions versions through 0.935 for Perl generates insecure session ids. The session id is generated from a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked fr...

5.3CVSS5.4AI score0.00428EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.9 views

CVE-2026-5090

Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The htmlfilter function did not escape single quotes. HTML attributes inside of single quotes could be have code injected. For example, the variable "var" in would not be properly escaped. An attacke...

6.1CVSS5.7AI score0.00282EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.9 views

CVE-2026-5171

Improper access control in the entry activity log feature in Devolutions Server allows an authenticated user with access to an entry but without the required permission to retrieve that entry's activity logs via a crafted API request. This issue affects : Devolutions Server 2026.1.6.0 through...

4.3CVSS5.5AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.11 views

CVE-2026-49361

Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDecoder with Integer.MAXVALUE as the maximum frame length, allowing unauthenticated remote attackers to exhaust JVM heap memory on TabletServer and CoordinatorServer by sending specially crafted frame headers, resulting...

7.5CVSS5.5AI score0.0058EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.11 views

CVE-2026-49383

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...

3.3CVSS5.5AI score0.00109EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.10 views

CVE-2026-5823

A weakness has been identified in itsourcecode Construction Management System 1.0. Affected by this issue is some unknown functionality of the file /borrowedtoolreport.php. This manipulation of the argument Home causes sql injection. It is possible to initiate the attack remotely. The exploit has...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.12 views

CVE-2026-49942

Net::CIDR::Set versions through 0.20 for Perl did not validate network masks. The mask portion of a network mask could contain Unicode digits such as the Arabic-Indic One U+0661, or non-digits, which were ignored. This could allow network masks to accept larger networks. Leading zeros were also...

7.3CVSS5.4AI score0.00312EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.13 views

CVE-2026-5559

A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function issafeast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack may...

6.5CVSS5.7AI score0.00314EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.10 views

CVE-2026-5812

A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This affects an unknown part of the file add-sales.php of the component POST Parameter Handler. Performing a manipulation of the argument txtqty results in business logic errors. It is possible to initia...

5.5CVSS5.6AI score0.00241EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.11 views

CVE-2026-5838

A vulnerability was determined in PHPGurukul News Portal Project 4.1. This vulnerability affects unknown code of the file /admin/add-subadmins.php. This manipulation of the argument sadminusername causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed...

5.8CVSS5.5AI score0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.9 views

CVE-2026-49941

Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the encode method to parse addresses. If the addresses did not look like netmasks or network ranges, then they were assumed to single IP addresses and passed back to itself as a 32-bit or 128-bit...

7.5CVSS5.4AI score0.00329EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.11 views

CVE-2026-49433

The DeepAI endpoint 'https://api.deepai.org/changeuseremail' accepts POST requests without any CSRF protection. If an attacker can trick a logged-in user into clicking a malicious link, the attacker can change the user's email address and take over their account. Fixed on 2026-05-20...

5CVSS5.5AI score0.00107EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.9 views

CVE-2026-49380

In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible...

6.1CVSS5.4AI score0.00164EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.10 views

CVE-2026-5836

A vulnerability has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /admin/adminproduct.php. The manipulation of the argument productname leads to cross site scripting. The attack can be initiated remotely. The exploit has been...

4.8CVSS3.6AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.10 views

CVE-2026-49328

Server-Side Request Forgery SSRF in the UrlImageConverter component of Apache Fesod Incubating fesod-sheet before 2.0.2-incubating allows attackers to cause outbound network requests to internal or otherwise restricted resources via a user-supplied image URL. Users are recommended to upgrade to...

5.3CVSS5.4AI score0.00502EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.9 views

CVE-2026-49940

Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks. Unicode digits such as the Arabic-Indic One U+0661 were accepted but not properly parsed as numbers. This could allow network masks to accept larger networks...

6.5CVSS5.4AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.10 views

CVE-2026-49317

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

2.4CVSS5.5AI score0.00143EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.12 views

CVE-2026-10211

A vulnerability was determined in AstrBotDevs AstrBot 4.23.6. Affected by this issue is the function normalizerwpath of the file astrbot/core/tools/computertools/fs.py. This manipulation causes incorrect authorization. It is possible to initiate the attack remotely. The exploit has been publicly...

6.5CVSS6.2AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.20 views

CVE-2026-1272

IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnerability in the user access control panel...

4.3CVSS5.5AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.10 views

CVE-2026-1900

The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated settings updates...

6.5CVSS5.5AI score0.00186EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.9 views

CVE-2026-10237

A vulnerability was found in SourceCodester Water Billing Management System 1.0. Impacted is an unknown function of the file /admin/?page=user/manageuser of the component User Management Module. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the atta...

5.8CVSS5.3AI score0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.10 views

CVE-2026-10301

A vulnerability was detected in itsourcecode Fees Management System 1.0. The affected element is an unknown function of the file index.php. Performing a manipulation of the argument page results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be us...

5.3CVSS4.1AI score0.00273EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.11 views

CVE-2026-1248

IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages...

4.3CVSS5.4AI score0.00219EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.11 views

CVE-2026-10583

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/ttsconfig.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery. It is possible to initiate t...

5.8CVSS5.1AI score0.00227EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.10 views

CVE-2026-10228

A vulnerability was found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. The impacted element is an unknown function of the file admissionformcheck.php. The manipulation of the argument Message results in cross site scripting. The attack can be...

5.1CVSS3.9AI score0.00199EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.12 views

CVE-2026-10529

A weakness has been identified in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is an unknown function of the file src/main/java/com/zhiliao/module/web/system/ScheduleJobController.java of the component Task Scheduling Management Module. Executing a manipulation can...

4.8CVSS3.5AI score0.0021EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.11 views

CVE-2026-10691

A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component startsearch. Performing a manipulation of the argument SearchResult results in inefficient regular expression complexity. It is...

5.3CVSS5.1AI score0.00354EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.10 views

CVE-2026-1631

The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...

5.4CVSS5.5AI score0.00231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.11 views

CVE-2026-49370

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests...

7.5CVSS5.4AI score0.0023EPSS
Exploits0References1
Total number of security vulnerabilities206514