Lucene search
K
RedhatcveRecent

206577 matches found

RedhatCVE
RedhatCVE
•added 2026/06/05 7:39 p.m.•13 views

CVE-2026-7430

The Post Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.0.19. This is due to insufficient output escaping of imported snippet content when rendering JavaScript variables in the post editor. Specifically, the jqueryUiDialog method...

4.4CVSS5.9AI score0.00244EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:39 p.m.•10 views

CVE-2026-7421

The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0. This is due to the getshopurl method returning the shopname setting value without sanitization when it begins with "http", combined with insufficient validation in th...

4.4CVSS5.6AI score0.00208EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:39 p.m.•11 views

CVE-2026-7272

A flaw has been found in WilliamCloudQi matlab-mcp-server up to ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca. The affected element is the function generatematlabcode/executematlabcode of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument scriptPath can lead...

7.5CVSS6.8AI score0.00424EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:39 p.m.•8 views

CVE-2026-7784

A vulnerability has been found in RTGS2017 NagaAgent up to 5.1.0. This issue affects some unknown processing of the file apiserver/routes/extensions.py of the component Skills Endpoint. Such manipulation of the argument Name leads to path traversal. It is possible to launch the attack remotely. T...

7.5CVSS6.7AI score0.00501EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:39 p.m.•8 views

CVE-2026-7636

The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 via the mapmetacap. This makes it possible for authenticated attackers, with subscriber-level access and above, to extra...

4.3CVSS5.4AI score0.00236EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:39 p.m.•9 views

CVE-2026-7788

A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element is the function updatedocument/continuedocument/deletedocument/getcontent of the file app/routes/document.py. Performing a manipulation of the argument DOCSDIR/pa...

7.5CVSS6.8AI score0.0041EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:39 p.m.•8 views

CVE-2026-7205

A vulnerability was identified in duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598. Impacted is the function searchpapers of the file src/main.py. Such manipulation of the argument topic leads to path traversal. The attack may be launched remotely. The exploit is publicly...

7.5CVSS7AI score0.00429EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:39 p.m.•11 views

CVE-2026-7555

A vulnerability was identified in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/login.php. Such manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used...

7.5CVSS7.1AI score0.00259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:39 p.m.•11 views

CVE-2026-7177

A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/provider/...path/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been...

7.5CVSS6.7AI score0.00356EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:39 p.m.•14 views

CVE-2026-7384

A vulnerability was detected in ezequiroga mcp-bases 357ca19c7a49a9b9cb2ef639b366f03aba8bea39/c630b8ab0f970614d42da8e566e9c0d15a16414c. This impacts the function searchpapers of the file researchserver.py. Performing a manipulation of the argument topic results in path traversal. Remote...

7.5CVSS7AI score0.00418EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:39 p.m.•11 views

CVE-2026-7227

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function Login of the file /admin/ajax.php?action=login. The manipulation of the argument e-mail results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...

7.5CVSS7.1AI score0.00254EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:39 p.m.•9 views

CVE-2026-7061

A weakness has been identified in Toowiredd chatgpt-mcp-server up to 0.1.0. Affected by this issue is some unknown functionality of the file src/services/docker.service.ts of the component MCP/HTTP. This manipulation causes os command injection. Remote exploitation of the attack is possible. The...

7.5CVSS6.9AI score0.01353EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:39 p.m.•11 views

CVE-2026-7308

An authenticated user with upload permission to a hosted repository can store content that causes arbitrary JavaScript to execute in the browser of any user who browses that repository directory via the HTML index page in Sonatype Nexus Repository versions 3.6.0 through versions before 3.92.0. Th...

5.1CVSS5.7AI score0.00266EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:39 p.m.•10 views

CVE-2026-34860

Access control vulnerability in the memo module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality...

6.5CVSS5.5AI score0.00135EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:39 p.m.•9 views

CVE-2026-7249

The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the splwupdateblockoptions and lwpcleanweathertransients functions in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with...

4.3CVSS5.5AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:39 p.m.•10 views

CVE-2026-34671

CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service...

6.2CVSS5.5AI score0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:39 p.m.•9 views

CVE-2026-34859

UAF vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality...

7.1CVSS5.4AI score0.00077EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:39 p.m.•11 views

CVE-2026-34679

CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service...

6.2CVSS5.5AI score0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:39 p.m.•12 views

CVE-2026-34600

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.5.2 and prior contain a logic error in the delta API that allows share recipients to download notes that are no longer shared with them, related to but not fully fixed by the prior...

5.7CVSS5.4AI score0.00267EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:39 p.m.•11 views

CVE-2026-7070

A weakness has been identified in code-projects Inventory Management System 1.0. Affected is an unknown function of the component Login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:39 p.m.•12 views

CVE-2026-34266

Vulnerability in the PeopleSoft Enterprise HCM Absence Management product of Oracle PeopleSoft component: Absence Management. The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft...

6.5CVSS7.3AI score0.00373EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:39 p.m.•11 views

CVE-2026-7223

A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...

7.5CVSS6.8AI score0.00278EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:39 p.m.•10 views

CVE-2026-34213

Docmost is open-source collaborative wiki and documentation software. Starting in version 0.3.0 and prior to version 0.71.0, improper authorization in Docmost allows a low-privileged authenticated user to overwrite another page's attachment within the same workspace by supplying a victim...

5.4CVSS5.5AI score0.0017EPSS
Exploits2References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:39 p.m.•11 views

CVE-2026-34284

Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware component: Human workflow 11g+. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

6.1CVSS7.3AI score0.00179EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:39 p.m.•10 views

CVE-2026-34688

CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service...

6.2CVSS5.5AI score0.00255EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:38 p.m.•14 views

CVE-2026-34899

Missing Authorization vulnerability in Eniture technology LTL Freight Quotes – Worldwide Express Edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through 5.2.1...

5.3CVSS5.4AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:38 p.m.•8 views

CVE-2026-7519

A vulnerability has been found in Fujian Apex LiveBOS up to 2.0. Impacted is an unknown function of the file /feed/UploadImage.do of the component Endpoint. Such manipulation of the argument filename leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to t...

7.5CVSS6.6AI score0.00418EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:38 p.m.•8 views

CVE-2026-7159

A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function readdocument/listdocuments of the file server.py. Performing a manipulation of the argument docsdir/filepath results in path traversal. The attack is possible to be carried out remotely. The exploit has...

7.5CVSS6.6AI score0.00426EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:38 p.m.•10 views

CVE-2026-7618

The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

4.9CVSS5.7AI score0.00294EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:38 p.m.•14 views

CVE-2026-34064

nimiq-account contains account primitives to be used in Nimiq's Rust implementation. Prior to version 1.3.0, VestingContract::canchangebalance returns AccountError::InsufficientFunds when newbalance balance, the node crashes while trying to return an error. The mincap balance precondition is...

8.2CVSS5.4AI score0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:38 p.m.•9 views

CVE-2026-7573

An authorization bypass CWE-639 in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy roles and permissions for any user across all organizations by supplying targeted Name and Org...

7.7CVSS5.5AI score0.00255EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:38 p.m.•7 views

CVE-2026-34068

nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, the staking contract accepts UpdateValidator transactions that set newvotingkey=Some... while omitting newproofofknowledge. this skips the proof-of-knowledge requirement that is...

6.8CVSS5.4AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:38 p.m.•10 views

CVE-2026-34680

CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service...

6.2CVSS5.5AI score0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:38 p.m.•10 views

CVE-2026-34257

Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the...

6.1CVSS5.4AI score0.00155EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:38 p.m.•10 views

CVE-2026-34244

Weblate is a web based localization tool. In versions prior to 5.17, a user with the project.edit permission granted by the per-project "Administration" role can configure machine translation service URLs pointing to arbitrary internal network addresses. During configuration validation, Weblate...

5CVSS5.5AI score0.0024EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:38 p.m.•10 views

CVE-2026-34662

Illustrator versions 29.8.6, 30.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue...

5.5CVSS5.5AI score0.0013EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:38 p.m.•13 views

CVE-2026-34280

Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft component: Job Profile Manager. The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft...

6.5CVSS7.3AI score0.00373EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:38 p.m.•11 views

CVE-2026-34325

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications component: User Interface. Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows low privileged attacker...

6.8CVSS7.4AI score0.0011EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:38 p.m.•11 views

CVE-2026-34019

When Bidirectional Forwarding Detection BFD is configured in Static and Dynamic routing protocols, undisclosed traffic can cause the Traffic Management Microkernel TMM to stop processing BFD packets and cause the configured routing protocol to fail over. Note: Software versions which have reached...

6.3CVSS5.5AI score0.00293EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:38 p.m.•10 views

CVE-2026-34127

A stored cross-site scripting XSS vulnerability has been identified in the web management interface of TP-Link's TL-SG108PE v5 switch due to improper sanitation of the SYSNAM configuration parameter during configuration file import. An attacker with administrator access can inject malicious scrip...

5.3CVSS5.1AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:38 p.m.•10 views

CVE-2026-34855

Out-of-bounds write vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality...

5.7CVSS5.4AI score0.0011EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:38 p.m.•10 views

CVE-2026-34321

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications component: User Interface. Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Difficult to exploit vulnerability allows low privileged attack...

4.8CVSS7.4AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:38 p.m.•12 views

CVE-2026-34460

NamelessMC is website software for Minecraft servers. In versions 2.2.4 and prior, the OAuth callback handling does not validate the state parameter server-side before exchanging the authorization code. This allows an attacker to capture a valid OAuth callback URL for their own account and cause ...

5.4CVSS5.5AI score0.00114EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:38 p.m.•11 views

CVE-2026-34288

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware component: Core. The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager...

5.9CVSS7.4AI score0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:38 p.m.•9 views

CVE-2026-34864

Boundary-unlimited vulnerability in the application read module. Impact: Successful exploitation of this vulnerability may affect availability...

6.8CVSS5.4AI score0.00075EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:38 p.m.•8 views

CVE-2026-34246

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting XSS vulnerability exists in the admin role management interface. In app/Http/Controllers/Admin/RoleController.php, the datatable method interpolates $role-name and...

4.8CVSS5.4AI score0.00216EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:38 p.m.•10 views

CVE-2026-34307

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Workflow. Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools...

5.4CVSS7.3AI score0.00152EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:38 p.m.•10 views

CVE-2026-34666

CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service...

6.2CVSS5.5AI score0.00255EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:38 p.m.•11 views

CVE-2026-34082

Dify is an open-source LLM app development platform. Prior to 1.13.1, the method DELETE /console/api/installed-apps//conversations/ has poor authorization checking and allows any Dify-authenticated user to delete someone else's chat history. Version 1.13.1 patches the issue...

5.3CVSS5.5AI score0.00188EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:38 p.m.•10 views

CVE-2026-34837

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, he REST endpoint POST /api/v1/aiassistance/texttools/:id contains an authorization failure. Context data e.g., a group or organization supplied to be used in the AI prompt were not checked if they are accessible f...

5.3CVSS5.5AI score0.0018EPSS
Exploits0References1
Total number of security vulnerabilities206577