Lucene search
+L
VulnrichmentRecent

163619 matches found

vulnrichment
vulnrichment
added 2026/06/15 7:15 p.m.7 views

CVE-2026-52722 Gstreamer1-plugins-bad-free: gstreamer: signed integer overflow in vmnc decoder cursor payload handling

A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a...

7.1CVSS5.4AI score0.0031EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2026/06/15 7:15 p.m.7 views

CVE-2026-52720 Gstreamer1-plugins-bad-free: gstreamer: heap buffer overflow via crafted vnc server rectangle in librfb

A heap buffer overflow vulnerability was found in GStreamer's librfb RFB/VNC client. The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a...

8.8CVSS6.2AI score0.0053EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2026/06/15 7:10 p.m.5 views

CVE-2026-53704 Gstreamer1-plugins-ugly-free: gstreamer: out-of-bounds read in realmedia demuxer fileinfo metadata parser

A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using reskippascalstring without validating that offsets remain...

7.1CVSS5.2AI score0.00221EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/15 7:10 p.m.8 views

CVE-2026-53703 Gstreamer1-plugins-ugly-free: gstreamer: out-of-bounds read in realmedia demuxer audio stream header parser

A vulnerability was found in the GStreamer RealMedia demuxer gst-plugins-ugly. When processing a RealMedia .rm file, the demuxer parses MDPR media properties chunks to configure audio streams. For audio stream header versions 4 and 5, the parser reads fields such as codec type, packet size, sampl...

7.1CVSS5.5AI score0.00228EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/06/15 7:10 p.m.7 views

CVE-2026-52721 Gstreamer1-plugins-bad-free: gstreamer: multiple out-of-bounds reads in pcapparse ipv4/tcp header parsing

Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used in debugging pipelines, limiting real-world exposure. A local attacker could...

5.3CVSS5.5AI score0.00107EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/15 7:10 p.m.7 views

CVE-2026-53705 Gstreamer1-plugins-good: gstreamer: heap buffer overflow in wavpack decoder via integer overflow

A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation 4 blocksamples channels in gstwavpackdechandleframe causes a very small heap allocation. The WavPack library then writes...

7.6CVSS6.2AI score0.0031EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/06/15 7:10 p.m.7 views

CVE-2026-52719 Gstreamer1-plugins-bad-free: gstreamer: out-of-bounds read via jpeg segment length validation in va decoder

An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it against available data. A remote attacker could trick a user into opening a specially crafted JPEG file, causi...

7.1CVSS5.4AI score0.00301EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/06/15 6:54 p.m.19 views

CVE-2026-41708 Spring Cloud Sleuth instrumentation of Spring TX DoS vulnerability

In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service DoS condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is...

7.5CVSS5.3AI score0.00278EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 6:54 p.m.9 views

CVE-2026-47835 Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores

In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store. Affected versions: Spring AI 1.0.0...

8.6CVSS5.7AI score0.00254EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 6:52 p.m.7 views

CVE-2026-48114 Metacat has an unauthenticated SQL injection vulnerability

Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthenticated SQL injection in the /harvesterRegistration endpoint. HarvesterRegistration.dbInsert builds an INSERT against HARVESTSITESCHEDULE via string...

9.8CVSS5.6AI score0.0037EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/15 6:50 p.m.7 views

CVE-2026-49954 Discuz! X5.0 Local File Inclusion via enable_disable.php Plugin Directory

Discuz! X5.0 releases 20260320 through 20260610 contain a local file inclusion vulnerability that allows authenticated administrators to execute arbitrary code by importing a specially crafted plugin configuration containing path traversal sequences in the directory attribute. Attackers can trigg...

8.6CVSS6.4AI score0.00525EPSS
Exploits2References3
vulnrichment
vulnrichment
added 2026/06/15 6:45 p.m.7 views

CVE-2026-49953 Discuz! X5.0 CAPTCHA Bypass via Predictable Character Set

Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a custom optical...

6.9CVSS5.3AI score0.00359EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/15 6:43 p.m.8 views

CVE-2026-49952 Discuz! X5.0 Authentication Bypass via dbbak.php Encryption Oracle

Discuz! X5.0 releases 20260320 through 20260501 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to gain unauthorized access to database backup and restore functionality by exploiting a shared cryptographic key between UCenter integration and the databa...

9.3CVSS5.6AI score0.0135EPSS
Exploits3References4
vulnrichment
vulnrichment
added 2026/06/15 6:33 p.m.9 views

CVE-2026-11931 Insecure Permissions on Authentication Token Cache File in Kiro IDE

Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions 0644 instead of owner-restricted permissions 0600. To remediate this issue, users should upgrade t...

6.8CVSS5.4AI score0.00122EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/15 4:54 p.m.13 views

CVE-2026-47777 Mastodon has a consent-check bypass in its remote Collections

Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the...

7.5CVSS5.4AI score0.00167EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/15 4:24 p.m.7 views

CVE-2026-8358 Heap buffer overflow in spreadsheet tracked-changes import

LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its...

6.9CVSS5.6AI score0.00171EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 4:23 p.m.10 views

CVE-2026-8357 Heap buffer overflow in Calc formula compilation

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element pa...

6.9CVSS5.6AI score0.00139EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 4:23 p.m.6 views

CVE-2026-8356 Stack buffer overflow in PPT presentation import

LibreOffice can import presentations in the legacy binary PPT format. A stack buffer overflow existed when importing a colour-replacement record. Two fixed-size colour tables were filled from the file, but the write position was not reset between the two passes over the record, so a file whose...

6.9CVSS5.7AI score0.0012EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 4:22 p.m.9 views

CVE-2026-6047 Heap buffer overflow in OOXML text box element import

LibreOffice can import documents in the OOXML format DOCX. A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed...

6.9CVSS5.6AI score0.0012EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 4:22 p.m.7 views

CVE-2026-6045 Heap buffer overflow in EMF+ gradient brush import

LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small...

6.9CVSS5.6AI score0.0012EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 4:21 p.m.9 views

CVE-2026-6040 Heap use-after-free in ODF number-format blank-width parsing

A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed...

6.9CVSS5.2AI score0.00114EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 4:21 p.m.11 views

CVE-2026-6039 Heap buffer overflow in DXF polyline import

LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count taken from the file was truncated to a 16-bit value when the point buffer was sized, while the full count was used to fill it, so a polyline whose...

6.9CVSS5.6AI score0.00157EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 4:21 p.m.6 views

CVE-2026-20262 Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate...

6.5CVSS5.6AI score0.07683EPSS
Exploits2References1
vulnrichment
vulnrichment
added 2026/06/15 3:17 p.m.8 views

CVE-2026-9863 Core Privileged Access Manager (BoKS) upgrade tooling command injection vulnerability

Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be able to cause commands to be executed on the BoKS...

7.5CVSS5.3AI score0.00595EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 3:14 p.m.8 views

CVE-2025-15659 WordPress Elizaibots plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting XSS in Elizaibots = 1.0.2 versions...

6.5CVSS5.1AI score0.0013EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 3:14 p.m.9 views

CVE-2025-15658 WordPress WP Emmet plugin <= 0.3.4 - Cross Site Scripting (XSS) vulnerability

Administrator Cross Site Scripting XSS in WP Emmet = 0.3.4 versions...

5.9CVSS5.2AI score0.0014EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 3:10 p.m.10 views

CVE-2026-9862 Core Privileged Access Manager (BoKS) autoregistration service command injection vulnerability

Fortra's Core Privileged Access Manager BoKS contains an OS command injection vulnerability in the boksautoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing...

9.8CVSS5.4AI score0.00865EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 3:0 p.m.9 views

CVE-2026-9595 webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies

Impact: When a user-configured proxy on webpack-dev-server has a broad context e.g. / and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This leaks the browser's cookies and Origin header to the backend, bypasses the dev server's Host/Origin...

5.3CVSS5.3AI score0.00163EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/06/15 2:23 p.m.8 views

CVE-2026-5038 multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads

Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskStorage. Aborted or malformed multipart uploads leave orphaned partial files on disk because the Readable.pipe call does not propagate the stream destroy signal to the...

5.3CVSS5.4AI score0.00278EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/15 2:16 p.m.8 views

CVE-2026-10634 Use-after-free in Zephyr native TCP `net_tcp_foreach()` due to dropping `tcp_lock` during the callback

Zephyr's native TCP stack iterates the global connection list in nettcpforeach subsys/net/ip/tcp.c using the SYSSLISTFOREACHCONTAINERSAFE macro, which caches a pointer to the next list node. Prior to this fix the function released tcplock while invoking the per-connection callback and re-acquired...

4.8CVSS6.1AI score0.00274EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2026/06/15 2:6 p.m.9 views

CVE-2026-8683 Overly long URLs crash the Mattermost Desktop App

Mattermost Desktop App versions =6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious server owner to crash the application via including a script to call window.open on a very large URL. Mattermost Advisory ID:...

6.5CVSS5.3AI score0.00199EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 1:56 p.m.13 views

CVE-2026-5079 multer vulnerable to Denial of Service via deeply nested field names

Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field names in multipart form data. The append-field dependency parses bracket notation in field names with no limit on nesting depth, allowing an attacker to force allocation of...

7.5CVSS5.3AI score0.00278EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/15 1:55 p.m.12 views

CVE-2026-6517 Mattermost Desktop App fails to restrict the allow list of domains which NTLM credentials are passed

Mattermost Desktop App versions =6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop App which allows any user on a server without the image proxy enabled to intercept other users credentials via embedding an image that...

6.3CVSS5.2AI score0.00187EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 1:3 p.m.9 views

CVE-2025-64215 WordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16...

6.5CVSS5.2AI score0.00196EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 1:1 p.m.10 views

CVE-2026-49064 WordPress GetPaid plugin <= 2.8.49 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Stiofan GetPaid allows Retrieve Embedded Sensitive Data. This issue affects GetPaid: from n/a through 2.8.49...

7.5CVSS5.2AI score0.00238EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 12:58 p.m.10 views

CVE-2026-48969 WordPress Really Simple SSL plugin <= 9.5.9 - Broken Access Control vulnerability

Subscriber Broken Access Control in Really Simple SSL = 9.5.9 versions...

6.5CVSS5.2AI score0.00223EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 12:52 p.m.8 views

CVE-2026-49111 WordPress Masteriyo - LMS plugin <= 2.2.0 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0...

8.8CVSS5.2AI score0.00238EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 12:51 p.m.10 views

CVE-2026-49062 WordPress Faust.js plugin <= 1.8.7 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Engine Faust.Js allows Password Recovery Exploitation. This issue affects Faust.Js: from n/a through 1.8.7...

8.8CVSS5.2AI score0.0029EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 12:49 p.m.8 views

CVE-2026-52704 WordPress WooCommerce PDF Invoice Builder plugin <= 2.0.8 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Edgar Rojas WooCommerce PDF Invoice Builder allows Remote Code Inclusion. This issue affects WooCommerce PDF Invoice Builder: from n/a through 2.0.8...

10CVSS5.4AI score0.00314EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 12:47 p.m.7 views

CVE-2026-5242 Code Injection in Mia Technologies' Pizzy Library

Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250...

8.8CVSS5.3AI score0.00304EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 12:42 p.m.10 views

CVE-2026-5233 Missing Rate Limiting in Mia Technologies' Pizzy Library

Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250...

7.1CVSS5.2AI score0.00205EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 12:23 p.m.9 views

CVE-2026-5230 Improper Access Control in Mia Technologies' Pizzy Library

Improper Access Control, Missing Authorization vulnerability in MIA Technology Inc. Pizzy Library allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250...

7.1CVSS5.2AI score0.00174EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 12:2 p.m.9 views

CVE-2016-20068 WordPress Booking Calendar Contact Form 1.0.23 SQL Injection

WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send requests to the admin-ajax.php endpoint wit...

8.8CVSS6.2AI score0.00302EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/15 12:0 p.m.10 views

CVE-2018-25437 WordPress CherryFramework Themes 3.1.4 Backup File Download

WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download sensitive backup files by accessing the downloadbackup.php endpoint. Attackers can directly access the downloadbackup.php script in the admin/datamanagement...

8.7CVSS5.2AI score0.00287EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/15 12:0 p.m.8 views

CVE-2019-25746 WordPress Sliced Invoices 3.8.2 SQL Injection via post Parameter

WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send requests to the admin.php endpoint with action=duplicatequoteinvoice and...

7.1CVSS5.7AI score0.00226EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/06/15 12:0 p.m.8 views

CVE-2018-25436 WordPress Plugin Baggage Freight Shipping Australia 0.1.0 Arbitrary File Upload

WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files by exploiting the upload-package.php endpoint. Attackers can submit POST requests with malicious file extensions to the uplo...

9.8CVSS6AI score0.00661EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/06/15 12:0 p.m.9 views

CVE-2016-20083 WordPress More Fields Plugin 2.1 Cross-Site Request Forgery

WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by disabling CSRF token validation. Attackers can craft malicious web pages that trick logged-in administrators into adding or deleting custom fields and boxe...

6.9CVSS5.2AI score0.00138EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/15 12:0 p.m.10 views

CVE-2016-20084 WordPress appointment-booking-calendar 1.1.24 Privilege Escalation XSS

WordPress appointment-booking-calendar 1.1.24 contains multiple privilege escalation vulnerabilities that allow unauthenticated attackers to modify calendar settings and inject persistent cross-site scripting payloads through the admin.php page parameters. Attackers can inject malicious JavaScrip...

7.2CVSS5.3AI score0.00245EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/15 12:0 p.m.9 views

CVE-2016-20082 WordPress Plugin Abtest Local File Inclusion via abtest_admin.php

WordPress Plugin Abtest contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the action parameter. Attackers can send GET requests to abtestadmin.php with malicious action values to include files from the admin directory an...

6.9CVSS5.8AI score0.00326EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/15 12:0 p.m.8 views

CVE-2016-20081 WordPress Plugin HB Audio Gallery Lite 1.0.0 Path Traversal File Download

WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the filepath parameter. Attackers can send requests to the audio-download.php endpoint with directory traversal sequences to acces...

8.7CVSS5.4AI score0.00641EPSS
Exploits0References3
Total number of security vulnerabilities163619