Lucene search
+L
VulnrichmentRecent

163939 matches found

Vulnrichment
Vulnrichment
added 2026/06/09 2:27 p.m.12 views

CVE-2025-67862

An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability CWE-1244 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiPro...

6.7CVSS5.6AI score0.00149EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 2:27 p.m.10 views

CVE-2026-25089

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may...

9.8CVSS5.7AI score0.36135EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 2:27 p.m.2 views

CVE-2026-49938

A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access control via...

6.5CVSS6.6AI score0.00201EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 2:16 p.m.11 views

CVE-2026-10523

An Authentication Bypass vulnerability CWE-288 in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access...

9.9CVSS5.7AI score0.4719EPSS
Exploits4References1
Vulnrichment
Vulnrichment
added 2026/06/09 2:10 p.m.13 views

CVE-2026-10520

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution...

10CVSS6.3AI score0.99041EPSS
Exploits6References1
Vulnrichment
Vulnrichment
added 2026/06/09 2:4 p.m.12 views

CVE-2026-49762 Unbounded integer parsing in the Version module enables CPU and memory exhaustion denial of service

Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a denial of service through CPU and memory exhaustion. The version parser converts numeric version components major, minor, patch and numeric...

5.1CVSS5.5AI score0.00152EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/09 1:23 p.m.10 views

CVE-2026-47901 Iframe escape by plugins in Logseq

Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject arbitrary HTML attributes, such as event handlers, into their container element in the host DOM. Due to a disabled Content Security Policy CSP, this allows a malicious plugin to execute arbitrary...

4.6CVSS5.8AI score0.00139EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 1:23 p.m.9 views

CVE-2026-47900 Stored XSS via Unsanitized Plugin Metadata in Logseq

Logseq is vulnerable to a stored cross-site scripting XSS. A malicious plugin can include a JavaScript payload in the "name" field of its "package.json" file, which is rendered using "innerHTML" without proper sanitization, allowing the execution of arbitrary code in the privileged host context...

4.6CVSS5.7AI score0.00139EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 1:23 p.m.9 views

CVE-2026-47899 Arbitrary File Read, Write, Rename, and Delete in Logseq

The Electron preload script in Logseq exposes an API method that allows the renderer process to invoke IPC handlers without proper path validation. An attacker with JavaScript execution in the renderer e.g. via XSS or a malicious plugin, can read, write, or delete arbitrary files on the user's...

8.7CVSS5.8AI score0.00137EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 1:23 p.m.9 views

CVE-2026-9279 Shell command injection in Logseq

Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name e.g. git, pandoc, grep, the argument string is concatenated with the command and passed to childprocess.spawn with the shell: true option, allowing shell...

8.7CVSS6.7AI score0.0027EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 1:11 p.m.9 views

CVE-2026-11792 389-ds-base: 389-ds-base: heap buffer overflow in audit log password masking (create_masked_entry_string)

A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the createmaskedentrystring function in auditlog.c copies a fixed-length password mask into a precisely-sized heap buffer without checking available space. If a short cleartext password is logged requiri...

3.3CVSS5.7AI score0.00258EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 1:11 p.m.9 views

CVE-2026-11793 389-ds-base: 389-ds-base: stack buffer overflow in checkprefix() algorithm id parsing

A stack buffer overflow flaw was found in 389 Directory Server. The checkPrefix function in pw.c copies an attacker-controlled algorithm ID into a 256-byte stack buffer without bounds checking when parsing reversible-encrypted attribute values. An attacker with Directory Manager privileges can...

4.9CVSS5.7AI score0.00282EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 1:9 p.m.9 views

CVE-2026-11790 389-ds-base: 389-ds-base: pbkdf2 password storage plugin unbounded iteration count denial of service

A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user's password hash can cause excessive CPU consumption during authentication,...

4.9CVSS5.4AI score0.00291EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 1:2 p.m.10 views

CVE-2026-11789 389-ds-base: 389-ds-base: smd5 password storage plugin salt length integer underflow crash

A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication...

4.9CVSS5.7AI score0.00282EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 1:2 p.m.11 views

CVE-2026-11788 389-ds-base: 389-ds-base: null pointer dereference in deref control plugin ber parser

A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure...

5.9CVSS5.5AI score0.00346EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 1:2 p.m.11 views

CVE-2026-11787 389-ds-base: 389-ds-base: heap buffer over-read in ldap_utf8prev() via str2simple filter parsing

A flaw was found in 389 Directory Server. The ldaputf8prev function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that may influence internal filter processing behavior...

5CVSS5.7AI score0.00177EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 12:57 p.m.16 views

CVE-2026-11786 389-ds-base: 389-ds-base: heap out-of-bounds read in ldif parser str2entry_state_information_from_type()

A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute types with trailing semicolons during database import, causing an out-of-bounds read detectable under memory instrumentation...

1.9CVSS5.6AI score0.0016EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 12:57 p.m.11 views

CVE-2026-11785 389-ds-base: 389-ds-base: partial stack address information leak via ber_printf type confusion in sso token handler

A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be disclosed in LDAP responses to authenticated users...

4.3CVSS5.3AI score0.00179EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 12:24 p.m.12 views

CVE-2026-7486 SQLi in Netcad's E-İmar

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Netcad Software Inc. E-İmar allows SQL Injection. This issue affects E-İmar: from 2.10.1.0 before 3.0.2...

9.8CVSS5.6AI score0.00275EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 11:54 a.m.12 views

CVE-2026-11764 Data exposed without proper permission

When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This is inconsistent with the UI and API where only the first letters of the gift card secret are shown...

6.9CVSS5.5AI score0.00229EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 11:48 a.m.20 views

CVE-2017-20251 WordPress Insert PHP Plugin 4.7.0 PHP Code Injection via REST API

WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious shortcodes through the WordPress REST API. Attackers can send POST requests to the wp-json/wp/v2/posts endpoint...

9.8CVSS6.1AI score0.00559EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/09 11:48 a.m.17 views

CVE-2017-20250 WordPress Plugin Mac Photo Gallery 3.0 Arbitrary File Download

Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to macdownload.php with directory traversal sequences to access sensitive files like wp-load.php outside...

8.7CVSS5.6AI score0.00641EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 11:48 a.m.18 views

CVE-2017-20249 WordPress Plugin Apptha Slider Gallery 1.0 SQL Injection

Apptha Slider Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the albid parameter. Attackers can send GET requests with crafted SQL payloads in the albid parameter to extract sensitive...

8.8CVSS6.1AI score0.00295EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 11:48 a.m.13 views

CVE-2017-20247 WordPress Plugin PICA Photo Gallery 1.0 SQL Injection

WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid parameter. Attackers can send GET requests with crafted SQL payloads in the aid parameter to extract...

8.8CVSS6.1AI score0.00262EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 11:48 a.m.13 views

CVE-2017-20246 KittyCatfish 2.2 Plugin for WordPress SQL Injection

KittyCatfish 2.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to read database contents by exploiting an unescaped GET parameter. Attackers can inject SQL code through the 'kcad' parameter in base.css.php or kittycatfish.php to extract sensiti...

8.8CVSS5.7AI score0.0027EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/09 11:48 a.m.14 views

CVE-2017-20244 Wow Forms WordPress Plugin 2.1 SQL Injection

Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST parameter. Attackers can inject SQL code through the 'mwpformid' parameter in requests to the admin-ajax.php...

8.8CVSS5.8AI score0.0027EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/09 11:48 a.m.14 views

CVE-2017-20245 Wow Viral Signups 2.1 WordPress Plugin SQL Injection

Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by exploiting the unescaped 'idsignup' POST parameter. Attackers can send crafted requests to the admin-ajax.php endpoint with malicious SQL payload...

8.8CVSS5.8AI score0.0027EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/09 11:48 a.m.13 views

CVE-2017-20243 WordPress Car Park Booking Plugin SQL Injection via space_id

WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the spaceid parameter. Attackers can send GET requests to the booking-page endpoint with...

8.8CVSS5.7AI score0.00262EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 11:48 a.m.3 views

CVE-2016-20065 Product Catalog 8 1.2 Plugin WordPress SQL Injection

Product Catalog 8 1.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the selectedCategory parameter. Attackers can submit POST requests to the admin-ajax.php endpoint with the...

8.8CVSS6.3AI score0.0027EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/09 11:48 a.m.9 views

CVE-2016-20064 WP Vault 0.8.6.6 Local File Inclusion via wpv-image Parameter

WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitiv...

6.9CVSS5.6AI score0.00671EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/09 11:48 a.m.10 views

CVE-2016-20063 Single Personal Message 1.0.3 WordPress Plugin SQL Injection

Single Personal Message 1.0.3 contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries by injecting malicious code through the message parameter. Attackers can access the admin interface and supply crafted SQL statements in the message parameter to...

7.1CVSS6AI score0.00221EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/09 11:48 a.m.10 views

CVE-2016-20062 Simply Poll 1.4.1 Plugin for WordPress SQL Injection

Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the 'pollid' POST parameter. Attackers can send requests to the admin-ajax.php endpoint with the 'spAjaxResults' actio...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/09 11:21 a.m.10 views

CVE-2026-2638 X-VPN macOS website versions - Local Privilege Escalation

A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 through 77.5 allow a local attacker to leverage a race condition and symlink manipulation to achieve privileged file corruption...

7.3CVSS5.4AI score0.00085EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/09 10:54 a.m.11 views

CVE-2026-49742 TYPO3 CMS - Broken Access Control in Media Module

Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer FAL via the Media Module. Since the fallback storage resolves paths relative to the server's document root, this could expose sensitive files such as log files. This...

7.1CVSS5.4AI score0.00313EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 10:54 a.m.9 views

CVE-2026-49741 TYPO3 CMS - Privilege Escalation & SQL Injection in Form Framework

Backend users with write access to the formdefinition database table were able to directly create, update, or delete form definition records via DataHandler, bypassing the Form Framework's persistence validation and permission checks. This allowed injecting arbitrary form configurations,...

8.7CVSS6.2AI score0.00244EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 10:53 a.m.9 views

CVE-2026-49740 TYPO3 CMS - Insecure Deserialization in Core API

TYPO3's cache frontend VariableFrontend and persistent key-value store Registry deserialized PHP payloads without integrity validation or class restrictions. An attacker with write access to the underlying storage backend cache store or sysregistry database table could inject a crafted serialized...

6.3CVSS6.2AI score0.00215EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 10:53 a.m.9 views

CVE-2026-49738 TYPO3 CMS - Broken Access Control in File Abstraction Layer

The path allowance check in GeneralUtility::isAllowedAbsPath performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html. Administrator...

2.1CVSS6.1AI score0.00356EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 10:53 a.m.11 views

CVE-2026-47352 TYPO3 CMS - Broken Access Control in Backend API

Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storages. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46,...

5.3CVSS5.5AI score0.00238EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 10:52 a.m.12 views

CVE-2026-47351 TYPO3 CMS - Broken Access Control in Clipboard

Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information about records and files they were not authorized to view. This issue affects TYPO3 CMS versions 10.4.0-13.4.30 and 14.0.0-14.3.2...

5.3CVSS5.6AI score0.00238EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 10:52 a.m.10 views

CVE-2026-47350 TYPO3 CMS - Broken Access Control in DataHandler

Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3...

5.3CVSS5.5AI score0.00238EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 10:51 a.m.8 views

CVE-2026-47349 TYPO3 CMS - Broken Access Control in Recycler

Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.50, 12.0.0-12.4.45, 13.0.0-13.4.30 and 14.0.0-14.3.2...

5.3CVSS6.1AI score0.00238EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 10:51 a.m.7 views

CVE-2026-47348 TYPO3 CMS - Cross-Site Scripting in Indexed Search

Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search results via the Indexed Search plugin, these titles were rendered without proper output encoding,...

5.1CVSS5.5AI score0.00269EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 10:51 a.m.7 views

CVE-2026-47347 TYPO3 CMS - Open Redirect in Core Utilities

Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out phishing attacks. This...

5.3CVSS5.5AI score0.00294EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 10:50 a.m.12 views

CVE-2026-47346 TYPO3 CMS - Broken Access Control in Form Framework

Backend users with file write permissions were able to upload form definition files with mixed-case extensions e.g., .FORM.YAML to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers to...

7.6CVSS6AI score0.00253EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 10:49 a.m.9 views

CVE-2026-47343 TYPO3 CMS - Destructive Actions on File Mount Folders

Non-privileged backend users with file mount access were able to perform write operations move, delete, rename on folders representing the root of an active file mount due to missing authorization restrictions. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0 through 11.5.50, 12.0.0...

7.2CVSS5.5AI score0.00238EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 10:48 a.m.11 views

CVE-2026-11607 TYPO3 CMS - Broken Access Control in Form Framework

Backend users with access to the Form Framework were able to use files not ending in .form.yaml as form definitions, which were processed without denying the incorrect file extension. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers to...

7.6CVSS6.3AI score0.00238EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 9:51 a.m.11 views

CVE-2026-41031 A Stored Cross-Site Scripting (XSS) vulnerability occurs in Vinna Process Monitor

A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 Build 63255 allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and sessio...

9.3CVSS5.6AI score0.00242EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 9:33 a.m.8 views

CVE-2026-52902 Awxkit: path traversal via yaml !include directive

A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not sanitize file paths, allowing an attacker to craft a malicious YAML file that reads arbitrary YAML-formatted files from the local filesystem when a user imports it using "awx --conf.form...

4.7CVSS5.4AI score0.00121EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 9:28 a.m.11 views

CVE-2026-4058 User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.3.2 - Missing Authorization to Authenticated (Subscriber+) Subscription Pack Cancellation

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the usersubscriptioncancel function in all versions up to, and including, 4.3.2. Thi...

4.3CVSS5.5AI score0.00153EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 9:23 a.m.19 views

CVE-2025-10263

Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level...

5.4AI score0.0053EPSS
Exploits0References1
Total number of security vulnerabilities163939