Lucene search
K
VulnrichmentRecent

161986 matches found

Vulnrichment
Vulnrichment
added 3 hours ago5 views

CVE-2026-60121 Vitec Flamingo 4.12.2 Unauthenticated OS Command Injection via ping.php

Vitec Flamingo 4.12.2 contains an unauthenticated OS command injection vulnerability in the admin/ajax/ping.php endpoint that allows remote attackers to execute arbitrary commands by exploiting a double-evaluation flaw in shell argument handling. The endpoint applies escapeshellarg to the...

9.8CVSS6.3AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 4 hours ago4 views

CVE-2026-40553 Stack-based buffer overflow in gawk

Buffer overflow vulnerability has been found in "extension/readdir.c" program file of gawk ftype routine. This issue could be used to crash the program and potentially to achieve code execution, although the latter has not been confirmed to be feasible. It affects gawk in versions 5.4.0 and below...

5.1CVSS6AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-40469 Heap buffer overflow in gawk

Integer overflow vulnerability has been found in "builtin.c" program file of gawk dosub routine. This issue could be used to overwrite gawk heap metadata and objects causing the program to crash. It affects 32-bit builds of gawk in versions 5.4.0 and below...

5.1CVSS6AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-40468 Heap buffer overflow in gawk

Integer overflow vulnerability has been found in "builtin.c" program file of gawk. This issue may lead to memory exhaustion on the hosting operating system and could be used to overwrite gawk heap metadata and objects with attacker-controlled bytes. It affects gawk in versions 5.4.0 and below...

2.1CVSS6AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-40467 Use after free in gawk

Use After Free vulnerability has been found in "io.c" program file of gawk dogetlineredir routine. This issue may lead to a crash. It affects gawk in versions 5.4.0 and below...

5.1CVSS6AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 4 hours ago5 views

CVE-2026-15559 CodeAstro Simple Online Leave Management System POST accept.php sql injection

A vulnerability was detected in CodeAstro Simple Online Leave Management System 1.0. This affects an unknown part of the file /SimpleOnlineLeave/admin/accept.php of the component POST Handler. Performing a manipulation of the argument appid results in sql injection. The attack is possible to be...

6.5CVSS6.5AI score
Exploits0References6
Vulnrichment
Vulnrichment
added 5 hours ago2 views

CVE-2026-62147 Tempo-operator: tempo operator: query rbac bypass

The Tempo Operator's gateway component failed to consistently apply namespace-scoped redaction on some query API response paths when query RBAC was enabled, allowing an authenticated user to read span attributes belonging to other tenants' namespaces...

6.5CVSS6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 5 hours ago3 views

CVE-2026-15558 CodeAstro Simple Online Leave Management System deletemp.php sql injection

A security vulnerability has been detected in CodeAstro Simple Online Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /SimpleOnlineLeave/admin/deletemp.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed...

6.5CVSS6.5AI score
Exploits0References6
Vulnrichment
Vulnrichment
added 5 hours ago3 views

CVE-2026-12257 Remote code execution in Mura Software’s CMS

Versions of Mura CMS prior to 10.0.712 contain a critical remote code execution RCE vulnerability. The flaw is located in the endpoint “/index.cfm/api/json/v1/default”, where the “method” parameter in POST requests is not properly validated or sanitised before being processed by the ColdFusion...

9.3CVSS6.7AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 6 hours ago3 views

CVE-2026-6541 Unscoped updates to other playbooks' metric configuration

Mattermost versions 11.7.x = 11.7.1, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to restrict metric configuration changes to the playbook being saved, which allows an authenticated user with team access to alter another user’s playbook metric settings via a crafted import or update request with a...

4.3CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 6 hours ago3 views

CVE-2026-9820 Mattermost schemes teams endpoint exposes private team invite IDs

Mattermost versions 11.7.x = 11.7.2, 10.11.x = 10.11.19 fail to sanitize team objects returned by the scheme teams endpoint, which allows a user with the User Manager role to obtain invite links for private teams and use them to join or share access to those teams via the scheme teams API...

3.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 6 hours ago3 views

CVE-2026-9824 Remote cluster metadata enumeration via /share-channel autocomplete

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to check the managesharedchannels permission in the /share-channel autocomplete handler, which allows an authenticated user without that permission to enumerate configured remote cluster connection metadata via slash...

4.3CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 6 hours ago2 views

CVE-2026-14934 Cross-Tenant Repository Takeover via Improper Access Control in BigQuery, Dataform and Colab Enterprise

A Missing Authorization vulnerability in the repository creation functionality in Google Cloud BigQuery, Dataform and Colab Enterprise, in the versions between October 2025 and May 10th, 2026, on Google Cloud Platform, allows an authenticated attacker to escalate privileges and perform cross-tena...

9.4CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 6 hours ago3 views

CVE-2026-4765 Stored Cross-Site Scripting (XSS) in Tallos Chat by RD Station Conversas

Stored Cross-Site Scripting XSS vulnerability in the RD Station Conversas chat. The vulnerability resides in the ‘name’ parameter of the initialization process due to improper sanitization of user input. The vulnerability is not limited to self-exploitation: when a support agent joins the...

5.1CVSS6.3AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 7 hours ago3 views

CVE-2026-13014 Remote Code Execution vulnerability in "Suspicious" application

A vulnerability in Thales CERT "Suspicious" application = 1.3.4 allows a remote and unauthenticated attacker to execute arbitrary code and arbitrarily overwrite writable application files—including Python modules, configuration files, cron inputs, and runtime artifacts—leading to a persistent...

9.2CVSS6.4AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 7 hours ago3 views

CVE-2026-14846 Incorrect neutralisation in the PrestaShop firmware

In version 8.2.1 of PrestaShop, there is a vulnerability relating to the incorrect sanitisation of elements, caused by inadequate validation of the ‘Alias’ parameter in the ‘Update your address’ function. This flaw allows an attacker to inject malicious expressions that are executed when the...

4.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 7 hours ago2 views

CVE-2026-22103 Command injection in NPC start web endpoint

The NPC start endpoint on the web server at port 8090 is vulnerable to command injection...

9.3CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 7 hours ago3 views

CVE-2026-22097 Missing firmware validation allows remote code execution

The firmware update mechanism does not include cryptographic signature validation. This allows anyone with access to the firmware update capability to upload arbitrary files which can then lead to arbitrary code execution...

9.3CVSS6.2AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 7 hours ago2 views

CVE-2026-22098 Sensitive information is written to logs

Various sensitive information such as passwords and charging card UIDs are written to log files...

9.2CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 7 hours ago2 views

CVE-2026-22102 Arbitrary file overwrite through certificate update functionality

A POST request sent to a specific webserver endpoint can be used to write to arbitrary file locations. The endpoint accepts the filename parameter in the Content-Disposition header without verification. This can be used to cause a denial of service by overwriting system files, or...

9.3CVSS6.3AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 7 hours ago3 views

CVE-2026-22099 Missing authentication for Bluetooth communication

The charging station does not require authentication for Bluetooth commands to perform actions. The functionality exposed includes sensitive information leakage, triggering reboots, or pushing a firmware update URL...

8.7CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 7 hours ago3 views

CVE-2026-22100 Comnand injection in OCPP ReserveLogin message

The OCPP DataTransfer message ReserveLogin is vulnerable to command injection. By manipulating the data value, arbitrary OS commands can be executed as root...

8.6CVSS6.2AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 7 hours ago2 views

CVE-2026-22096 Missing authentication for webserver endpoints

The webserver running on port 8090 does not require authentication. This allows for sensitive information leakage such as configured passwords, or uploading files through different endpoints...

9.3CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 7 hours ago3 views

CVE-2026-22095 Command injection in diagnosis web endpoint

The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection...

9.3CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 7 hours ago2 views

CVE-2026-22093 Adversary-in-the-Middle (AitM) attack vulnerability in EVbee Service app

The EVbee Service Android app uses TLS encrypted communication HTTPS, but does not validate the certificate provided by the server. This allows an attacker on the network path between the app and EVbee server to intercept and manipulate the communication between the app and server. The traffic is...

9.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 8 hours ago2 views

CVE-2026-49876 Apache Gravitino: Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs

Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs. A vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 through 1.2.1. Users are recommended to upgrade to...

6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 8 hours ago3 views

CVE-2026-57815 WordPress Forminator plugin <= 1.55.0.2 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Path Traversal.This issue affects Forminator: from n/a through = 1.55.0.2...

7.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 8 hours ago3 views

CVE-2026-61977 WordPress JetSearch plugin <= 3.6.1.2 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetSearch jet-search allows Retrieve Embedded Sensitive Data.This issue affects JetSearch: from n/a through = 3.6.1.2...

5.3CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 8 hours ago3 views

CVE-2026-61956 WordPress ووسلام – همگام سازی ووکامرس و باسلام plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in hamsalam ووسلام همگام سازی ووکامرس و باسلام sync-basalam allows Cross Site Request Forgery.This issue affects ووسلام همگام سازی ووکامرس و باسلام: from n/a through = 1.9.1...

7.1CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 8 hours ago3 views

CVE-2026-57805 WordPress Tonda theme <= 2.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Tonda tonda allows PHP Local File Inclusion.This issue affects Tonda: from n/a through = 2.5...

7.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 8 hours ago3 views

CVE-2026-59516 WordPress ICS Calendar plugin <= 12.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Reflected XSS.This issue affects ICS Calendar: from n/a through = 12.1.1...

7.1CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 8 hours ago2 views

CVE-2026-61955 WordPress گرویتی فرم فارسی plugin <= 3.0.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Hannan گرویتی فرم فارسی persian-gravity-forms allows Blind SQL Injection.This issue affects گرویتی فرم فارسی: from n/a through = 3.0.2...

7.6CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 8 hours ago4 views

CVE-2026-61985 WordPress Car Rental Manager plugin <= 1.3.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam Car Rental Manager car-rental-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Rental Manager: from n/a through = 1.3.7...

5.3CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 8 hours ago4 views

CVE-2026-59523 WordPress Simply Schedule Appointments plugin <= 1.6.11.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.11.11...

6.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 8 hours ago3 views

CVE-2026-61976 WordPress JetBlocks For Elementor plugin <= 1.5.0 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Retrieve Embedded Sensitive Data.This issue affects JetBlocks For Elementor: from n/a through = 1.5.0...

5.3CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 8 hours ago2 views

CVE-2026-57745 WordPress RT-Theme 18 | Extensions plugin <= 2.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Reflected XSS.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...

7.1CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 8 hours ago2 views

CVE-2026-57790 WordPress Billey theme <= 2.1.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Billey billey allows PHP Local File Inclusion.This issue affects Billey: from n/a through = 2.1.8...

7.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 8 hours ago3 views

CVE-2026-59518 WordPress Directorist plugin <= 8.8.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in wpWax Directorist directorist allows Object Injection.This issue affects Directorist: from n/a through = 8.8.2...

9.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 8 hours ago3 views

CVE-2026-57741 WordPress AcyMailing SMTP Newsletter plugin <= 10.11.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Stored XSS.This issue affects AcyMailing SMTP Newsletter: from n/a through = 10.11.0...

7.1CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 8 hours ago3 views

CVE-2026-57771 WordPress GD Rating System plugin <= 3.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Milan Petrovic GD Rating System gd-rating-system allows Blind SQL Injection.This issue affects GD Rating System: from n/a through = 3.7...

8.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 8 hours ago3 views

CVE-2026-59515 WordPress AIWU plugin <= 1.5.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Sergey AIWU ai-copilot-content-generator allows Blind SQL Injection.This issue affects AIWU: from n/a through = 1.5.4...

9.3CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 8 hours ago2 views

CVE-2026-61975 WordPress JetReviews plugin <= 3.0.1 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetReviews jet-reviews allows Retrieve Embedded Sensitive Data.This issue affects JetReviews: from n/a through = 3.0.1...

5.3CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 8 hours ago3 views

CVE-2026-57789 WordPress Aqua theme <= 5.1.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in jwsthemes Aqua aqua allows PHP Local File Inclusion.This issue affects Aqua: from n/a through = 5.1.2...

7.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 8 hours ago2 views

CVE-2026-57779 WordPress Fascinate theme <= 1.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in themebeez Fascinate fascinate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fascinate: from n/a through = 1.1.5...

5.3CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 8 hours ago3 views

CVE-2026-57773 WordPress Advanced Shipment Tracking for WooCommerce plugin <= 4.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Zorem Advanced Shipment Tracking for WooCommerce woo-advanced-shipment-tracking allows Blind SQL Injection.This issue affects Advanced Shipment Tracking for WooCommerce: from n/a through = 4.0...

7.6CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 8 hours ago3 views

CVE-2026-57795 WordPress Kitchor theme <= 1.4.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in themelexus Kitchor kitchor allows PHP Local File Inclusion.This issue affects Kitchor: from n/a through = 1.4.3...

7.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 8 hours ago3 views

CVE-2026-57801 WordPress SetSail theme <= 2.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes SetSail setsail allows PHP Local File Inclusion.This issue affects SetSail: from n/a through = 2.1...

7.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 8 hours ago3 views

CVE-2026-57781 WordPress MeetingHub plugin <= 1.25.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in Sovlix MeetingHub meetinghub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MeetingHub: from n/a through = 1.25.10...

5.3CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 8 hours ago3 views

CVE-2026-57744 WordPress RT-Theme 18 | Extensions plugin <= 2.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Object Injection.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...

9.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 8 hours ago2 views

CVE-2026-57787 WordPress CWS SVGicons plugin <= 1.5.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CreativeWS CWS SVGicons cws-svgicons allows Blind SQL Injection.This issue affects CWS SVGicons: from n/a through = 1.5.5...

8.5CVSS6.1AI score
Exploits0References1
Total number of security vulnerabilities161986