Lucene search
K
VulnrichmentRecent

161693 matches found

Vulnrichment
Vulnrichment
•added 2026/06/29 3:23 p.m.•8 views

CVE-2026-13437

Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API...

5.8AI score0.00255EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/29 3:19 p.m.•7 views

CVE-2026-13742 Lack of signature verification before execution of downloaded content

Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An attacker could potentially exploit this vulnerability, leading to the replacement of downloaded file with a malicious one. Honeywell also recommends...

5.8CVSS5.8AI score0.00083EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/29 3:15 p.m.•6 views

CVE-2026-13581 Edimax EW-7478APC POST Request formStaDrvSetup os command injection

A vulnerability was detected in Edimax EW-7478APC 1.04. This vulnerability affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. The manipulation of the argument rootAPmac results in os command injection. The attack can be executed remotel...

6.5CVSS6.4AI score0.01158EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2026/06/29 3:0 p.m.•9 views

CVE-2026-13580 Edimax EW-7478APC POST Request formQoS buffer overflow

A security vulnerability has been detected in Edimax EW-7478APC 1.04. This affects the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID leads to buffer overflow. Remote exploitation of the attack is possible. The exploit...

9CVSS7.5AI score0.00445EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2026/06/29 2:45 p.m.•10 views

CVE-2026-13579 itsourcecode Hospital Management System patientchangepassword.php sql injection

A weakness has been identified in itsourcecode Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /patientchangepassword.php. Executing a manipulation of the argument newpassword can lead to sql injection. The attack may be launched remotely. The...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
Vulnrichment
Vulnrichment
•added 2026/06/29 2:34 p.m.•12 views

CVE-2026-49049 Joomla Extension - joomshaper.com - Unauthenticated access to Helix3 template ajax handler

The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters...

5.9AI score0.00228EPSS
Exploits3References1
Vulnrichment
Vulnrichment
•added 2026/06/29 2:31 p.m.•9 views

CVE-2026-56290 Joomla Extension - joomlack.fr - Unauthenticated file upload in Page Builder CK extension < 3.6.0

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS5.8AI score0.02912EPSS
Exploits4References1
Vulnrichment
Vulnrichment
•added 2026/06/29 2:30 p.m.•10 views

CVE-2026-13578 itsourcecode Hospital Management System patientdetail.php sql injection

A security flaw has been discovered in itsourcecode Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patientdetail.php. Performing a manipulation of the argument editid results in sql injection. The attack may be initiated remotely. The explo...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
Vulnrichment
Vulnrichment
•added 2026/06/29 2:19 p.m.•7 views

CVE-2026-55844 Home Assistant: iOS Companion App ignores internal SSID allowlist for connections – possible leak of access token and sensor data

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2025.5.0, The iOS companion app ignores the SSID allowlist for internal networks. The app uses SSID to detect when to use the internal URL, but whenever the app cannot find any other URL to ...

7.5CVSS5.8AI score0.00161EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/29 2:15 p.m.•4 views

CVE-2026-13574 llvm llvm-project Bitcode File IntrinsicInst.cpp getBasePtr heap-based overflow

A vulnerability was determined in llvm llvm-project up to 22.1.6. This impacts the function GCRelocateInst::getBasePtr in the library llvm/lib/IR/IntrinsicInst.cpp of the component Bitcode File Handler. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on th...

4.8CVSS5.8AI score0.00124EPSS
Exploits0References7
Vulnrichment
Vulnrichment
•added 2026/06/29 2:4 p.m.•10 views

CVE-2026-55607 Claude Code: Sandbox Escape via Git Worktree Path Confusion Allows Unsandboxed Code Execution

Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks. By exploiting symlink manipulation and git fsmonitor...

7.7CVSS6.3AI score0.00765EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/29 2:3 p.m.•18 views

CVE-2026-46406 Claude Code: Insecure Temporary File in /copy Command Enables Response Disclosure and Symlink-Based File Write

Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The file was created world-readable 0644 in a world-traversable...

4.4CVSS5.9AI score0.00149EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/29 2:0 p.m.•9 views

CVE-2026-13573 llvm llvm-project ValueSymbolTable ValueSymbolTable.cpp insert stack-based overflow

A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of the component ValueSymbolTable Module. The manipulation results in stack-based buffer overflow. Attacking locally is a requirement. The...

4.8CVSS6AI score0.00124EPSS
Exploits0References7
Vulnrichment
Vulnrichment
•added 2026/06/29 1:47 p.m.•7 views

CVE-2026-56124 phpUploader < 2.0.2 Unauthenticated Database Exposure via index model

phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to access the full contents of the uploaded-files database table by visiting any page of the application. The index model executes an unbounded SELECT query and embeds the comple...

8.7CVSS5.8AI score0.00365EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 2026/06/29 1:45 p.m.•5 views

CVE-2026-13572 itsourcecode Hospital Management System insertbillingrecord.php sql injection

A vulnerability has been found in itsourcecode Hospital Management System 1.0. The impacted element is an unknown function of the file /insertbillingrecord.php. The manipulation of the argument patientid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
Vulnrichment
Vulnrichment
•added 2026/06/29 1:36 p.m.•5 views

CVE-2026-57341 WordPress Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin <= 2.9.0 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in Colissimo Officiel : Méthodes de livraison pour WooCommerce = 2.9.0 versions...

6.5CVSS5.8AI score0.00258EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/29 1:36 p.m.•9 views

CVE-2026-57340 WordPress Japanized For WooCommerce plugin <= 2.9.12 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Japanized For WooCommerce = 2.9.12 versions...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/29 1:36 p.m.•9 views

CVE-2026-57339 WordPress Business Directory plugin <= 6.4.23 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Business Directory = 6.4.23 versions...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/29 1:36 p.m.•8 views

CVE-2026-57338 WordPress ARForms plugin <= 7.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in ARForms = 7.1.2 versions...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/29 1:36 p.m.•10 views

CVE-2026-57337 WordPress Landing Page Builder plugin <= 1.5.3.5 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Landing Page Builder = 1.5.3.5 versions...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/29 1:36 p.m.•9 views

CVE-2026-57336 WordPress Jobify theme <= 4.3.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Jobify = 4.3.2 versions...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/29 1:36 p.m.•6 views

CVE-2026-57335 WordPress Ads by WPQuads plugin <= 3.0.3 - Broken Access Control vulnerability

Subscriber Broken Access Control in Ads by WPQuads = 3.0.3 versions...

6.5CVSS5.8AI score0.00229EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/29 1:36 p.m.•12 views

CVE-2026-57334 WordPress WP User Frontend plugin <= 4.3.7 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WP User Frontend = 4.3.7 versions...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/29 1:36 p.m.•11 views

CVE-2026-57333 WordPress Link Whisper Free plugin <= 0.9.4 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Link Whisper Free = 0.9.4 versions...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/29 1:36 p.m.•9 views

CVE-2026-57332 WordPress Wallet System for WooCommerce plugin <= 2.7.6 - Broken Access Control vulnerability

Subscriber Broken Access Control in Wallet System for WooCommerce = 2.7.6 versions...

7.1CVSS5.8AI score0.00256EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/29 1:36 p.m.•11 views

CVE-2026-57330 WordPress MasterStudy LMS plugin <= 3.7.27 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in MasterStudy LMS = 3.7.27 versions...

6.5CVSS5.8AI score0.00171EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/29 1:36 p.m.•21 views

CVE-2026-57331 WordPress Paid Videochat Turnkey Site plugin <= 7.4.8 - Arbitrary File Deletion vulnerability

Performer Arbitrary File Deletion in Paid Videochat Turnkey Site = 7.4.8 versions...

9.9CVSS5.8AI score0.00344EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/29 1:36 p.m.•6 views

CVE-2026-57329 WordPress WooCommerce Designer Pro plugin <= 1.9.34 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in WooCommerce Designer Pro = 1.9.34 versions...

6.5CVSS5.8AI score0.00211EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/29 1:36 p.m.•9 views

CVE-2026-57327 WordPress MainWP plugin <= 6.1.1 - Broken Access Control vulnerability

Subscriber Broken Access Control in MainWP = 6.1.1 versions...

6.3CVSS5.8AI score0.00249EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/29 1:36 p.m.•8 views

CVE-2026-57328 WordPress Business Directory plugin <= 6.4.22 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

6.5CVSS5.8AI score0.00211EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/29 1:36 p.m.•11 views

CVE-2026-57326 WordPress Business Directory plugin <= 6.4.22 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

6.1CVSS5.8AI score0.00181EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/29 1:36 p.m.•15 views

CVE-2026-57320 WordPress BEAR plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in BEAR = 1.1.8 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/29 1:30 p.m.•10 views

CVE-2026-13571 SourceCodester Simple Food Ordering System cart.php logic error

A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument itemprice can lead to business logic errors. The attack may be performed from remote. The exploit has been published...

6.9CVSS5.7AI score0.00383EPSS
Exploits0References6
Vulnrichment
Vulnrichment
•added 2026/06/29 1:22 p.m.•14 views

CVE-2026-13676 fast-uri vulnerable to host confusion via failed IDN canonicalization

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS5.8AI score0.00274EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/29 1:21 p.m.•12 views

CVE-2026-11979 Stack-Based Buffer Overflow in libxml2

libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when running in --shell mode. The usershell function processes user input using fixed-size stack buffers without proper bounds checking. By supplying an overly long input line, an attacker can overflow intern...

1.8CVSS6.7AI score0.00148EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/29 1:18 p.m.•11 views

CVE-2026-56457 HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information

HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information vulnerability in output logs. This exposure could allow an attacker with access to the logs to potentially obtain sensitive values related to that step...

4.3CVSS5.8AI score0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/29 1:15 p.m.•14 views

CVE-2026-13570 SourceCodester Inventory Management System User Registration Endpoint users_handler.php cross site scripting

A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unknown function of the file /api/usershandler.php of the component User Registration Endpoint. Performing a manipulation of the argument fullname results in cross site scripting. The attack is possible...

5.1CVSS4.4AI score0.00191EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2026/06/29 1:0 p.m.•11 views

CVE-2026-13569 weng-xianhu EyouCMS API index.php sql injection

A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects some unknown processing of the file /index.php of the component API. Such manipulation of the argument clicklike leads to sql injection. The attack can be executed remotely. The exploit has been...

5.8CVSS5.6AI score0.0021EPSS
Exploits0References7
Vulnrichment
Vulnrichment
•added 2026/06/29 12:45 p.m.•7 views

CVE-2026-13568 SourceCodester Inventory Management System User Registration Endpoint users_handler.php access control

A weakness has been identified in SourceCodester Inventory Management System 1.0. This vulnerability affects unknown code of the file /api/usershandler.php of the component User Registration Endpoint. This manipulation of the argument role causes improper access controls. Remote exploitation of t...

7.5CVSS6.8AI score0.00278EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2026/06/29 12:39 p.m.•6 views

CVE-2026-54371 attr < 2.6.0 Symlink Traversal Privilege Escalation via getfattr/setfattr

attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component ca...

8.4CVSS5.9AI score0.00136EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/29 12:38 p.m.•10 views

CVE-2026-54370 acl < 2.4.0 TOCTOU Symlink Traversal via getfacl/setfacl/chacl

acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...

7.2CVSS5.9AI score0.00091EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/29 12:37 p.m.•11 views

CVE-2026-54369 acl < 2.4.0 Symlink Traversal Privilege Escalation via libacl Functions

acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions aclgetfile, aclsetfile, aclextendedfile, and acldeletedeffile that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who contr...

8.4CVSS5.9AI score0.00142EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/29 12:33 p.m.•13 views

CVE-2026-12856 Vscode-java: vscode: command injection vulnerability in the javadoc hover provider of the vscode-java extension

A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDo...

8.8CVSS6.1AI score0.00292EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 2026/06/29 12:30 p.m.•6 views

CVE-2026-40521 FrontAccounting < 2.4.20 Path Traversal RCE via attachment upload

FrontAccounting before 2.4.20 contains a path traversal vulnerability in the attachment upload handler that allows authenticated attackers to execute arbitrary code by uploading files with traversal sequences in the uniquename parameter. Attackers can supply path traversal sequences...

8.8CVSS6.6AI score0.00627EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 2026/06/29 12:30 p.m.•8 views

CVE-2026-13567 code-projects Online Music Site POST Request Feedback.php cross site scripting

A security flaw has been discovered in code-projects Online Music Site 1.0. This affects an unknown part of the file /Frontend/Feedback.php of the component POST Request Handler. The manipulation of the argument fname/femail/faddress/fmessage results in cross site scripting. The attack may be...

5.3CVSS4.4AI score0.00273EPSS
Exploits0References6
Vulnrichment
Vulnrichment
•added 2026/06/29 12:29 p.m.•9 views

CVE-2026-40522 FrontAccounting < 2.4.20 SQL Injection via rep601.php

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM0 POST parameter. Attackers can supply malicious SQL syntax through the...

7.1CVSS6AI score0.00148EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 2026/06/29 12:29 p.m.•9 views

CVE-2026-40523 FrontAccounting < 2.4.20 SQL Injection via reporting/rep710.php

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Audit Trail report handler that allows authenticated attackers with SAGLANALYTIC permission to execute arbitrary SQL queries by injecting malicious code into the PARAM2 and PARAM3 POST parameters. Attackers can exploit...

8.1CVSS6.1AI score0.00276EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 2026/06/29 12:27 p.m.•5 views

CVE-2026-40524 FrontAccounting < 2.4.20 SQL Injection via get_gl_transactions()

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the getgltransactions function where the filtertype parameter is concatenated directly into a SQL IN clause without parameterization. Attackers with SAGLANALYTIC permission can inject arbitrary SQL by supplying a closing...

8.1CVSS6AI score0.00276EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 2026/06/29 12:15 p.m.•5 views

CVE-2026-13566 SourceCodester Class and Exam Timetabling System preview3.php sql injection

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /preview3.php. The manipulation of the argument courseyearsection leads to sql injection. The attack may be initiated remotely. The exploit is...

7.5CVSS7AI score0.00263EPSS
Exploits0References6
Vulnrichment
Vulnrichment
•added 2026/06/29 12:0 p.m.•9 views

CVE-2026-13565 SourceCodester Class and Exam Timetabling System edit_class1.php sql injection

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/1.php. Affected by this vulnerability is an unknown functionality of the file /editclass1.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The...

7.5CVSS7AI score0.00263EPSS
Exploits0References6
Total number of security vulnerabilities161693