Lucene search
K
VulnrichmentRecent

161699 matches found

Vulnrichment
Vulnrichment
added 2026/06/25 1:12 p.m.5 views

CVE-2026-54844 WordPress CheckView Automated Testing plugin <= 2.1.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in CheckView Automated Testing = 2.1.0 versions...

7.5CVSS5.8AI score0.00238EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 1:12 p.m.5 views

CVE-2026-54841 WordPress Vitepos plugin <= 3.4.2 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Vitepos = 3.4.2 versions...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 1:12 p.m.6 views

CVE-2026-54843 WordPress MDTF plugin <= 1.3.7 - SQL Injection vulnerability

Unauthenticated SQL Injection in MDTF = 1.3.7 versions...

9.3CVSS5.9AI score0.00229EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 1:12 p.m.5 views

CVE-2026-54838 WordPress WC Vendors Marketplace plugin <= 2.6.8 - SQL Injection vulnerability

Subscriber SQL Injection in WC Vendors Marketplace = 2.6.8 versions...

8.5CVSS5.9AI score0.0027EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 1:12 p.m.6 views

CVE-2026-54830 WordPress Five Star Restaurant Reservations plugin <= 2.7.19 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Five Star Restaurant Reservations = 2.7.19 versions...

7.5CVSS5.8AI score0.00238EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 1:12 p.m.7 views

CVE-2026-54828 WordPress Motors plugin <= 1.4.109 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Motors = 1.4.109 versions...

7.5CVSS5.8AI score0.00238EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 1:12 p.m.9 views

CVE-2026-54823 WordPress Widget Options plugin <= 4.2.3 - Remote Code Execution (RCE) vulnerability

Contributor Remote Code Execution RCE in Widget Options = 4.2.3 versions...

9.9CVSS5.9AI score0.00426EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 1:12 p.m.9 views

CVE-2026-54821 WordPress Visual Link Preview plugin <= 2.3.1 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in Visual Link Preview = 2.3.1 versions...

7.4CVSS5.8AI score0.00264EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 1:12 p.m.8 views

CVE-2026-54822 WordPress SALESmanago & Leadoo plugin <= 3.11.2 - SQL Injection vulnerability

Subscriber SQL Injection in SALESmanago & Leadoo = 3.11.2 versions...

8.5CVSS5.9AI score0.0027EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 1:12 p.m.6 views

CVE-2026-27366 WordPress MainWP Child plugin <= 6.1.1 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in MainWP Child = 6.1.1 versions...

7.5CVSS5.8AI score0.00223EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 1:12 p.m.15 views

CVE-2026-57619 WordPress Elementor Website Builder plugin <= 4.1.3 - Sensitive Data Exposure vulnerability

Contributor Sensitive Data Exposure in Elementor Website Builder = 4.1.3 versions...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 1:1 p.m.6 views

CVE-2026-52690 Spoofed answers can mark an authoritative non-EDNS capable

Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server to fail...

5.9CVSS5.8AI score0.00352EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 1:1 p.m.5 views

CVE-2026-42390 ZONEMD validation can be bypassed

An invalid zone might pass ZONEMD validation while it should not. This is only relevant if ZoneToCache is configured with ZONEMD validation...

5.3CVSS5.8AI score0.00213EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 12:59 p.m.5 views

CVE-2026-42388 Missing input validation for catalog zones

Incomplete validation of the SOA record present in a catalog zone might lead to a crash...

5.9CVSS5.8AI score0.004EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 12:59 p.m.6 views

CVE-2026-42387 Insufficient input validation in ZoneToCache

A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to a crash of the Recursor due to insuffcient input validation...

5.9CVSS5.8AI score0.004EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 12:58 p.m.7 views

CVE-2026-40012 Information about ECS zero scoped answers might leak to clients that use a specific ECS

ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;...

5.3CVSS5.9AI score0.00305EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 12:58 p.m.5 views

CVE-2026-33612 ZoneToCache can poison the cache

A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to cache poisoning...

7.5CVSS5.8AI score0.00119EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 12:24 p.m.9 views

CVE-2026-42004 EDNS options smuggling

An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS options that DNSdist did not filter...

3.7CVSS5.9AI score0.00162EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 12:23 p.m.6 views

CVE-2026-40211 Denial of service via crafted DoH3 queries

An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at the end of the QUIC connection, but on some setups it might be possible to open enough concurrent DoH3 streams to trigger an out-of-memo...

5.3CVSS6.1AI score0.00413EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 12:23 p.m.7 views

CVE-2026-40210 Out-of-bounds read in SetMacAddrAction

An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitialized memory being sent over the network or a crash...

4.8CVSS5.9AI score0.00336EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 12:23 p.m.8 views

CVE-2026-40209 Denial of service via IXFR queries

An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of being released immediately, by sending IXFR queries. This could be used to cause a denial of service if there is a limit to the number of concurrent connections to this backend, or...

5.3CVSS5.8AI score0.00404EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 12:22 p.m.6 views

CVE-2026-40208 Denial of service via DoH3 queries

An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame...

3.7CVSS5.9AI score0.00285EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 12:22 p.m.6 views

CVE-2026-40011 Prometheus denial of service via crafted DNS queries

An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires...

3.7CVSS5.8AI score0.00158EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 11:57 a.m.7 views

CVE-2026-42005 Insufficient input validation of internal web server

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

4.3CVSS5.9AI score0.00479EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 8:45 a.m.5 views

CVE-2026-56091 Apache Shiro: Authentication bypass in Guice-Web integration

When using Apache Shiro with the shiro-guice module in a web servlet context, a specially crafted HTTP request may cause an authentication bypass. This vulnerability is similar to https://vulners.com/cve/CVE-2020-1957 https://www.cve.org/CVERecord , except that it affects the shiro-guice module...

8.2CVSS5.9AI score0.00422EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 8:44 a.m.5 views

CVE-2026-56130 Apache Shiro: Remember-me cookie isn't checked for expiry on the server

"Remember me" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie and reuse it indefinitely, even after the configured expiration time has passed. This issue affects all Apache Shiro versions from 1.2.4 through 2.x, and 3.0.0-alpha-1, only whe...

2CVSS5.9AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 8:4 a.m.6 views

CVE-2026-41566 Apache Kvrocks: Improper permission for the APPLYBATCH command

Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: 2.8.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue...

9.4CVSS5.8AI score0.00293EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 8:1 a.m.6 views

CVE-2026-45188 Apache Kvrocks: Replication Fullsync Path Traversal via Unvalidated Filename Handling

Relative Path Traversal vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue...

2.4CVSS5.8AI score0.00155EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 8:1 a.m.5 views

CVE-2026-46751 Apache Kvrocks: Does not remove the unsafe loadstring function from its Lua sandbox, allowing a user who can run EVAL scripts to load crafted, unvalidated bytecode that crashes the server process, resulting in a remote denial of service.

A vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.2.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue...

5.5CVSS5.8AI score0.00324EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 8:0 a.m.12 views

CVE-2026-46752 Apache Kvrocks: Stack buffer overflow in Lua bit.tohex()

Redis Lua HEAP overflow in cjson library vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.0.4 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue...

10CVSS5.9AI score0.00395EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 7:59 a.m.5 views

CVE-2026-54226 Apache Kvrocks: RESTORE IntSet Integer Overflow Leads to Remote DoS

A vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.6.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue...

6.4CVSS5.8AI score0.00349EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 7:3 a.m.7 views

CVE-2026-56129

Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control. A logged-in user with no administrative privilege may access physical memory...

6.8CVSS5.8AI score0.00121EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/25 6:51 a.m.6 views

CVE-2026-12937 Tourfic <= 2.22.7 - Unauthenticated SQL Injection via 'post_id' Parameter

The Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'postid' parameter in all versions up to, and including, 2.22.7 due to insufficient escaping on the user supplied parameter and lack of sufficie...

7.5CVSS6AI score0.00304EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/25 6:0 a.m.6 views

CVE-2026-5305 Email Address Encoder (Free < 1.0.25, Premium < 0.3.12) - Unauthenticated Stored XSS

The Email Address Encoder WordPress plugin before 1.0.25, email-encoder-premium WordPress plugin before 0.3.12 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks...

5.8AI score0.00301EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 6:0 a.m.6 views

CVE-2026-9702 InPost PL < 1.9.1 - Unauthenticated WooCommerce Order Parcel-Locker Hijacking

The InPost PL WordPress plugin before 1.9.1 does not verify that the request originates from the legitimate buyer before allowing the WooCommerce order parcel-locker destination to be updated, allowing unauthenticated attackers to silently redirect the shipping destination of any pending or...

5.9AI score0.00208EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 6:0 a.m.7 views

CVE-2026-10824 Masteriyo LMS < 2.2.1 - Unauthenticated Course Progress Disclosure and Deletion

The Masteriyo LMS WordPress plugin before 2.2.1 does not perform authorization checks in a course-progress REST API controller, allowing unauthenticated users to read and permanently delete any user's course-progress records...

5.8AI score0.00164EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 5:24 a.m.6 views

CVE-2026-12490 Bypass of client certificate verification with transfer over TLS

When a provide-xfr is given with a tls-auth-name, a secondary requesting a transfer should provide a client certificate with that name. However, no client certificate is needed when the request comes in over TLS over the regular tls-port and not the tls-auth-port or over over TCP over the regular...

8.2CVSS5.8AI score0.00139EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 5:24 a.m.7 views

CVE-2026-12246 Out of bounds stack write with crafted APL RR

NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes...

7.2CVSS5.9AI score0.00265EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 5:24 a.m.5 views

CVE-2026-12245 Denial of DNS over TLS service by any DoT client

NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response...

8.7CVSS5.8AI score0.00274EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 5:24 a.m.6 views

CVE-2026-12244 Heap overflow and crash with crafted SVCB RR

If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted SVCB RR with an rdata size of 65512, that let's an uint16t variable that is used to allocate space needed for the RR wrap because total size 65535,...

8.7CVSS5.9AI score0.00303EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 5:3 a.m.5 views

CVE-2026-10086 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary client-side code in the context of...

8.7CVSS6.2AI score0.00231EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/25 4:48 a.m.5 views

CVE-2026-13311 shell-quote parse() is quadratic in token count, enabling denial of service

shell-quote prior to 1.8.5 finalizes parsed tokens in parse using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a result parse runs in On^2 time relative to the number of input tokens. An attacker who can supply an...

8.7CVSS6.3AI score0.0036EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/25 4:35 a.m.8 views

CVE-2026-0934 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 17.9 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with custom role permissions to view, create, or delete protected environment configuratio...

3.8CVSS5.9AI score0.00201EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/25 4:34 a.m.5 views

CVE-2026-1606 Improper Control of Generation of Code ('Code Injection') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.8 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to conceal content within a Snippet due to improper input validation...

4.3CVSS5.9AI score0.00223EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/25 4:34 a.m.5 views

CVE-2026-2238 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an unauthenticated user to view confidential issue references on public projects due to improper authorizatio...

5.3CVSS5.9AI score0.00275EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/25 4:34 a.m.6 views

CVE-2026-3176 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with limited permissions to access project information due to insufficient authorization...

3.1CVSS5.9AI score0.00182EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/25 4:34 a.m.6 views

CVE-2026-5309 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to read or modify another group's virtual registry cleanup policy settings without...

5.4CVSS5.9AI score0.00171EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/25 4:34 a.m.5 views

CVE-2026-5796 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with Reporter-level group permissions to view package metadata from projects with the...

4.3CVSS5.9AI score0.00193EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/25 4:34 a.m.5 views

CVE-2026-5952 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to bypass package protection rules and overwrite...

4.3CVSS5.9AI score0.00195EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/25 4:34 a.m.4 views

CVE-2026-8330 Insertion of Sensitive Information into Log File in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed sensitive information to be written to application logs due to insufficient filtering in a CI/CD API endpoint...

4.4CVSS5.8AI score0.0013EPSS
Exploits0References2
Total number of security vulnerabilities161699