Lucene search
K
VulnrichmentRecent

161701 matches found

Vulnrichment
Vulnrichment
•added 2026/06/25 4:34 a.m.•5 views

CVE-2026-5952 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to bypass package protection rules and overwrite...

4.3CVSS5.9AI score0.00195EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/25 4:34 a.m.•4 views

CVE-2026-8330 Insertion of Sensitive Information into Log File in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed sensitive information to be written to application logs due to insufficient filtering in a CI/CD API endpoint...

4.4CVSS5.8AI score0.0013EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/25 4:33 a.m.•6 views

CVE-2026-10712 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path...

8CVSS6.1AI score0.00222EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/25 4:33 a.m.•6 views

CVE-2026-11379 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 prior to 18.11.6, 19.0 prior to 19.0.3, and 19.1 prior to 19.1.1 in which incorrect authorization in DAST site profile management could allow a user with Developer role to exfiltrate DAST site profile secrets under...

5.3CVSS5.8AI score0.00188EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/25 4:33 a.m.•7 views

CVE-2026-12053 Insertion of Sensitive Information into Log File in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 19.1 before 19.1.1 that under certain conditions could have allowed a user to access sensitive information that had already been committed to a project, due to insufficient output filtering in Duo Workflows...

8.6CVSS5.8AI score0.00328EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/25 4:33 a.m.•6 views

CVE-2026-12635 Reliance on Reverse DNS Resolution for a Security-Critical Action in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to make requests to internal network resources through...

5.9AI score0.00161EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/25 3:42 a.m.•8 views

CVE-2026-2508 Gravity Forms Booking <= 2.7.1 - Authenticated (Subscriber+) Time-Based SQL Injection via 'staff_id'

The Gravity Forms Booking plugin for WordPress is vulnerable to time-based SQL Injection via the ‘staffid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS6AI score0.00241EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/25 3:42 a.m.•9 views

CVE-2026-12077 Dokan Pro <= 5.0.4 - Unauthenticated SQL Injection via 'latitude' and 'longitude' Parameters

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.5CVSS5.8AI score0.00273EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/25 3:42 a.m.•7 views

CVE-2026-10833 Gutenberg Essential Blocks - Page Builder for Gutenberg Blocks & Patterns <= 6.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'configurablePrefix' Block Attribute

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'configurablePrefix' Block Attribute in all versions up to, and including, 6.1.4 due to insufficient input sanitization and output escaping. This...

6.4CVSS6AI score0.00193EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 2026/06/25 3:42 a.m.•7 views

CVE-2026-12079 Dokan Pro <= 5.0.4 - Authenticated (Subscriber+) SQL Injection via 'orderby' Parameter

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ’orderby’ parameter in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS6AI score0.00224EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/25 1:56 a.m.•8 views

CVE-2026-8658 OS Command Injection in Rapid7 InsightConnect Tcpdump Plugin

OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters due to insufficient input sanitization in shell command construction...

6CVSS6.2AI score0.00833EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 1:51 a.m.•7 views

CVE-2026-8662 Path Traversal in Rapid7 InsightConnect Compression Plugin

Path Traversal vulnerability in the createarchive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker...

3.3CVSS5.9AI score0.00216EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 1:35 a.m.•8 views

CVE-2026-8666 OS Command Injection in Rapid7 InsightConnect Traceroute Plugin

OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, maxttl, count, or timeout request parameters due to insufficient input validation when constructing shell...

7.7CVSS6.3AI score0.00675EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 1:32 a.m.•6 views

CVE-2026-8592 OS Command Injection in Rapid7 InsightConnect AWK Plugin

OS Command Injection vulnerability in the processstring action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command construction in the processing pipeline...

7.7CVSS6.3AI score0.00675EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 1:28 a.m.•24 views

CVE-2026-8664 OS Command Injection in Rapid7 InsightConnect Finger Plugin

OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the user or host parameters due to insufficient input validation in shell command construction...

6CVSS6.2AI score0.00833EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 1:12 a.m.•6 views

CVE-2026-8665 OS Command Injection in Rapid7 InsightConnect Translate Plugin

OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction...

7.7CVSS6.3AI score0.00675EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 12:52 a.m.•7 views

CVE-2026-8660 OS Command Injection in Rapid7 InsightConnect Ping Plugin

OS Command Injection vulnerability in the ping action of Rapid7 InsightConnect Ping Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host parameter due to insufficient input validation when constructing shell commands...

7.7CVSS6.3AI score0.00675EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 12:33 a.m.•7 views

CVE-2026-57589

sys/kern/sysvsem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in syssemget...

7.4CVSS5.8AI score0.00116EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/25 12:33 a.m.•8 views

CVE-2026-9153 Arbitrary File Read in Rapid7 InsightConnect Sed Plugin

Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation...

6.5CVSS6AI score0.00308EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 12:29 a.m.•7 views

CVE-2026-9154 Arbitrary File Write in Rapid7 InsightConnect Sed Plugin

Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to write attacker-controlled content to arbitrary file paths via the expression parameter...

7.1CVSS6AI score0.00275EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 12:25 a.m.•8 views

CVE-2026-9155 OS Command Injection in Rapid7 InsightConnect Sed Plugin via expression parameter.

OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation...

8.8CVSS6.2AI score0.00916EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 12:7 a.m.•21 views

CVE-2026-8659 OS Command Injection in Rapid7 InsightConnect SQLmap Plugin

OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the apihost or apiport parameters during connection configuration due to insufficient input validation...

6CVSS6.2AI score0.00833EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 12:0 a.m.•5 views

CVE-2026-37454

Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the 3DES-ECB encryption...

5.8AI score0.00262EPSS
Exploits1References2
Vulnrichment
Vulnrichment
•added 2026/06/25 12:0 a.m.•6 views

CVE-2026-38637

An issue in the pthreadrwlockattrsetpshared function of relibc commit 61f42d allows attackers to cause a Denial of Service DoS via a crafted input...

5.8AI score0.00446EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 2026/06/25 12:0 a.m.•5 views

CVE-2026-37452

Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSIAPService.exe component...

5.8AI score0.00398EPSS
Exploits1References2
Vulnrichment
Vulnrichment
•added 2026/06/25 12:0 a.m.•4 views

CVE-2026-37149

GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN v1.0 was discovered to contain a SQL injection vulnerability in the scost parameter in /grocery/searchproducts.php. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...

5.8AI score0.00215EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/25 12:0 a.m.•9 views

CVE-2025-60465

A use-after-free in the gffilterpidinstswap function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted media file...

5.8AI score0.00135EPSS
Exploits1References5
Vulnrichment
Vulnrichment
•added 2026/06/25 12:0 a.m.•6 views

CVE-2025-60464

A use-after-free in the gfseiloadfromstateinternal function /filters/seiload.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted MPEG-2 TS file...

5.8AI score0.00144EPSS
Exploits1References5
Vulnrichment
Vulnrichment
•added 2026/06/25 12:0 a.m.•7 views

CVE-2026-38640

A reachable unwrap in the assertfail function /assert/mod.rs of relibc commit 61f42d allows attackers to cause a Denial of Service DoS via a crafted string...

5.8AI score0.00446EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 2026/06/25 12:0 a.m.•6 views

CVE-2026-37453

Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSISERVICE2 pipe...

5.8AI score0.00398EPSS
Exploits1References2
Vulnrichment
Vulnrichment
•added 2026/06/24 11:56 p.m.•8 views

CVE-2026-8663 OS Command Injection in Rapid7 InsightConnect RPM Plugin

OS Command Injection vulnerability in Rapid7 InsightConnect RPM Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the repo, key, or name parameters due to insufficient input sanitization in shell command construction...

6CVSS6.2AI score0.00833EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/24 11:26 p.m.•5 views

CVE-2026-40079 Cacti: Command Injection via escape_command() no-op in RRDtool execution

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escapecommand function. The escapecommand function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built ...

8.6CVSS5.8AI score0.01113EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/24 11:15 p.m.•5 views

CVE-2026-7569 Quest NetVault Backup viewclient Cross-Site Scripting Authentication Bypass Vulnerability

Quest NetVault Backup viewclient Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that the target must vis...

8.8CVSS6.8AI score0.0067EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/24 11:15 p.m.•12 views

CVE-2026-9787 Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerability

Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS7.8AI score0.01373EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/24 11:15 p.m.•6 views

CVE-2026-9786 Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability

Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS7.8AI score0.00689EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/24 11:14 p.m.•6 views

CVE-2026-9785 Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerability

Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS7.8AI score0.00689EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/24 11:14 p.m.•10 views

CVE-2026-9784 Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability

Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS7.8AI score0.00689EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/24 11:14 p.m.•4 views

CVE-2026-39951 Cacti: Stored SQL Injection via graph_name_regexp in Reports feature

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graphnameregexp in the Reports feature. This issue has been fixed in version 1.2.31...

7.6CVSS5.8AI score0.00221EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/24 11:14 p.m.•6 views

CVE-2026-9783 Quest NetVault Backup NVBURemovableMedia SQL Injection Remote Code Execution Vulnerability

Quest NetVault Backup NVBURemovableMedia SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS7.8AI score0.00689EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/24 11:14 p.m.•5 views

CVE-2026-9782 Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability

Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS7.8AI score0.00689EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/24 11:14 p.m.•5 views

CVE-2026-9781 Quest NetVault Backup NVBURASDevice SQL Injection Remote Code Execution Vulnerability

Quest NetVault Backup NVBURASDevice SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS7.8AI score0.00689EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/24 11:13 p.m.•7 views

CVE-2026-9780 Quest NetVault Backup addclient3 Cross-Site Scripting Authentication Bypass Vulnerability

Quest NetVault Backup addclient3 Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that the target must vis...

8.8CVSS6.8AI score0.0067EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/24 11:13 p.m.•5 views

CVE-2026-7570 Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability

Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS7.8AI score0.00689EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/24 11:6 p.m.•6 views

CVE-2026-39948 Cacti has SQL Injection via rfilter parameter in RLIKE clauses

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv rather than gfrv with FILTERVALIDATEISREGEX validation and concatenated directly into RLIKE SQL clauses in lib/htmlgraph.php and...

9.3CVSS5.9AI score0.00456EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/24 10:49 p.m.•6 views

CVE-2026-39955 Cacti has Pre-Authentication SQL Injection via unanchored FILTER_VALIDATE_REGEXP in graph_view.php

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTERVALIDATEREGEXP in graphview.php. This issue has been fixed in version 1.2.31...

9.8CVSS5.9AI score0.00315EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/24 10:41 p.m.•5 views

CVE-2026-39938 Cacti: Unauthenticated RCE on Graph Image

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graphtheme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31...

9.8CVSS5.7AI score0.00436EPSS
Exploits1References2
Vulnrichment
Vulnrichment
•added 2026/06/24 10:37 p.m.•8 views

CVE-2026-39900 Cacti: Reflected XSS via tab parameter in auth_profile.php JavaScript context

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the authprofile.php JavaScript context. This issue has been fixed in version 1.2.31...

5.3CVSS5.7AI score0.00155EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/24 10:33 p.m.•7 views

CVE-2026-39899 Cacti: Path Traversal via filename parameter in package_import.php

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal via filename parameter in packageimport.php. This issue has been fixed in version 1.2.31...

6.9CVSS5.7AI score0.00261EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/24 10:0 p.m.•7 views

CVE-2026-39897 Cacti has a Reflected XSS Vulnerability via html_auth_footer

Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the htmlauthfooter. This issue has been fixed in version 1.2.31...

5.3CVSS5.7AI score0.00155EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/24 9:55 p.m.•4 views

CVE-2026-39894 Cacti: RRDtool metric shift via LC_NUMERIC locale comma decimal formatting

Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...

2.9CVSS5.7AI score0.00104EPSS
Exploits0References3
Total number of security vulnerabilities161701