Lucene search
K

368547 matches found

CVE
CVE
added 2 days ago10 views

CVE-2026-4321

CVE-2026-4321 describes a SQL injection in Raera’s Destekz product (Destekz: through 02062026). Root cause: improper neutralization of special elements used in SQL commands. Impacted properties include confidentiality, integrity, and availability (CVSS 3.1 base score 9.8). Exploitation details fr...

9.8CVSS6AI score0.00266EPSS
Exploits0References1
CVE
CVE
added 2 days ago13 views

CVE-2026-35159

Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure. Affects Dell Client Platform BIOS; root cause and remediation details ar...

5.3CVSS6AI score0.0016EPSS
Exploits0References1
CVE
CVE
added 2 days ago11 views

CVE-2026-11398

The CVE concerns LatePoint for WordPress, affecting all versions up to 5.6.1. It allows unauthenticated users to bypass authorization and modify PII (first name, last name, phone, notes) of any customer record by submitting a booking form with a known email when guest bookings are enabled (is_cus...

5.3CVSS6AI score0.00338EPSS
Exploits0References10
CVE
CVE
added 2 days ago9 views

CVE-2026-9756

CVE-2026-9756 (GenerateBlocks for WordPress) : The WordPress GenerateBlocks plugin is vulnerable to a Stored Cross-Site Scripting (XSS) via the Headline Block’s dynamic link attribute (linkMetaFieldType) in all versions up to 2.2.1. Root cause: insufficient input sanitization and output escaping ...

6.4CVSS6.1AI score0.00215EPSS
Exploits0References8
CVE
CVE
added 2 days ago9 views

CVE-2026-4804

The Zakra WordPress theme (

6.4CVSS6.1AI score0.00187EPSS
Exploits0References2
CVE
CVE
added 2 days ago9 views

CVE-2026-11900

The CVE-2026-11900 entry concerns the WordPress plugin Ad Inserter – Ad Manager & AdSense Ads up to version 2.8.16. It is vulnerable to an Insecure Direct Object Reference via the shortcodes’ data attribute. The replace_ai_tags() function processes a {reusable-block-N} pattern by calling get_post...

4.3CVSS6AI score0.00273EPSS
Exploits0References10
CVE
CVE
added 2 days ago11 views

CVE-2026-11778

The CVE-2026-11778 entry concerns the CURCY – Multi Currency for WooCommerce plugin for WordPress (Smoothly on WooCommerce) up to version 2.2.14. The root cause is that the plugin executes actions without proper validation of a value before running do_shortcode, enabling unauthenticated attackers...

5.4CVSS6.3AI score0.00255EPSS
Exploits0References4
CVE
CVE
added 2 days ago14 views

CVE-2026-47896

The CVE-2026-47896 entry concerns Apache Lucene.Net.Replicator. Affected versions are 4.8.0-beta00005 through 4.8.0-beta00017, with a fix in 4.8.0-beta00018. The root cause is an improper limitation of a pathname to a restricted directory, i.e., a path traversal vulnerability. The CVE record on C...

8.9CVSS5.9AI score0.00479EPSS
Exploits0References2
CVE
CVE
added 2 days ago14 views

CVE-2026-47897

CVE-2026-47897 is a path traversal vulnerability in Apache Lucene.Net.Replicator. Affected: Lucene.Net.Replicator library (versions from 4.8.0-beta00005 up to, but before, 4.8.0-beta00018). Root cause: improper limitation of a pathname to a restricted directory, enabling potential access to restr...

8.9CVSS5.9AI score0.00385EPSS
Exploits0References2
CVE
CVE
added 2 days ago12 views

CVE-2026-47898

CVE-2026-47898 is an XXE vulnerability in Apache Lucene.Net, specifically in the Lucene.Net.Analysis.Common library. Affected versions are 4.8.0-beta00005 up to before 4.8.0-beta00018. The root cause is improper restriction of XML External Entity references. Successful exploitation could arise fr...

4CVSS5.9AI score0.00134EPSS
Exploits0References2
CVE
CVE
added 2 days ago14 views

CVE-2026-8804

The CVE concerns Puppet’s resource_api (bundled with Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x). A vulnerability exists where the sensitive flag on parameters defined via the resource-api is not preserved, causing values such as passwords to be stored in cleartext in the agent’s l...

6.7CVSS5.9AI score0.00082EPSS
Exploits0References1
CVE
CVE
added 2 days ago20 views

CVE-2026-14544

CVE-2026-14544 concerns HPLIP (HP Linux Imaging and Printing Software) with an integer overflow in the hpcups processing path when handling specially crafted print data. This is described as an incomplete fix for CVE-2026-8631. The vulnerability may allow a remote attacker to escalate privileges ...

9.8CVSS6.2AI score0.00511EPSS
Exploits0References2
CVE
CVE
added 2 days ago9 views

CVE-2026-9148

The Comments – wpDiscuz plugin for WordPress (affected: versions up to 7.6.56) is vulnerable to Stored XSS via the guest commenter field Website. The root cause is insufficient output escaping in getCommentAuthor(), which interpolates the stored comment_author_url directly into single-quoted HTML...

7.2CVSS6.1AI score0.00305EPSS
Exploits0References11
CVE
CVE
added 2 days ago7 views

CVE-2026-9230

The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress

4.3CVSS6AI score0.00312EPSS
Exploits0References14
CVE
CVE
added 2 days ago9 views

CVE-2026-8351

CVE-2026-8351 concerns the RTMKit plugin for WordPress, vulnerable up to version 2.0.7. The flaw is a Stored Cross-Site Scripting in the Advanced Heading widget via the 'Background Text' parameter. The render() function concatenates the value directly into an HTML attribute without applying esc_a...

6.4CVSS6.1AI score0.00245EPSS
Exploits0References9
CVE
CVE
added 2 days ago11 views

CVE-2026-51535

Technical details for CVE-2026-51535 are not publicly available in the provided documents. No affected products, versions, or fixes are listed. Monitor for updates.

Exploits0References1
CVE
CVE
added 2 days ago12 views

CVE-2026-9547

CVE-2026-9547 describes an SSH host-validation flaw in libcurl: when a libcurl-based application uses SCP/SFTP with CURLOPT_SSH_KEYFUNCTION, a host key type mismatch may be silently accepted, allowing a connection to succeed without warning and enabling potential man-in-the-middle attacks. The is...

6AI score0.00187EPSS
Exploits0References3
CVE
CVE
added 2 days ago14 views

CVE-2026-9546

CVE-2026-9546 details (libcurl): A vulnerability causes the HTTP Referer header to persist after CURLOP_REFERER is set to NULL, due to failure to clear internal per-handle state. As a result, the previous referrer can be reused in subsequent requests, potentially leaking sensitive data to uninten...

5.9AI score0.00206EPSS
Exploits0References3
CVE
CVE
added 2 days ago14 views

CVE-2026-9545

CVE-2026-9545 describes an information-disclosure in curl/libcurl when using HTTP/3 early data with a cached SSL session. In the scenario, a site is initially served by a legitimate HTTP/3 server, but on a second transfer to the same hostname the connection is constructed to a counterfeit host (i...

5.9AI score0.00134EPSS
Exploits0References3
CVE
CVE
added 2 days ago19 views

CVE-2026-9080

CVE-2026-9080 is a use-after-free in libcurl triggered when curl_easy_pause() is called from a socket callback (CURLMOPT_SOCKETFUNCTION). The event-path code re-enters the eviction/assessment flow and may free the associated sh_entry; the fix added a post-callback re-fetch of that entry in mev_sh...

5.9AI score0.00206EPSS
Exploits0References3
Rows per page
Query Builder