Lucene search
K

370190 matches found

CVE
CVE
added 2026/07/01 3:43 a.m.15 views

CVE-2026-13468

The CVE-2026-13468 affects the WordPress plugin Visualizer – Tables & Charts Manager with Built-in AI Generator, vulnerable in all versions up to 4.0.3. The root cause is missing authorization checks for actions on the plugin’s REST endpoint /wp-json/visualizer/v1/action/{chart}/{type}/, allowing...

7.5CVSS5.6AI score0.00367EPSS
Exploits0References8
CVE
CVE
added 2026/07/01 3:43 a.m.13 views

CVE-2026-13731

CVE-2026-13731 affects the WPBot – AI ChatBot for WordPress plugin (versions up to and including 8.4.9). The vulnerability is a stored Cross‑Site Scripting (XSS) via the conversation parameter caused by insufficient input sanitization and output escaping. Unauthenticated attackers can inject arbi...

7.2CVSS5.9AI score0.00524EPSS
Exploits0References7
CVE
CVE
added 2026/07/01 3:43 a.m.13 views

CVE-2026-12904

The Kadence Blocks – Gutenberg Blocks for Page Builder Features plugin for WordPress (versions ≤ 3.7.7) is affected by an Insecure Direct Object Reference. The root cause is a mismatch between the authorization object and the object actually accessed in Optimize_Rest_Controller endpoints (create_...

4.3CVSS5.8AI score0.00293EPSS
Exploits0References20
CVE
CVE
added 2026/07/01 3:43 a.m.14 views

CVE-2026-12133

Summary: The JoomSport – for Sports: Team & League, Football & more plugin for WordPress (up to version 5.7.8) is vulnerable to Missing Authorization to Arbitrary Group Deletion via the joomsport_season_groupdel() AJAX handler. The issue arises from a missing capability check; the handler only ve...

4.3CVSS5.9AI score0.0025EPSS
Exploits0References10
CVE
CVE
added 2026/07/01 3:43 a.m.14 views

CVE-2026-13246

The CVE concerns GiveWP – Donation Plugin and Fundraising Platform for WordPress (up to version 4.16.0). A Stored XSS exists in the givewp_campaign_comments shortcode (block_id and similar attributes) due to insufficient sanitization and escaping in CampaignCommentsShortcode::parseAttributes() an...

6.4CVSS5.9AI score0.00241EPSS
Exploits0References12
CVE
CVE
added 2026/07/01 3:33 a.m.45 views

CVE-2026-7840

CVE-2026-7840 (UltraVNC repeater) : A global buffer overflow in the embedded HTTP administration server affects UltraVNC repeater versions up to 1.8.2.2. The functions wi_senderr() and wi_replyhdr() copy the caller-supplied HTTP request URI into a fixed 1000-byte buffer (hdrbuf) using unchecked s...

9.8CVSS6.6AI score0.01439EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/07/01 3:33 a.m.14 views

CVE-2026-7839

UltraVNC repeater up to version 1.8.2.2 contains a hardcoded default admin password that is written during first run when settings2.txt is absent. Specifically, repeater/webgui/settings.c assigns the literal string "adminadmi2" to saved_password (64 bytes) and the HTTP Basic-auth handler wi_decod...

9.1CVSS5.8AI score0.00374EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/07/01 3:33 a.m.18 views

CVE-2026-7838

UltraVNC viewer up to 1.8.2.2 is affected by an integer overflow leading to a heap buffer overflow in the RFB failure-response parsing path. In vncviewer/ClientConnection.cpp, the 4-byte reasonLen field is used as reasonLen+1 in CheckBufferSize(); with unsigned 32-bit operands, reasonLen 0xFFFFFF...

8.8CVSS6.6AI score0.01403EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/07/01 3:33 a.m.19 views

CVE-2026-7831

UltraVNC viewer

7.6CVSS6.1AI score0.00525EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/07/01 3:33 a.m.16 views

CVE-2026-7830

CVE-2026-7830 affects UltraVNC up to version 1.8.2.2 and concerns the MS-Logon II authentication. The DH key exchange uses parameters within 64-bit space (DH_MAX_BITS) and the private exponent is generated using a rng() that relies on three libc rand() calls seeded from time(NULL). This yields an...

7.4CVSS5.8AI score0.0022EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/07/01 3:33 a.m.15 views

CVE-2026-7829

UltraVNC repeater (= destination size, the NUL byte is written past the end of the stack array, corrupting adjacent data and potentially enabling code execution on the repeater host. An attacker with admin credentials (including via CVE-2026-7839 default password) can trigger this. The provided d...

7.2CVSS6.3AI score0.00571EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/07/01 3:33 a.m.12 views

CVE-2026-7828

UltraVNC repeater up to version 1.8.2.2 contains an integer overflow in the HTTP request logging path. In repeater/webgui/settings.c:336, win_log() allocates memory with malloc(sizeof(struct LIST) + strlen(line)); if strlen(line) is large, the size overflows to a value smaller than sizeof(struct ...

5.3CVSS6.2AI score0.01057EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/07/01 3:33 a.m.14 views

CVE-2026-44040

UltraVNC

6.5CVSS5.8AI score0.00283EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/07/01 3:33 a.m.14 views

CVE-2026-44041

UltraVNC

6.5CVSS5.9AI score0.00316EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/07/01 3:33 a.m.12 views

CVE-2026-44042

UltraVNC repeater up to version 1.8.2.2 contains an off-by-one bug in the Base64 decode helper used for HTTP Basic authentication. In repeater/webgui/webutils.c:817, wi_uudecode() uses a strict > check to ensure output fits the buffer, but the correct condition is >=. When strlen(authdata) ...

3.7CVSS6AI score0.00388EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/07/01 3:14 a.m.16 views

CVE-2026-20463

Technical details for CVE-2026-20463 are not publicly provided in the supplied documents. Monitor for updates from vendors and security bulletins.

6.7CVSS5.8AI score0.0011EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 3:14 a.m.19 views

CVE-2026-20462

Technical details about CVE-2026-20462 are not publicly available in the provided documents. Monitor for updates from vendors and security bulletins to obtain affected components, impact, and remediation specifics.

6.7CVSS6.1AI score0.00111EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 3:14 a.m.21 views

CVE-2026-20461

CVE-2026-20461 : In the Modem component, an out-of-bounds write can occur due to a missing bounds check. This may allow a remote denial of service when a UE connects to a rogue base station controlled by an attacker; exploitation does not require user interaction or additional privileges. Public ...

5.3CVSS6AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 3:14 a.m.17 views

CVE-2026-20460

CVE-2026-20460 affects the Modem via information disclosure caused by improper input validation. The issue could enable remote information disclosure if a UE connects to a rogue base station controlled by an attacker, with no extra execution privileges and without user interaction. The available ...

5.3CVSS6AI score0.00174EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 3:14 a.m.19 views

CVE-2026-20459

In Modem, a vulnerability due to improper input validation can cause a system crash leading to remote denial of service when a UE connects to a rogue base station. No user interaction is required; exploitation is over the network with no privileges. A patch is available: MOLY01816800 (Issue MSV-6...

5.3CVSS6AI score0.00169EPSS
Exploits0References1
Rows per page
Query Builder