Lucene search
K

368557 matches found

CVE
CVE
added 2 days ago20 views

CVE-2026-11586

The CVE-2026-11586 issue affects curl’s WebSocket handling: curl auto-responds to PING frames and has no upper bound on memory allocation for unacknowledged frames, enabling memory exhaustion via rapid PING floods. Affected are curl versions prior to 8.21.0 (e.g., 8.16.0). Remediation: upgrade to...

6AI score0.00206EPSS
Exploits0References3
CVE
CVE
added 2 days ago14 views

CVE-2026-11564

CVE-2026-11564 affects libcurl where a handle using default native CA trust may later switch to custom CA material and continue trusting the platform store, due to keeping previously used connections in a pool for reuse. Public docs describe the issue for versions affected by libcurl 8.17.0 prior...

6AI score0.00196EPSS
Exploits0References3
CVE
CVE
added 2 days ago14 views

CVE-2026-11352

CVE-2026-11352 affects curl/libcurl. A bug in QUIC UDP receive handling discards zero-length UDP datagrams toward the per-call budget, allowing a connected HTTP/3 server to continuously stream empty datagrams and cause a remote denial of service on the client. The provided documents do not specif...

6.7AI score0.0028EPSS
Exploits0References3
CVE
CVE
added 2 days ago14 views

CVE-2026-10536

libcurl (HTTP/2) contains a use-after-free vulnerability. If an application builds an HTTP/2 stream-dependency tree using CURLOPT_STREAM_DEPENDS/…_E, then calls curl_easy_reset() and later curl_easy_cleanup(), libcurl may access/modify an internal structure that was freed during reset. This is a ...

6AI score0.00206EPSS
Exploits0References3
CVE
CVE
added 2 days ago10 views

CVE-2026-4967

In IMS, this CVE-2026-4967 describes a possible out-of-bounds read caused by a missing bounds check, which could lead to remote denial of service without extra privileges. The NVD and CVE records confirm the issue and provide a CVSSv3.1 base score of 7.5 (HIGH) with network attack vector and no u...

7.5CVSS6AI score0.00403EPSS
Exploits0References1
CVE
CVE
added 2 days ago10 views

CVE-2026-9626

The CVE-2026-9626 entry concerns the WordPress JSON API User plugin (

6.4CVSS5.9AI score0.00228EPSS
Exploits0References6
CVE
CVE
added 2 days ago12 views

CVE-2026-9180

MotoPress Appointment Booking for WordPress (versions up to 2.4.4) is vulnerable to an Authorization Bypass via a user-controlled booking_id. The REST endpoint POST /motopress/appointment/v1/bookings is registered with a permissive permission_callback (return_true ), and createBooking() loads the...

5.3CVSS5.7AI score0.00342EPSS
Exploits0References6
CVE
CVE
added 2 days ago13 views

CVE-2026-8892

CVE-2026-8892 affects the CM Business Directory plugin for WordPress (versions up to and including 1.5.7). The vulnerability is a Stored Cross-Site Scripting (XSS) via the Business Address Meta Fields, caused by insufficient input sanitization and output escaping. Authenticated attackers with con...

6.4CVSS5.9AI score0.00212EPSS
Exploits0References7
CVE
CVE
added 2 days ago10 views

CVE-2026-11397

The CVE-2026-11397 entry concerns the WordPress plugin WP Import Export Lite (versions

5.5CVSS5.9AI score0.00235EPSS
Exploits0References6
CVE
CVE
added 2 days ago12 views

CVE-2026-9725

The CVE-2026-9725 issue affects the Printcart Web to Print Product Designer for WooCommerce plugin for WordPress (versions

9.1CVSS6.5AI score0.00742EPSS
Exploits0References6
CVE
CVE
added 2 days ago12 views

CVE-2026-13040

The CVE covers the NEX-Forms – Ultimate Forms Plugin for WordPress (up to version 9.2.2). It exposes a Stored Cross-Site Scripting (XSS) flaw via the real_val__ parameter due to insufficient input sanitization and output escaping. The vulnerability is exploitable because the wp_ajax_nopriv_submit...

7.2CVSS5.9AI score0.00304EPSS
Exploits0References14
CVE
CVE
added 2 days ago10 views

CVE-2026-12557

CVE-2026-12557 affects the Ninja Forms - File Uploads plugin for WordPress. All versions up to 3.3.29 allow an unauthenticated user to bypass authorization, enabling reads of plugin debug logs stored in the wp_nf3_log table and permanent deletion of log rows via the debug-log/delete-all and debug...

5.3CVSS5.8AI score0.00223EPSS
Exploits0References2
CVE
CVE
added 2 days ago13 views

CVE-2026-8489

The CVE-2026-8489 case involves the WordPress plugin Ultimate Member (User Profile, Registration, Login, etc.). Affected: all versions up to 2.11.4. Vulnerability: Stored Cross-Site Scripting via the about_me field in user profiles, caused by insufficient input sanitization and output escaping. I...

6.4CVSS5.9AI score0.00241EPSS
Exploits0References11
CVE
CVE
added 2 days ago15 views

CVE-2026-14352

AR for WooCommerce

7.5CVSS5.9AI score0.00473EPSS
Exploits0References7
CVE
CVE
added 2 days ago13 views

CVE-2026-6791

Technical details for CVE-2026-6791 are not publicly available in the provided documents. Monitor for updates.

Exploits0
CVE
CVE
added 2 days ago13 views

CVE-2022-4989

CVE-2022-4989 affects the ASUS AI Suite 3 driver. The root cause is improper validation of a specified quantity in input, enabling a local user to craft IOCTL requests that access unintended memory regions and escalate privileges. The CVSS indicates high impact to confidentiality, integrity, and ...

8.5CVSS5.8AI score0.00103EPSS
Exploits0References1
CVE
CVE
added 2 days ago10 views

CVE-2022-4990

CVE-2022-4990 affects the ASUS AI Suite 3 driver. The vulnerability arises from improper validation of a specified quantity in input, enabling a local attacker to bypass security validation and access restricted memory blocks via crafted IOCTL requests, leading to privilege escalation. The docume...

7.3CVSS5.8AI score0.00096EPSS
Exploits0References1
CVE
CVE
added 2 days ago12 views

CVE-2026-8921

The CVE-2026-8921 entry concerns ASUS Business Manager. It describes an External Control of File Name or Path vulnerability that allows a local user to execute arbitrary code with SYSTEM privileges by sending a tampered IPC message. Affected product is ASUS Business Manager; the root cause is con...

8.5CVSS6.2AI score0.00124EPSS
Exploits0References1
CVE
CVE
added 2 days ago10 views

CVE-2026-12960

CVE-2026-12960 affects the ASUS Router Android app. The issue is an Improper Export of Android Application Components, where a local third-party app on the same device can send a crafted Intent that causes the ASUS Router App to open a specified URL. CVSS metrics indicate local access, low comple...

6CVSS5.8AI score0.00116EPSS
Exploits0References1
CVE
CVE
added 2 days ago13 views

CVE-2026-14327

The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to and including 8.40 via the 'file' parameter. Unauthenticated attackers can read arbitrary server files. Exploitation requires obtaining a valid nonce via ar_get_fresh_nonce and ar_process_user_ima...

7.5CVSS5.9AI score0.00459EPSS
Exploits0References6
Rows per page
Query Builder