Lucene search
+L

675 matches found

EUVD
EUVD
added 6 days ago9 views

EUVD-2026-43154

The fresh Podcaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'freshpodcaster' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS6.2AI score0.00193EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago40 views

CVE-2026-1382 fresh Podcaster <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'freshpodcaster' Shortcode Attributes

The fresh Podcaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'freshpodcaster' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00193EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 1:20 p.m.31 views

CVE-2026-57301

CVE-2026-57301 affects Jenkins OWASP ZAP Plugin,

8.8CVSS6.3AI score0.0042EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/24 7:16 a.m.11 views

CVE-2026-7617

The SecuforOAuth plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to disconnect the WordPress...

5.3CVSS0.00295EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/24 5:33 a.m.7 views

EUVD-2026-38667

The SecuforOAuth plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to disconnect the WordPress...

5.3CVSS5.8AI score0.00295EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/06/23 4:37 p.m.6 views

WordPress Secufor_OAuth plugin <= 1.0.7 - Missing Authorization to Unauthenticated Account Logout vulnerability

Missing Authorization to Unauthenticated Account Logout vulnerability discovered by SHIVAM KUMAR in WordPress Plugin SecuforOAuth versions = 1.0.7...

5.3CVSS5.8AI score0.00295EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/19 5:35 p.m.15 views

CVE-2019-25758

CVE-2019-25758 affects Joomla! component vBizz 1.0.7. The vulnerability is an unrestricted file upload in the profile_pic parameter, enabling authenticated attackers to upload arbitrary PHP files. By submitting malicious files via POST to the employee view endpoint, attackers can place PHP code i...

8.8CVSS6.4AI score0.0067EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2025-210228

Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...

10CVSS5.2AI score0.00432EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:19 p.m.13 views

CVE-2025-69129

Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...

10CVSS0.00432EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.43 views

CVE-2025-69129 WordPress WordPress & WooCommerce Scraper Plugin, Import Data from Any Site plugin <= 1.0.7 - Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...

10CVSS0.00432EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:57 p.m.14 views

CVE-2025-69131

Affected software: WordPress & WooCommerce Scraper Plugin, Import Data from Any Site (WordPress). Vulnerability: Unauthenticated Arbitrary File Download in versions

7.5CVSS5.2AI score0.00467EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.24 views

CVE-2025-69131 WordPress WordPress & WooCommerce Scraper Plugin, Import Data from Any Site plugin <= 1.0.7 - Arbitrary File Download vulnerability

Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...

7.5CVSS0.00467EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.30 views

PT-2026-50082

Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...

7.5CVSS5.2AI score0.00467EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 6:24 p.m.4 views

OPENSUSE-SU-2026:20963-1 Security update for neonmodem

This update for neonmodem fixes the following issues: Changes in neonmodem: - Update golang.org/x/net dependency to v0.55.0 due to bsc1267193 - Update golang.org/x/image dependency to v0.38.0 due to bsc1260727 - Update golang.org/x/term dependency to v0.42.0 due to bsc1260727 - Update to version...

6.5CVSS6.2AI score0.00328EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/06/12 11:32 a.m.10 views

WordPress WordPress & WooCommerce Scraper Plugin, Import Data from Any Site plugin <= 1.0.7 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by Bonds in WordPress Plugin WordPress & WooCommerce Scraper Plugin, Import Data from Any Site versions = 1.0.7...

7.5CVSS5.3AI score0.00467EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.9 views

CVE-2026-41705

Spring AI's MilvusVectorStoredoDeleteList implementation is vulnerable to filter-expression injection via unsanitized document IDs. Spring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upgrade to 1.0.7 or greater. Spring AI 1.1.x: affected from 1.1.0 through latest 1.1.x; upgrade to 1.1.6 o...

8.6CVSS5.4AI score0.00353EPSS
Exploits0References1
NVD
NVD
added 2026/05/22 5:16 a.m.22 views

CVE-2026-6864

The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00264EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/22 3:39 a.m.11 views

CVE-2026-6864 CBX 5 Star Rating & Review <= 1.0.7 - Reflected Cross-Site Scripting via 'page' Parameter

The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6AI score0.00264EPSS
Exploits0References5
CVE
CVE
added 2026/05/22 3:39 a.m.27 views

CVE-2026-6864

The CVE-2026-6864 concern affects the CBX 5 Star Rating & Review plugin for WordPress. It is a Reflected Cross-Site Scripting flaw via the 'page' parameter in all versions up to 1.0.7, caused by insufficient input sanitization and output escaping. This enables unauthenticated attackers to inject ...

6.1CVSS6AI score0.00264EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.18 views

PT-2026-42726

The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6AI score0.00264EPSS
Exploits0References6
Rows per page
Query Builder