Lucene search
K

560 matches found

NVD
NVD
added yesterday5 views

CVE-2026-9731

The Wp Js Detect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.9. This is due to missing or incorrect nonce validation on the pluginsettings function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS0.00128EPSS
Exploits0References5
Cvelist
Cvelist
added yesterday8 views

CVE-2026-9731 Wp Js Detect <= 1.0.9 - Cross-Site Request Forgery to Plugin Settings Update

The Wp Js Detect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.9. This is due to missing or incorrect nonce validation on the pluginsettings function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS0.00128EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday11 views

WP Sessions Time Monitoring Full Automatic <= 1.0.8 - SQL Injection

The WP Sessions Time Monitoring Full Automatic plugin for WordPress is vulnerable to SQL Injection via request parameters in all versions up to, and including, 1.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...

7.5CVSS7.1AI score0.02221EPSS
Exploits2References3
EUVD
EUVD
added 2026/06/17 6:35 p.m.13 views

EUVD-2026-37643

Unauthenticated Privilege Escalation in Registration Form for WooCommerce = 1.0.9 versions...

9.8CVSS5.2AI score0.0045EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.7 views

EUVD-2024-55628

Subscriber Arbitrary File Upload in Grip = 1.0.9 versions...

9.9CVSS8.4AI score0.00471EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-54807

Unauthenticated Privilege Escalation in Registration Form for WooCommerce = 1.0.9 versions...

9.8CVSS0.0045EPSS
Exploits1References1
NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-39529

Unauthenticated PHP Object Injection in Elementra = 1.0.9 versions...

9.8CVSS0.00375EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:50 a.m.31 views

CVE-2024-52488

CVE-2024-52488 affects WordPress Grip theme (versions ≤ 1.0.9). The issue is an Arbitrary Plugin Activation/Deactivation vulnerability leading to RCE, requiring Subscriber privileges. Patch status is not clearly available in the provided docs; Patchstack indicates high risk with a potential explo...

9.9CVSS8.4AI score0.00471EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.25 views

CVE-2024-52488 WordPress Grip theme <= 1.0.9 - Arbitrary Plugin Activation/Deactivation to RCE vulnerability

Subscriber Arbitrary File Upload in Grip = 1.0.9 versions...

9.9CVSS0.00471EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.24 views

CVE-2026-39529 WordPress Elementra theme <= 1.0.9 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Elementra = 1.0.9 versions...

9.8CVSS0.00375EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:57 p.m.18 views

CVE-2026-39529

The CVE identifies an unauthenticated PHP Object Injection in WordPress Elementra theme

9.8CVSS5.3AI score0.00375EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 9:30 p.m.8 views

EUVD-2026-36796

In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store. Affected versions: Spring AI 1.0.0...

8.6CVSS5.6AI score0.00254EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.11 views

CVE-2026-42761

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows Blind SQL Injection.This issue affects Active Products Tables for WooCommerce: from n/a through = 1.0...

9.3CVSS5.6AI score0.00229EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 12:30 a.m.12 views

EUVD-2024-55607

Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent attackers to trigger high CPU load by sending specially crafted, unencrypted SDC messages during the discovery process. Attackers with access to the hospital network ca...

8.7CVSS5.8AI score0.00284EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/02 9:22 p.m.8 views

CVE-2024-14036 Dräger Core 1.0.5 Denial of Service via Malformed SDC Message

Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent attackers to trigger high CPU load by sending specially crafted, unencrypted SDC messages during the discovery process. Attackers with access to the hospital network ca...

8.7CVSS5.8AI score0.00284EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/01 10:36 a.m.8 views

WordPress Active Products Tables for WooCommerce plugin <= 1.0.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hhhai in WordPress Plugin Active Products Tables for WooCommerce versions = 1.0.9...

9.3CVSS5.9AI score0.00229EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/05/28 1:15 p.m.42 views

CVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip2

bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash denial of service. This issue was fixed in bzip2...

4.8CVSS0.00126EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/28 1:15 p.m.7 views

CVE-2026-42250

bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash denial of service. This issue was fixed in bzip2...

5.1CVSS5.8AI score0.00126EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/28 1:15 p.m.8 views

CVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip2

bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash denial of service. This issue was fixed in bzip2...

4.8CVSS5.8AI score0.00126EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/28 1:15 p.m.11 views

EUVD-2026-32898

bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash denial of service. This issue was fixed in bzip2...

5.1CVSS5.8AI score0.00126EPSS
Exploits0References4
Rows per page
Query Builder