Lucene search
K

1232 matches found

NVD
NVD
added 12 hours ago6 views

CVE-2026-7517

The Custom Payment Gateways for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'algwccpginputfields' parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS
Exploits0References8
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-36600

Nezha Monitoring: Stored future DDNS profile ID allows unauthorized use of another user's DDNS profile context...

6.4CVSS5.8AI score0.00227EPSS
Exploits0References2
NVD
NVD
added 5 days ago7 views

CVE-2026-57638

Contributor Cross Site Scripting XSS in Fluent Booking = 2.1.0 versions...

6.5CVSS0.00161EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago4 views

EUVD-2026-39754

Contributor Cross Site Scripting XSS in Fluent Booking = 2.1.0 versions...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References1
CVE
CVE
added 6 days ago10 views

CVE-2026-54844

The CVE-2026-54844 entry concerns WordPress CheckView Automated Testing plugin (versions

7.5CVSS5.8AI score0.00238EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-52421

Name of the Vulnerable Software and Affected Versions CheckView Automated Testing versions prior to 2.1.1 Description An unauthenticated broken access control issue exists, allowing unauthorized users to bypass security restrictions. Recommendations Update CheckView Automated Testing to version...

7.5CVSS5.8AI score0.00238EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 12:16 a.m.8 views

CVE-2026-6458

Missing cryptographic step in Caliptra Core Firmware aes256gcmupdate module results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardware GHASH accumulator state is not saved after the first update call, causing the final tag to exclude th...

5.1CVSS0.00128EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 11:50 p.m.9 views

CVE-2026-5818

The CVE-2026-5818 entry concerns the Caliptra Core Runtime Firmware and describes an incorrect return-value check in ActivateFirmwareCmd::activate_fw modules, which allows bypassing the Core’s verification of MCU firmware during a hitless update. Affected versions are Core Runtime Firmware 2.0.0 ...

7.2CVSS5.8AI score0.00155EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 11:49 p.m.31 views

CVE-2026-6458 AES-256-GCM Authentication Tag Does Not Cover First Ciphertext Blocks When AAD Is Empty

Missing cryptographic step in Caliptra Core Firmware aes256gcmupdate module results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardware GHASH accumulator state is not saved after the first update call, causing the final tag to exclude th...

5.1CVSS0.00128EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.10 views

PT-2026-51610

Name of the Vulnerable Software and Affected Versions Caliptra Core Runtime Firmware versions 2.0.0 through 2.0.1 Caliptra Core Runtime Firmware version 2.1.0 Description A missing cryptographic step in the aes 256 gcm update module leads to an incorrect GCM authentication tag. When the streaming...

5.1CVSS5.7AI score0.00128EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:16 p.m.3 views

Security Bulletin: Vulnerability in node.js affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in node.js has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

8.7CVSS5.8AI score0.00663EPSS
Exploits1Affected Software2
EUVD
EUVD
added 2026/06/15 9:30 p.m.6 views

EUVD-2026-36934

Shop manager Privilege Escalation in WooCommerce Cart Abandonment Recovery 2.1.0 versions...

7.2CVSS5.2AI score0.00382EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.6 views

CVE-2026-39470

Shop manager Privilege Escalation in WooCommerce Cart Abandonment Recovery 2.1.0 versions...

7.2CVSS0.00382EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 10:16 p.m.12 views

CVE-2026-53520

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing. This issue has been patched in version 2.1.0...

6.5CVSS0.00282EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 10:16 p.m.12 views

CVE-2026-53521

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, PATCH /server/id accepts and persists nonexistent ddnsprofiles IDs for a member-owned server. If another user later creates a DDNS profile with one of those...

6.4CVSS0.00227EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 9:4 p.m.17 views

CVE-2026-53521

CVE-2026-53521 affects Nezha Monitoring. From versions 2.0.14 up to before 2.1.0, PATCH /server/{id} accepts and persists nonexistent ddns_profiles IDs for a member-owned server. If another user later creates a DDNS profile with one of those IDs, the DDNS worker resolves the stored ID and dispatc...

6.4CVSS5.3AI score0.00227EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 9:4 p.m.27 views

CVE-2026-53521 Nezha Monitoring: Stored future DDNS profile ID allows unauthorized use of another user's DDNS profile context

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, PATCH /server/id accepts and persists nonexistent ddnsprofiles IDs for a member-owned server. If another user later creates a DDNS profile with one of those...

6.4CVSS0.00227EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 9:3 p.m.29 views

CVE-2026-53520 Nezha Monitoring: Authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing. This issue has been patched in version 2.1.0...

6.5CVSS0.00282EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 9:3 p.m.40 views

CVE-2026-53520

Nezha Monitoring before 2.1.0 (vulnerable 2.0.14–pre-2.1.0) allows authenticated users to claim the dashboard Host via NAT and preempt all dashboard routing. CVSS 3.1 base score 6.5 (I: None, A: High). Patch: upgrade to 2.1.0. If upgrading is not feasible, apply the vendor advisory guidance from ...

6.5CVSS5.3AI score0.00282EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/05 11:28 p.m.9 views

CVE-2026-8608 Event Monster <= 2.1.0 - Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass via em_capture_payment AJAX Action

The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This is due to the capturepayment AJAX handler registered via wpajaxnoprivemcapturepayment trusting...

5.3CVSS5.6AI score0.00165EPSS
Exploits0References5
Rows per page
Query Builder