Lucene search
K

10126 matches found

CVE
CVE
added yesterday4 views

CVE-2026-61520

The CVE-2026-61520 entry documents a server-side request forgery in Simple Machines Forum (SMF) image proxy. Affected versions are SMF 2.1 prior to commit 4bf35cf and SMF 3.0 prior to commit b4d23df. The vulnerability allows authenticated attackers to trigger internal HTTP requests by embedding a...

7.7CVSS6.1AI score
Exploits0References3
CVE
CVE
added yesterday6 views

CVE-2026-62659

CVE-2026-62659 affects the NETGEAR WAX333 Access Point. The issue enables someone who is already logged in and on the same local network to make unauthorized changes to the device’s settings. The CVSS details show an adjacent attack vector, low attack complexity, high privileges required, and no ...

6.8CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-11944

CVE-2026-11944 affects openSIS Classic 9.3. The vulnerability is an authenticated path traversal in the legacy messaging SentMail attachment download functionality, allowing an authenticated attacker to read arbitrary files on the server via crafted path traversal sequences. Impact is limited to ...

6.5CVSS6.2AI score
Exploits1References2Affected Software1
CVE
CVE
added yesterday7 views

CVE-2025-43892

Fortinet FortiOS is affected by CVE-2025-43892: a buffer over-read in FortiOS 7.6.0–7.6.2, 7.4.0–7.4.8, and 7.2 all versions. An authenticated remote attacker could cause the device to return a portion of memory in the redirect response by submitting a specially crafted request. The CVSSv3.1 vect...

4.3CVSS6.2AI score
Exploits0References1
Nuclei
Nuclei
added yesterday29 views

phpMyAdmin < 5.0.3 - SQL Injection

phpMyAdmin before 4.9.6 and 5.x before 5.0.3 contains a SQL injection caused by improper processing of SQL statements in the search feature, letting attackers inject malicious SQL, exploit requires crafted search input. id: CVE-2020-26935 info: name: phpMyAdmin 5.0.3 - SQL Injection author: 0xAko...

9.8CVSS7AI score0.67081EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday76 views

User Profile Picture < 2.5.0 - Sensitive Information Disclosure

The REST API endpoint getusers in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the uploadfiles capability. This included password hashes, hashed user activation keys, usernames, emails, and other less...

7.5CVSS7AI score0.04788EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday42 views

Frappe Framework < 16.15.0 - Arbitrary File Read via render_include Path Traversal

Frappe is a full-stack web application framework. Versions prior to 15.105.0 and 16.15.0 contain a possible Arbitrary File Read vulnerability via Path Traversal. The issue is resolved in versions 16.15.0, 15.105.0 and above. id: CVE-2026-39352 info: name: Frappe Framework 16.15.0 - Arbitrary File...

8.7CVSS6.1AI score0.01279EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday64 views

NocoBase - SQL Injection

NocoBase @nocobase/plugin-collection-sql versions prior to 2.0.39 are vulnerable to SQL injection via the sqlCollection:update endpoint. The checkSQL function, which blocks dangerous SQL keywords and ensures only SELECT statements are allowed, is not called during collection updates. id:...

7.2CVSS6.1AI score0.01833EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday14 views

Group-Office < 26.0.5 - Remote Code Execution

Group-Office before versions 6.8.150, 25.0.82, and 26.0.5 is vulnerable to remote code execution via OS command injection. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled parameter tmpfile into an exec call. By injecting shell metacharacters into...

9.4CVSS6.7AI score0.18536EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday12 views

WP Projects Portfolio <= 3.0 - Cross-Site Scripting

WP Projects Portfolio with Client Testimonials WordPress plugin = 3.0 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13114...

6.1CVSS7AI score0.00567EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday11 views

Tutor LMS <= 2.1.10 - SQL Injection

Tutor LMS – eLearning and online course solution plugin for WordPress all versions up to 2.6.1 contains a time-based SQL Injection caused by insufficient escaping on the questionid parameter in SQL queries, letting authenticated attackers with subscriber or higher access extract sensitive...

8.8CVSS7.1AI score0.03135EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday119 views

reNgine 2.2.0 - Command Injection

reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/wafdetector/?url= string. The commands are executed as root via subprocess.checkoutput. id: CVE-2023-50094 info: name: reNgine 2.2.0 - Command Injection...

8.8CVSS7AI score0.1354EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday16 views

AstrBot <= 4.22.1 - Command Injection

AstrBot versions up to and including 4.22.1 contain a command injection vulnerability in the MCP server configuration endpoint. The /api/tools/mcp/add endpoint accepts arbitrary command and args fields that are passed directly to subprocess execution during the connection test, without any...

6.5CVSS6.9AI score0.02304EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday13 views

Tandoor Recipes < 1.5.24 - Jinja2 SSTI RCE

Tandoor Recipes 1.5.24 has a Jinja2 SSTI vulnerability that allows command execution via recipe steps. id: CVE-2025-23211 info: name: Tandoor Recipes 1.5.24 - Jinja2 SSTI RCE author: sammiee5311 severity: critical description: | Tandoor Recipes 1.5.24 has a Jinja2 SSTI vulnerability that allows...

9.9CVSS6.2AI score0.03464EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday17 views

Images to WebP < 1.9 - Authenticated Local File Inclusion

The Images to WebP WordPress plugin before version 1.9 did not validate or sanitize the tab parameter before using it in the include function. id: CVE-2021-24644 info: name: Images to WebP 1.9 - Authenticated Local File Inclusion author: Sourabh-Sahu severity: high description: | The Images to We...

7.5CVSS7AI score0.05028EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday22 views

Responsive Pricing Table <= 5.1.12 - Cross-Site Scripting

The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'planicons' parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...

6.4CVSS6.2AI score0.00598EPSS
Exploits0References3
EUVD
EUVD
added yesterday4 views

EUVD-2026-43624

The Word Count and Social Shares WordPress plugin through 1.0 does not validate a user-supplied file path before deletion, nor does it have proper authorization or CSRF checks, allowing any authenticated user, such as a Subscriber, to delete arbitrary files on the server, which can lead to a full...

9.6CVSS6.1AI score0.00109EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-57856 Cockpit CMS Path Traversal via Bucket Name in Bucket File Storage API

Cockpit CMS contains a path traversal vulnerability in the Bucket file storage API /system/buckets/api. The api method in modules/System/Controller/Buckets.php sanitizes the bucket name with pregreplace'/^a-zA-Z0-9-\./','', $bucket, which permits '..' and '../' sequences. The sanitized value is...

8.8CVSS0.00389EPSS
Exploits0References5
CVE
CVE
added 2 days ago7 views

CVE-2026-58409

ChurchCRM prior to 7.4.0 is vulnerable to authenticated RCE via uploading a malicious plugin ZIP containing a PHP webshell. The vulnerability stems from ALLOWED_EXTENSIONS including 'php' while DENIED_EXTENSIONS fails to block .php files, and extracted ZIP contents are placed under the web root, ...

9.1CVSS6.2AI score0.00456EPSS
Exploits0References1
CVE
CVE
added 2 days ago5 views

CVE-2026-12536

CVE-2026-12536 : A Stored Cross-Site Scripting flaw in the Avada (Fusion) Builder plugin for WordPress affects all versions up to 3.15.5. It arises from insufficient input sanitization and output escaping in the Module Title parameter. An authenticated attacker with Contributor-level access or hi...

6.4CVSS6.2AI score0.00168EPSS
Exploits0References2
Rows per page
Query Builder