Lucene search
K

1459 matches found

Patchstack
Patchstack
added 2026/06/16 8:32 a.m.10 views

WordPress WP Review Slider Pro plugin <= 12.6.8 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.6.8...

8.8CVSS5.8AI score0.00335EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/16 8:27 a.m.7 views

WordPress WP Review Slider Pro plugin <= 12.6.8 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.6.8...

8.1CVSS5.2AI score0.00501EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/15 12:0 p.m.8 views

CVE-2016-20075 WordPress Ultimate Product Catalog 3.8.6 Arbitrary File Upload RCE

WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the...

8.8CVSS6AI score0.00327EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 8:44 p.m.26 views

CVE-2026-45012

Summary (CVE-2026-45012) ApostropheCMS (Node.js) versions up to and including 4.29.0 expose an authenticated SSRF in the rich-text widget import flow. An authenticated user who can submit or edit rich-text content can trigger the server to fetch attacker-controlled URLs during widget validation, ...

7.6CVSS5.2AI score0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 8:46 p.m.7 views

CVE-2026-6250 Authenticated Format String Injection on TP-Link Tapo C110

An authenticated format string vulnerability exists in the ONVIF service of Tapo C110 v2 due to improper handling of user-controlled input. Externally controlled data is interpreted as a format string, which can be used to manipulate stack memory, including control flow data such as return...

7CVSS5.5AI score0.00463EPSS
Exploits0References4
CVE
CVE
added 2026/06/11 8:46 p.m.25 views

CVE-2026-6250

The CVE-2026-6250 entry documents an authenticated format-string vulnerability in the ONVIF service of the TP-Link Tapo C110 v2. The issue arises from improper handling of user-controlled input, where externally controlled data is interpreted as a format string. This allows an authenticated remot...

8.1CVSS5.7AI score0.00463EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/09 6:49 p.m.15 views

WordPress aThemes Addons for Elementor plugin <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Romain Deperne ang3L in WordPress Plugin aThemes Addons for Elementor versions = 1.1.8...

6.4CVSS5.4AI score0.002EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/09 6:47 p.m.11 views

WordPress Easy Image Collage plugin <= 1.13.6 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by gnsehfvlr in WordPress Plugin Easy Image Collage versions = 1.13.6...

6.4CVSS5.4AI score0.00195EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/09 12:42 p.m.14 views

WordPress Slider Revolution plugin 7.0-7.0.10 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Luc Huynh from Noventiq RedTeam - Noventiq Vietnam in WordPress Plugin Slider Revolution versions 7.0-7.0.10...

6.5CVSS5.2AI score0.00252EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/09 9:59 a.m.13 views

WordPress Booking Package plugin <= 1.7.16 - Authenticated (Editor+) Privilege Escalation vulnerability

Authenticated Editor+ Privilege Escalation vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Booking Package versions = 1.7.16...

7.2CVSS5.5AI score0.00345EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/08 8:11 p.m.12 views

WordPress Blocksy theme <= 2.1.41 - Authenticated (Contributor+) PHP Object Injection vulnerability

Authenticated Contributor+ PHP Object Injection vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Theme Blocksy versions = 2.1.41...

8.8CVSS5.5AI score0.00849EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/08 7:49 p.m.11 views

WordPress Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Romain Deperne ang3L in WordPress Plugin Unlimited Elementor Inner Sections By BoomDevs versions = 1.3.3...

6.4CVSS5.4AI score0.00243EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/08 3:7 p.m.8 views

WordPress kk blog card plugin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin kk blog card versions = 1.3...

6.4CVSS5.4AI score0.00181EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/08 1:0 p.m.10 views

WordPress Accordions plugin <= 2.3.23 - Authenticated (Custom+) Stored Cross-Site Scripting vulnerability

Authenticated Custom+ Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Accordion versions = 2.3.23...

6.4CVSS5.4AI score0.00155EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.13 views

CVE-2026-6241

An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed to formatting functions without adequate sanitization. An attacker can inject format specifiers into ONVIF scope parameters to manipulate memory...

6.8CVSS5.5AI score0.00163EPSS
Exploits0References1
NVD
NVD
added 2026/06/06 12:16 a.m.14 views

CVE-2026-6242

An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting functions. An attacker may inject crafted format strings into event subscription requests or notification generation pa...

6.8CVSS0.00174EPSS
Exploits0References3
CVE
CVE
added 2026/06/05 11:52 p.m.32 views

CVE-2026-6242

The CVE-2026-6242 entry describes an authenticated format-string vulnerability in the ONVIF Subscribe service of TP-Link Tapo C520WS v2. The root cause is improper handling of externally supplied parameters within formatting functions, enabling an attacker with valid credentials to inject crafted...

6.8CVSS5.5AI score0.00174EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/05 11:52 p.m.9 views

CVE-2026-6241 Authenticated Format String Vulnerability in ONVIF AddScopes Method on TP-Link Tapo C520WS

An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed to formatting functions without adequate sanitization. An attacker can inject format specifiers into ONVIF scope parameters to manipulate memory...

6.8CVSS5.5AI score0.00163EPSS
Exploits0References3
CVE
CVE
added 2026/06/05 11:52 p.m.37 views

CVE-2026-6241

An authenticated format-string vulnerability affects TP-Link Tapo C520WS v2 (ONVIF AddScopes). User-controlled input is passed to formatting functions without proper sanitization, enabling injection of format specifiers that can manipulate memory handling. Exploitation may cause the ONVIF managem...

6.8CVSS5.5AI score0.00163EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/05 11:51 p.m.47 views

CVE-2026-6240 Authenticated Stack-based Buffer Overflow in ONVIF DeleteUsers Service on TP-Link Tapo C520WS

A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multiple user deletion parameters. An authenticated attacker can send a crafted malicious request containing an excessive number of identifiers ...

6.8CVSS0.0018EPSS
Exploits0References3
Rows per page
Query Builder