Lucene search
K

9954 matches found

Nuclei
Nuclei
added 2 hours ago42 views

Frappe Framework < 16.15.0 - Arbitrary File Read via render_include Path Traversal

Frappe is a full-stack web application framework. Versions prior to 15.105.0 and 16.15.0 contain a possible Arbitrary File Read vulnerability via Path Traversal. The issue is resolved in versions 16.15.0, 15.105.0 and above. id: CVE-2026-39352 info: name: Frappe Framework 16.15.0 - Arbitrary File...

8.7CVSS6AI score0.01279EPSS
Exploits0References4
Nuclei
Nuclei
added 2 hours ago14 views

AstrBot <= 4.22.1 - Command Injection

AstrBot versions up to and including 4.22.1 contain a command injection vulnerability in the MCP server configuration endpoint. The /api/tools/mcp/add endpoint accepts arbitrary command and args fields that are passed directly to subprocess execution during the connection test, without any...

6.5CVSS6.9AI score0.02304EPSS
Exploits0References2
Nuclei
Nuclei
added 2 hours ago14 views

Group-Office < 26.0.5 - Remote Code Execution

Group-Office before versions 6.8.150, 25.0.82, and 26.0.5 is vulnerable to remote code execution via OS command injection. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled parameter tmpfile into an exec call. By injecting shell metacharacters into...

9.4CVSS6.8AI score0.18536EPSS
Exploits2References4
Nuclei
Nuclei
added 2 hours ago11 views

WP Projects Portfolio <= 3.0 - Cross-Site Scripting

WP Projects Portfolio with Client Testimonials WordPress plugin = 3.0 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13114...

6.1CVSS7.1AI score0.00567EPSS
Exploits1References2
Nuclei
Nuclei
added 2 hours ago11 views

Tutor LMS <= 2.1.10 - SQL Injection

Tutor LMS – eLearning and online course solution plugin for WordPress all versions up to 2.6.1 contains a time-based SQL Injection caused by insufficient escaping on the questionid parameter in SQL queries, letting authenticated attackers with subscriber or higher access extract sensitive...

8.8CVSS7.4AI score0.03135EPSS
Exploits0References3
Nuclei
Nuclei
added 2 hours ago20 views

Responsive Pricing Table <= 5.1.12 - Cross-Site Scripting

The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'planicons' parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...

6.4CVSS6.1AI score0.00598EPSS
Exploits0References3
Nuclei
Nuclei
added 2 hours ago16 views

Images to WebP < 1.9 - Authenticated Local File Inclusion

The Images to WebP WordPress plugin before version 1.9 did not validate or sanitize the tab parameter before using it in the include function. id: CVE-2021-24644 info: name: Images to WebP 1.9 - Authenticated Local File Inclusion author: Sourabh-Sahu severity: high description: | The Images to We...

7.5CVSS7.1AI score0.05028EPSS
Exploits2References2
Nuclei
Nuclei
added 2 hours ago74 views

User Profile Picture < 2.5.0 - Sensitive Information Disclosure

The REST API endpoint getusers in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the uploadfiles capability. This included password hashes, hashed user activation keys, usernames, emails, and other less...

7.5CVSS7AI score0.04788EPSS
Exploits2References3
Nuclei
Nuclei
added 2 hours ago52 views

TP-Link TL-WR840N - Command Injection

The TP-Link TL-WR840NESV6.20180709 router contains a command injection vulnerability in the oalsetIp6DefaultRoute component. This vulnerability allows authenticated attackers to execute arbitrary system commands, leading to complete device compromise. id: CVE-2022-25061 info: name: TP-Link...

9.8CVSS7.1AI score0.66934EPSS
Exploits1References5
Nuclei
Nuclei
added 2 hours ago116 views

reNgine 2.2.0 - Command Injection

reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/wafdetector/?url= string. The commands are executed as root via subprocess.checkoutput. id: CVE-2023-50094 info: name: reNgine 2.2.0 - Command Injection...

8.8CVSS7.2AI score0.1354EPSS
Exploits2References3
Nuclei
Nuclei
added 2 hours ago61 views

NocoBase - SQL Injection

NocoBase @nocobase/plugin-collection-sql versions prior to 2.0.39 are vulnerable to SQL injection via the sqlCollection:update endpoint. The checkSQL function, which blocks dangerous SQL keywords and ensures only SELECT statements are allowed, is not called during collection updates. id:...

7.2CVSS6AI score0.01833EPSS
Exploits1References2
Nuclei
Nuclei
added 2 hours ago13 views

Tandoor Recipes < 1.5.24 - Jinja2 SSTI RCE

Tandoor Recipes 1.5.24 has a Jinja2 SSTI vulnerability that allows command execution via recipe steps. id: CVE-2025-23211 info: name: Tandoor Recipes 1.5.24 - Jinja2 SSTI RCE author: sammiee5311 severity: critical description: | Tandoor Recipes 1.5.24 has a Jinja2 SSTI vulnerability that allows...

9.9CVSS6.1AI score0.03464EPSS
Exploits1References4
Nuclei
Nuclei
added 2 hours ago19 views

BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure

Beward N100 H.264 VGA IP Camera M2.1.6 contains an authenticated file disclosure vulnerability caused by improper validation of the 'READ.filePath' parameter in fileread script and SendCGICMD API, letting authenticated attackers read arbitrary system files. id: CVE-2019-25246 info: name: BEWARD...

8.8CVSS6AI score0.17393EPSS
Exploits1References3
CVE
CVE
added yesterday9 views

CVE-2026-13492

The CVE-2026-13492 entry concerns the WordPress UsersWP plugin (affected versions up to and including 1.2.65). The vulnerability arises from insufficient validation of file-field values in UsersWP_Validation::validate_fields(), which falls through to sanitize_text_field() for fields of type 'file...

8.8CVSS6AI score
Exploits0References8
EUVD
EUVD
added yesterday4 views

EUVD-2026-42686

The UsersWP plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 1.2.65. This is due to insufficient validation of file-field values in the UsersWPValidation::validatefields function which falls through to sanitizetextfield for fields of type 'file',...

8.8CVSS6AI score
Exploits0References8
Cvelist
Cvelist
added yesterday8 views

CVE-2026-13492 UsersWP <= 1.2.65 - Authenticated (Subscriber+) Arbitrary File Deletion via File Upload Field

The UsersWP plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 1.2.65. This is due to insufficient validation of file-field values in the UsersWPValidation::validatefields function which falls through to sanitizetextfield for fields of type 'file',...

8.8CVSS
Exploits0References8
CVE
CVE
added yesterday7 views

CVE-2026-12428

The CVE concerns the WordPress plugin Blocks for ACF Fields (versions up to 1.6.2). A missing capability check on the REST endpoint /wp-json/acf-field-blocks/v1/values (get_all_values) allows unauthorized access to ACF field data. The permission_callback only verifies publish_posts, and the handl...

6.5CVSS6.1AI score
Exploits0References8
Cvelist
Cvelist
added yesterday12 views

CVE-2026-14372 Bit Form <= 3.1.1 - Authenticated (Subscriber+) Arbitrary File Deletion via '_old' Parameter

The Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteFiles function in all versions up to, and including, 3.1.1 This makes it possible for...

7.1CVSS
Exploits0References13
Cvelist
Cvelist
added yesterday11 views

CVE-2026-9240 Colissimo Officiel : Méthodes de livraison pour WooCommerce <= 2.9.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order Shipment Modification via lpc_order_affect AJAX action

The Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateShippingMethod function registered to the wpajaxlpcorderaffect AJAX action in versions up to, and including, 2.9.0...

4.3CVSS
Exploits0References5
CVE
CVE
added yesterday9 views

CVE-2026-12433

The CVE describes a vulnerability in the Hydra Booking WordPress plugin (versions up to 1.2.1) where an Insecure Direct Object Reference in the /wp-json/hydra-booking/v1/booking/details/{id} endpoint allows authenticated hosts with the tfhb_manage_options capability to view booking records from o...

4.3CVSS5.9AI score0.00435EPSS
Exploits0References10
Rows per page
Query Builder