Lucene search
+L

1468 matches found

NVD
NVD
added 2026/05/15 7:17 p.m.19 views

CVE-2026-45800

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an authenticated SQL injection issue in the frontend user order history page in Vvveb CMS. A normal frontend user can log in and access /user/orders. The orderby and...

8.7CVSS0.00265EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.13 views

PT-2026-41373

ORSEE Online Recruitment System for Economic Experiments 3.1.0 contains an authenticated Remote Code Execution vulnerability in the participant profile field processing subsystem. Certain field configurations accept values beginning with the prefix "func:" which are passed directly into an eval...

5.8AI score0.00343EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/15 12:0 a.m.10 views

CVE-2025-67031

ORSEE Online Recruitment System for Economic Experiments 3.1.0 contains an authenticated Remote Code Execution vulnerability in the participant profile field processing subsystem. Certain field configurations accept values beginning with the prefix "func:" which are passed directly into an eval...

5.8AI score0.00343EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/14 6:26 p.m.16 views

NPM: Apostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget

NPM: Apostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget vulnerability discovered by ? in WordPress Npm apostrophe versions = 4.29.0...

5.8AI score0.00197EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/14 10:33 a.m.16 views

WordPress InfusedWoo Pro plugin <= 5.1.2 - Authenticated (Subscriber+) Missing Authorization to Privilege Escalation vulnerability

Authenticated Subscriber+ Missing Authorization to Privilege Escalation vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin InfusedWoo Pro versions = 5.1.2...

8.8CVSS5.8AI score0.0029EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/14 10:10 a.m.14 views

WordPress Motors – Car Dealership & Classified Listings Plugin plugin <= 1.4.107 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Leonid Semenenko lsemenenko in WordPress Plugin Motors versions = 1.4.107...

8.1CVSS5.8AI score0.00256EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/14 12:0 a.m.20 views

WordPress The7 — Website and eCommerce Builder for WordPress theme <= 14.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by João Pedro Soares de Alcântara - Kinorth in WordPress Theme The7 versions = 14.3.2...

6.4CVSS5.8AI score0.00281EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/13 7:53 p.m.12 views

WordPress Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin <= 1.7.1058 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Romain Deperne ang3L in WordPress Plugin Royal Elementor Addons versions = 1.7.1058...

6.4CVSS5.8AI score0.00255EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/13 2:42 p.m.12 views

WordPress Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More plugin <= 1.12.4 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Envira Photo Gallery versions = 1.12.4...

6.4CVSS5.8AI score0.0035EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/13 2:22 p.m.13 views

WordPress Unlimited Elements For Elementor plugin <= 2.0.7 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by Nguyen Truong Roll in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 2.0.7...

6.5CVSS5.9AI score0.00492EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

Joomsky Joomla J2 JOBS SQL注入漏洞

Joomsky Joomla J2 JOBS is a Joomla recruitment and job posting management component provided by Joomsky Inc. Version 1.3.0 of Joomsky Joomla J2 JOBS contains a SQL injection vulnerability. This vulnerability stems from authenticated SQL injection attacks, allowing authenticated attackers to injec...

7.1CVSS5.9AI score0.00273EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/13 12:0 a.m.14 views

WordPress The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin <= 6.4.11 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by daroo in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 6.4.11...

6.4CVSS5.8AI score0.00205EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.13 views

PT-2026-40803

CubeCart is an ecommerce software solution. Prior to 6.6.0, Authenticated Time-Based Blind SQL Injection vulnerabilities were identified in the sorting parameters sortprice, sort activity, sort admin, and sort customer of the Products and Logs endpoints in CubeCart v6.x. This allows an attacker t...

7.2CVSS6.2AI score0.00307EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 7:9 p.m.6 views

CVE-2026-44863 Authenticated Remote Code Execution via SQL Injection in AOS-8 and AOS-10 Operating Systems

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

7.2CVSS6.2AI score0.00315EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 7:4 p.m.17 views

CVE-2026-44859

CVE-2026-44859 describes stack-based buffer overflow vulnerabilities in management service components of AOS-8 and AOS-10 exposed via CLI. An authenticated administrator can exploit by sending specially crafted requests to affected services, potentially executing arbitrary code with elevated priv...

7.2CVSS6.4AI score0.0036EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/12 3:29 p.m.13 views

WordPress Broadstreet plugin <= 1.53.1 - Authenticated (Subscriber+) Information Disclosure vulnerability

Authenticated Subscriber+ Information Disclosure vulnerability discovered by greenhats - Student in WordPress Plugin Broadstreet Ads versions = 1.53.1...

5.3CVSS5.8AI score0.0027EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/12 7:48 a.m.18 views

CVE-2026-4920

The CVE describes a stored cross-site scripting vulnerability in the WordPress plugin Next Date (versions

6.4CVSS6AI score0.00187EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/05/12 12:0 a.m.20 views

WordPress WPC Badge Management for WooCommerce plugin <= 3.1.6 - Authenticated (Shop Manager+) Stored Cross-Site Scripting vulnerability

Authenticated Shop Manager+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin WPC Badge Management for WooCommerce versions = 3.1.6...

5.5CVSS5.8AI score0.00207EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/11 7:10 p.m.10 views

WordPress WP SEO Structured Data Schema plugin <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP SEO Structured Data Schema versions = 2.8.1...

4.9CVSS5.8AI score0.00229EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/11 7:4 p.m.9 views

WordPress Shortcodely plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Shortcodely versions = 1.0.1...

6.4CVSS5.8AI score0.00201EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder