Lucene search
K

5721 matches found

Nuclei
Nuclei
added yesterday20 views

WCAPF WooCommerce Ajax Product Filter - SQL Injection

WCAPF WooCommerce Ajax Product Filter = 4.2.3 contains a time-based SQL injection caused by insufficient escaping of the 'post-author' parameter, letting unauthenticated attackers extract sensitive database information remotely. id: CVE-2026-3396 info: name: WCAPF WooCommerce Ajax Product Filter ...

7.5CVSS6.1AI score0.01473EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday58 views

AeroCMS 0.1.1 - SQL Injection

AeroCMS 0.1.1 contains a SQL injection caused by unsanitized author parameter, letting attackers execute arbitrary SQL commands, exploit requires crafted author input. id: CVE-2022-38812 info: name: AeroCMS 0.1.1 - SQL Injection author: shivampand3y severity: medium description: | AeroCMS 0.1.1...

6.5CVSS6.8AI score0.02181EPSS
Exploits1References4
CVE
CVE
added yesterday8 views

CVE-2026-11390

Vulnerability summary (CVE-2026-11390): News Kit Addons For Elementor (WordPress) versions up to 1.4.6 are affected by a stored cross-site scripting (XSS) flaw in the Site Logo Title and Single Author Box widgets. The root cause is insufficient input sanitization and output escaping. Exploitation...

6.4CVSS6.2AI score0.00252EPSS
Exploits0References9
EUVD
EUVD
added yesterday5 views

EUVD-2026-43611

The News Kit Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Site Logo Title and Single Author Box Widgets in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6.2AI score0.00252EPSS
Exploits0References9
Cvelist
Cvelist
added yesterday12 views

CVE-2026-11390 News Kit Addons For Elementor <= 1.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Logo Title and Single Author Box Widgets

The News Kit Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Site Logo Title and Single Author Box Widgets in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00252EPSS
Exploits0References9
NVD
NVD
added 2 days ago3 views

CVE-2026-57420

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Netrr Author Box WP Lens author-box-for-divi allows Stored XSS.This issue affects Author Box WP Lens: from n/a through = 2.1.5...

6.5CVSS0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-57420 WordPress Author Box WP Lens plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Netrr Author Box WP Lens author-box-for-divi allows Stored XSS.This issue affects Author Box WP Lens: from n/a through = 2.1.5...

6.5CVSS0.00161EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-57420

CVE-2026-57420 concerns a Stored XSS in the WordPress plugin Author Box WP Lens (component: author-box-for-divi). The vulnerability arises from improper neutralization of input during web page generation, enabling stored cross-site scripting. Affected range is WordPress users running versions

6.5CVSS6.1AI score0.00161EPSS
Exploits0References1
Circl
Circl
added 3 days ago13 views

CVE-2026-15497

creationtimestamp| type| source ---|---|--- 2026-07-12 12:34:58+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqh6tualzg2y 2026-07-13 11:39:39+00:00| seen| https://bsky.app/profile/cybersecinsight.bsky.social/post/3mqjm7tmvg52c 2026-07-14 00:38:18+00:00| seen|...

7.5CVSS7AI score0.00394EPSS
Exploits0References3
NVD
NVD
added 4 days ago8 views

CVE-2026-2354

The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file upload due to a flawed file type validation bypass in the uploadextensionfiles function in all versions up to, and including, 1.4.6. The uploadextensionfiles function hooks into WordPress's wpcheckfiletypeandext filter...

8.8CVSS0.00553EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-2354 Swiss Toolkit For WP <= 1.4.6 - Authenticated (Author+) Arbitrary File Upload via upload_extension_files()

The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file upload due to a flawed file type validation bypass in the uploadextensionfiles function in all versions up to, and including, 1.4.6. The uploadextensionfiles function hooks into WordPress's wpcheckfiletypeandext filter...

8.8CVSS0.00553EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-43120

The SimpLy Gallery Block & Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block attributes in all versions up to, and including, 3.3.3.2. This is due to insufficient input sanitization and output escaping on the sliderMaxHeight block attribute in the...

6.4CVSS6.2AI score0.00259EPSS
Exploits0References10
Metasploit
Metasploit
added 5 days ago20 views

FTP Fetch

Fetch and execute an x86 payload from an FTP server. Module Options msf use payload/cmd/windows/ftp/x86/loadlibrary msf payloadloadlibrary show actions ...actions... msf payloadloadlibrary set ACTION msf payloadloadlibrary show options ...show and set options... msf payloadloadlibrary run This...

6.2AI score
Exploits0
Metasploit
Metasploit
added 5 days ago16 views

FTP Fetch, Windows MessageBox x64

Fetch and execute an x64 payload from an FTP server. Spawn a dialog via MessageBox using a customizable title, text & icon Module Options msf use payload/cmd/windows/ftp/x64/messagebox msf payloadmessagebox show actions ...actions... msf payloadmessagebox set ACTION msf payloadmessagebox show...

6.2AI score
Exploits0
NVD
NVD
added 5 days ago6 views

CVE-2026-11992

The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with author-level...

4.3CVSS0.0028EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-11992

The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with author-level...

4.3CVSS6.1AI score0.0028EPSS
Exploits0References10
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago6 views

Malicious code in cookie-parser-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6c2bd7c1b5b363e72753401f6edebf816965a625227e6523210e4620ce9bb8a cookie-parser-js impersonates the widely used cookie-parser package: it copies TJ Holowaychuk / Doug Wilson author metadata, the description, the...

6.6AI score
Exploits0References7
NVD
NVD
added 6 days ago8 views

CVE-2026-12428

The Blocks for ACF Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getallvalues function in the /wp-json/acf-field-blocks/v1/values REST endpoint in versions up to, and including, 1.6.2. The permissioncallback only verifies the...

6.5CVSS0.00285EPSS
Exploits0References8
Veracode
Veracode
added 6 days ago7 views

Improper Authorization

github.com/coder/coder is vulnerable to Improper Authorization. The vulnerability is due to insufficient validation in the UpsertWorkspaceApp and insertAgentApp functions, which fail to verify that a supplied application ID belongs to the workspace being built before performing a cross-workspace...

8.7CVSS6AI score0.00508EPSS
Exploits0References9Affected Software2
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-12428 Blocks for ACF Fields <= 1.6.2 - Missing Authorization to Authenticated (Author+) Arbitrary ACF Field Value Disclosure via 'id' Parameter

The Blocks for ACF Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getallvalues function in the /wp-json/acf-field-blocks/v1/values REST endpoint in versions up to, and including, 1.6.2. The permissioncallback only verifies the...

6.5CVSS0.00285EPSS
Exploits0References8
Rows per page
Query Builder