Lucene search
+L

158633 matches found

euvd
euvd
added yesterday3 views

EUVD-2026-45005

An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. The vacation "fcc" feature skips the destination-mailbox ACL. A user whose vacation Sieve script used :fcc to save a copy of the sent message could deliver vacation auto-reply copies into any mailbox the script could name,...

5.4CVSS6.1AI score
Exploits0References3
nuclei
nuclei
added yesterday57 views

WordPress Car Seller - Auto Classifieds Script - SQL Injection

The requestlistrequest AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitize, validate or escape the orderid POST parameter before using it in a SQL statement, leading to a SQL injection...

9.8CVSS7AI score0.14697EPSS
Exploits2References5
nuclei
nuclei
added yesterday64 views

G Auto-Hyperlink <= 1.0.1 - SQL Injection

The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection id: CVE-2021-24627 info: name: G Auto-Hyperlink = 1.0.1 - SQL...

7.2CVSS7AI score0.06561EPSS
Exploits2References4
nuclei
nuclei
added yesterday10 views

Social Auto Poster <= 5.3.14 - Stored Cross-Site Scripting

Social Auto Poster plugin for WordPress versions up to 5.3.14 contains a stored cross-site scripting caused by insufficient sanitization and escaping of 'mapTypes' parameter in the 'wpwautopostermapwordpressposttype' AJAX function, letting unauthenticated attackers inject and execute arbitrary...

7.2CVSS6.2AI score0.00829EPSS
Exploits0References3
nuclei
nuclei
added yesterday79 views

Ametys CMS Information Disclosure

Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/domain/en.xml and similar pathnames for other languages via the auto-completion plugin, which contain all characters typed by all users, including the content of...

5.3CVSS6.2AI score0.13372EPSS
Exploits2References5
euvd
euvd
added yesterday5 views

EUVD-2026-44876

The Abandoned Cart Lite for WooCommerce WordPress plugin before 6.8.2 does not protect the integrity of its cart-recovery tokens or bind them to the requesting account, allowing unauthenticated attackers to forge a recovery link that logs them in as another user when the automatic-login option is...

8.1CVSS6.1AI score0.00136EPSS
Exploits0References1
nvd
nvd
added yesterday6 views

CVE-2026-12941

The MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS0.00254EPSS
Exploits0References5
cve
cve
added yesterday7 views

CVE-2026-12941

The MultiVendorX plugin for WordPress (WooCommerce Multivendor) ≤ 5.0.9 is vulnerable to a generic SQL Injection via the order_by parameter. Root cause: insufficient escaping of user input and lack of proper query preparation. Attack requires an authenticated user with subscriber-level access; vi...

6.5CVSS6.1AI score0.00254EPSS
Exploits0References5
euvd
euvd
added yesterday4 views

EUVD-2026-44860

The MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS6.1AI score0.00254EPSS
Exploits0References5
cve
cve
added 2 days ago10 views

CVE-2026-53516

Summary: CVE-2026-53516 affects Better Auth (

8.3CVSS6.1AI score0.00236EPSS
Exploits0References4
cvelist
cvelist
added 2 days ago32 views

CVE-2026-53516 Better Auth: Account takeover via OAuth auto-link to unverified pre-registered email

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, Better Auth's OAuth callback auto-link gate in handleOAuthUserInfo accepts implicit account linking when the OAuth provider asserts emailverified: true without requiring the local user row's emailVerified...

8.3CVSS0.00236EPSS
Exploits0References4
cvelist
cvelist
added 2 days ago35 views

CVE-2026-12281 Shibboleth < 2.5.4 - Unauthenticated Administrator Account Creation via Identity Header Spoofing

The Shibboleth WordPress plugin before 2.5.4 does not fail closed when its HTTP header identity mode is enabled without an anti-spoofing key, treating any request that carries identity headers as an authenticated session without verifying them. On a deployment where untrusted client headers reach...

0.00231EPSS
Exploits0References1
nvd
nvd
added 3 days ago9 views

CVE-2026-15752

A vulnerability was found in zhinianboke xianyu-auto-reply up to dcb445ad97816ad65299a7580ee0c8c8f929da84. Affected is an unknown function of the file /api/v1/users/ of the component Backend User Endpoint. Performing a manipulation results in missing authorization. The attack may be initiated...

7.5CVSS0.00297EPSS
Exploits0References7
nvd
nvd
added 3 days ago7 views

CVE-2026-15753

A vulnerability was determined in zhinianboke xianyu-auto-reply on Server. Affected by this vulnerability is an unknown functionality of the file /api/v1/payment/withdraw/review?action=approve. Executing a manipulation can lead to trusting http permission methods on the server side. The attack ma...

5.5CVSS0.00261EPSS
Exploits0References7
cvelist
cvelist
added 3 days ago40 views

CVE-2026-15753 zhinianboke xianyu-auto-reply review approve trusting http permission methods on the server side

A vulnerability was determined in zhinianboke xianyu-auto-reply on Server. Affected by this vulnerability is an unknown functionality of the file /api/v1/payment/withdraw/review?action=approve. Executing a manipulation can lead to trusting http permission methods on the server side. The attack ma...

5.5CVSS0.00261EPSS
Exploits0References7
cvelist
cvelist
added 3 days ago37 views

CVE-2026-15752 zhinianboke xianyu-auto-reply Backend User Endpoint users authorization

A vulnerability was found in zhinianboke xianyu-auto-reply up to dcb445ad97816ad65299a7580ee0c8c8f929da84. Affected is an unknown function of the file /api/v1/users/ of the component Backend User Endpoint. Performing a manipulation results in missing authorization. The attack may be initiated...

7.5CVSS0.00297EPSS
Exploits0References7
nvd
nvd
added 3 days ago3 views

CVE-2026-49800

Integer overflow or wraparound in Windows Web Proxy Auto-Discovery Protocol WPAD allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00245EPSS
Exploits0References1
cvelist
cvelist
added 3 days ago23 views

CVE-2026-49800 Windows Web Proxy Auto-Discovery Protocol (WPAD) Elevation of Privilege Vulnerability

...

7.8CVSS0.00245EPSS
Exploits0References1
vulnrichment
vulnrichment
added 3 days ago2 views

CVE-2026-49800 Windows Web Proxy Auto-Discovery Protocol (WPAD) Elevation of Privilege Vulnerability

...

7.8CVSS6.1AI score0.00245EPSS
Exploits0References1
ptsecurity
ptsecurity
added 3 days ago5 views

PT-2026-58455

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A heap-based buffer overflow exists in the Windows Web Proxy Auto-Discovery Protocol WPAD. This flaw allows an authorized attacker with local access to elevate their privileges on the system....

7.8CVSS6.2AI score0.00245EPSS
Exploits0References3
Rows per page
Query Builder