Lucene search
+L

3929 matches found

nuclei
nuclei
added 6 hours ago24 views

WPEngine WPGraphQL 0.2.3 - Unauthenticated Comment Posting

The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled. id: CVE-2019-9881 info: name: WPEngine WPGraphQL 0.2.3 - Unauthenticated Comment Posting author: intelligent-ears severity:...

5.3CVSS6.5AI score0.18832EPSS
Exploits3References4
nuclei
nuclei
added 6 hours ago39 views

Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion

A directory traversal vulnerability in the ZiMB Comment comzimbcomment component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1602 info: name: Joomla! Component...

7.5CVSS6.2AI score0.15695EPSS
Exploits1References5
nuclei
nuclei
added 6 hours ago108 views

Advanced Comment System 1.0 - Local File Inclusion

ACS Advanced Comment System 1.0 is affected by local file inclusion via an advancedcomponentsystem/index.php?ACSpath=..%2f URI. id: CVE-2020-35598 info: name: Advanced Comment System 1.0 - Local File Inclusion author: daffainfo severity: high description: ACS Advanced Comment System 1.0 is affect...

7.5CVSS7AI score0.21EPSS
Exploits2References5
nvd
nvd
added 11 hours ago5 views

CVE-2026-13042

The RPB Chessboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content in all versions up to, and including, 8.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

7.2CVSS
Exploits0References8
euvd
euvd
added 12 hours ago4 views

EUVD-2026-44865

The RPB Chessboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content in all versions up to, and including, 8.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

7.2CVSS6.2AI score
Exploits0References8
nessus
nessus
added 2 days ago2 views

openSUSE 16 Security Update : perl-DBI (openSUSE-SU-2026:21293-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21293-1 advisory. This update for perl-DBI fixes the following issues - CVE-2026-14380: unvalidated string eval interpolation of the Profile package name can lead...

9.1CVSS6.3AI score0.00498EPSS
Exploits0References6
euvd
euvd
added 3 days ago8 views

EUVD-2026-43288

The Tutor LMS WordPress plugin before 3.9.13 does not perform any authorization or post-target validation before creating a comment in one of its handlers, and stores the comment pre-approved, allowing authenticated users with subscriber-level access and above to post auto-approved comments...

4.3CVSS6.2AI score0.0017EPSS
Exploits0References2
nvd
nvd
added 3 days ago4 views

CVE-2026-12273

The Tutor LMS WordPress plugin before 3.9.13 does not perform any authorization or post-target validation before creating a comment in one of its handlers, and stores the comment pre-approved, allowing authenticated users with subscriber-level access and above to post auto-approved comments...

4.3CVSS0.0017EPSS
Exploits0References1
cvelist
cvelist
added 3 days ago33 views

CVE-2026-12273 Tutor LMS < 3.9.13 - Subscriber+ Arbitrary Auto-Approved Comment Creation

The Tutor LMS WordPress plugin before 3.9.13 does not perform any authorization or post-target validation before creating a comment in one of its handlers, and stores the comment pre-approved, allowing authenticated users with subscriber-level access and above to post auto-approved comments...

0.0017EPSS
Exploits0References1
cve
cve
added 3 days ago10 views

CVE-2026-12273

The CVE-2026-12273 entry concerns Tutor LMS for WordPress (MITRE CVE-2026-12273). Affected component: Tutor LMS WordPress plugin prior to version 3.9.13. Description details a lack of authorization checks and post-target validation in a comment-creation handler, resulting in pre-approved comments...

4.3CVSS6.2AI score0.0017EPSS
Exploits0References1
nvd
nvd
added 5 days ago5 views

CVE-2026-13114

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content and User Biographical Info in all versions up to, and including, 1.4.112 due to insufficient input sanitization and output escaping. This makes it possibl...

7.2CVSS0.00247EPSS
Exploits0References8
cve
cve
added 5 days ago13 views

CVE-2026-13114

CVE-2026-13114 affects the Motors – Car Dealership & Classified Listings Plugin for WordPress, vulnerable to an unauthenticated Stored Cross-Site Scripting (XSS) via Comment Content and User Biographical Info in all versions up to 1.4.112. The flaw arises from insufficient input sanitization and ...

7.2CVSS6.2AI score0.00247EPSS
Exploits0References8
cvelist
cvelist
added 5 days ago34 views

CVE-2026-13114 Motors <= 1.4.112 - Unauthenticated Stored Cross-Site Scripting via Comment Content and User Biographical Info

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content and User Biographical Info in all versions up to, and including, 1.4.112 due to insufficient input sanitization and output escaping. This makes it possibl...

7.2CVSS0.00247EPSS
Exploits0References8
ptsecurity
ptsecurity
added 5 days ago10 views

PT-2026-57376

Name of the Vulnerable Software and Affected Versions Motors – Car Dealership & Classified Listings Plugin versions prior to 1.4.113 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to perform Stored Cross-Site Scripting XSS. This occurs when arbitra...

7.2CVSS6.2AI score0.00247EPSS
Exploits0References12
osv
osv
added 6 days ago2 views

OPENSUSE-SU-2026:21293-1 Security update for perl-DBI

This update for perl-DBI fixes the following issues - CVE-2026-14380: unvalidated string eval interpolation of the Profile package name can lead to arbitrary Perl code execution bsc1271018. - CVE-2026-14740: one-byte out-of-bounds read when deleting an initial SQL comment line can lead to a proce...

9.1CVSS6.3AI score0.00498EPSS
Exploits0References4
euvd
euvd
added 2026/07/09 6:0 a.m.6 views

EUVD-2026-42509

The WP DSGVO Tools GDPR WordPress plugin before 3.1.40 does not perform an authorization check on the immediate-processing path of its data subject access request feature, allowing unauthenticated attackers to generate and download the full personal-data export including name, postal address, pho...

5.3CVSS6AI score0.00193EPSS
Exploits0References1
susecve
susecve
added 2026/07/09 3:9 a.m.9 views

SUSE CVE-2026-14740

DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byt...

6.5CVSS6.1AI score0.00407EPSS
Exploits0References4
fedora
fedora
added 2026/07/09 12:57 a.m.8 views

[SECURITY] Fedora 44 Update: perl-CSS-Minifier-XS-0.15-1.fc44

'CSS::Minifier::XS' is a CSS "minifier". It's designed to remove unnecessary white-space and comments from CSS files, while also not breaking the CSS. 'CSS::Minifier::XS' is similar in function to 'CSS::Minifier', but is substantially faster as it's written in XS and not just pure Perl...

6.5CVSS5.9AI score0.00238EPSS
Exploits0
cvelist
cvelist
added 2026/07/08 3:8 p.m.35 views

CVE-2026-54344 ToolJet GitHub Actions comment body shell injection exposes deployment secrets

ToolJet is an open-source low-code platform for building internal tools. Prior to 3.20.180, ToolJet's render preview deployment workflow interpolates github.event.comment.body directly into a bash conditional in a run step, allowing any GitHub user who can comment on an open pull request with a...

4.7CVSS0.00171EPSS
Exploits0References1
cve
cve
added 2026/07/08 3:8 p.m.8 views

CVE-2026-54344

CVE-2026-54344 affects ToolJet prior to version 3.20.180. The render preview deployment workflow interpolates github.event.comment.body directly into a bash conditional in a run step, enabling any GitHub user who can comment on an open PR with a deploy command to execute shell commands on the CI ...

4.7CVSS6.1AI score0.00171EPSS
Exploits0References1
Rows per page
Query Builder