Lucene search
K

832 matches found

NVD
NVD
added yesterday4 views

CVE-2026-57624

Unauthenticated Remote Code Execution RCE in Blocksy Companion Pro = 2.1.46 versions...

10CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday13 views

CVE-2026-57624 WordPress Blocksy Companion Pro plugin <= 2.1.46 - Remote Code Execution (RCE) vulnerability

Unauthenticated Remote Code Execution RCE in Blocksy Companion Pro = 2.1.46 versions...

10CVSS
Exploits0References1
EUVD
EUVD
added yesterday3 views

EUVD-2026-41278

Unauthenticated Remote Code Execution RCE in Blocksy Companion Pro = 2.1.46 versions...

10CVSS5.9AI score
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-57624

CVE-2026-57624 : Unauthenticated Remote Code Execution in WordPress Blocksy Companion Pro plugin (versions

10CVSS5.9AI score
In wildExploits0References1
Nuclei
Nuclei
added yesterday24 views

Companion Sitemap Generator < 4.5.3 - Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2023-1780 info: name: Companion Sitemap Generator 4.5.3 - Cross-Site Scripting author:...

6.1CVSS6.6AI score0.01019EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday22 views

Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation

The plugin does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary plugins from the WordPress.org repo, including vulnerable plugins that have been closed. id: CVE-2024-11972 info: name: Hunk Companion 1.9.0 - Unauthenticated Plugi...

9.8CVSS7.7AI score0.54754EPSS
Exploits5References4
Nuclei
Nuclei
added yesterday25 views

Hunk Companion <= 1.8.4 - Arbitrary Plugin Installation

The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to...

9.8CVSS8.2AI score0.09137EPSS
Exploits2References5
Patchstack
Patchstack
added yesterday8 views

WordPress Blocksy Companion plugin <= 2.1.46 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Blocksy Companion versions = 2.1.46...

5.8AI score
Exploits0References1Affected Software1
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-55844 Home Assistant: iOS Companion App ignores internal SSID allowlist for connections – possible leak of access token and sensor data

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2025.5.0, The iOS companion app ignores the SSID allowlist for internal networks. The app uses SSID to detect when to use the internal URL, but whenever the app cannot find any other URL to ...

7.5CVSS0.00161EPSS
Exploits0References1
NVD
NVD
added last week7 views

CVE-2026-57630

Unauthenticated Insecure Direct Object References IDOR in Blocksy Companion Pro = 2.1.46 versions...

5.3CVSS0.00228EPSS
Exploits0References1
NVD
NVD
added last week5 views

CVE-2026-57315

Contributor Remote Code Execution RCE in Blocksy Companion Pro = 2.1.45 versions...

8.5CVSS0.00351EPSS
Exploits0References1
NVD
NVD
added last week6 views

CVE-2026-54832

Unauthenticated Broken Access Control in Gutenverse Companion = 2.5.0 versions...

7.5CVSS0.00238EPSS
Exploits0References1
EUVD
EUVD
added last week4 views

EUVD-2026-39746

Unauthenticated Insecure Direct Object References IDOR in Blocksy Companion Pro = 2.1.46 versions...

5.3CVSS5.8AI score0.00228EPSS
Exploits0References1
Cvelist
Cvelist
added last week39 views

CVE-2026-57630 WordPress Blocksy Companion Pro plugin <= 2.1.46 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in Blocksy Companion Pro = 2.1.46 versions...

5.3CVSS0.00228EPSS
Exploits0References1
CVE
CVE
added last week15 views

CVE-2026-57630

CVE-2026-57630 describes an Unauthenticated Insecure Direct Object References (IDOR) vulnerability in the WordPress plugin Blocksy Companion Pro (versions

5.3CVSS5.8AI score0.00228EPSS
Exploits0References1
EUVD
EUVD
added last week4 views

EUVD-2026-39728

Contributor Remote Code Execution RCE in Blocksy Companion Pro = 2.1.45 versions...

8.5CVSS5.9AI score0.00351EPSS
Exploits0References1
Cvelist
Cvelist
added last week30 views

CVE-2026-57315 WordPress Blocksy Companion Pro plugin <= 2.1.45 - Remote Code Execution (RCE) vulnerability

Contributor Remote Code Execution RCE in Blocksy Companion Pro = 2.1.45 versions...

8.5CVSS0.00351EPSS
Exploits0References1
CVE
CVE
added last week13 views

CVE-2026-57315

CVE-2026-57315 affects the WordPress Blocksy Companion Pro plugin up to version 2.1.45. The connected sources confirm a Remote Code Execution (RCE) vulnerability in this product/version, but do not provide details on root cause, affected files, exploitation steps, or available mitigations. The CV...

8.5CVSS5.9AI score0.00351EPSS
Exploits0References1
EUVD
EUVD
added last week3 views

EUVD-2026-39676

Unauthenticated Broken Access Control in Gutenverse Companion = 2.5.0 versions...

7.5CVSS5.8AI score0.00238EPSS
Exploits0References1
Cvelist
Cvelist
added last week30 views

CVE-2026-54832 WordPress Gutenverse Companion plugin <= 2.5.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Gutenverse Companion = 2.5.0 versions...

7.5CVSS0.00238EPSS
Exploits0References1
Rows per page
Query Builder