Lucene search
K

515 matches found

Nuclei
Nuclei
added yesterday15 views

Login Configurator <=2.1 - Cross-Site Scripting

Login Configurator WordPress plugin = 2.1 contains a reflected cross-site scripting caused by improper escaping of URL parameter before outputting it to the page, letting attackers execute scripts in the context of site administrators, exploit requires victim to visit a malicious URL. id:...

6.1CVSS6.7AI score0.00712EPSS
Exploits3References3
Nuclei
Nuclei
added 3 days ago21 views

Oracle E-Business Suite - Server-Side Request Forgery

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite component: Runtime UI. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. id:...

7.5CVSS7AI score0.97788EPSS
Exploits6References5
NVD
NVD
added 2026/07/01 7:16 a.m.9 views

CVE-2026-11568

The Product Configurator for WooCommerce WordPress plugin before 1.7.3 does not perform any authorisation or post-status check before returning WooCommerce product data through a public AJAX action, allowing unauthenticated users to retrieve the data title, price, weight, stock status, and...

7.5CVSS0.00284EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 6:0 a.m.16 views

CVE-2026-11568

The Product Configurator for WooCommerce WordPress plugin prior to 1.7.3 exposes protected product data via a public AJAX action without any authorization or post-status checks. Unauthenticated users can retrieve data for private and draft (non-public) products by supplying the product ID, bypass...

7.5CVSS5.8AI score0.00284EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 6:0 a.m.40 views

CVE-2026-11568 Product Configurator for WooCommerce < 1.7.3 - Unauthenticated Private/Draft Product Data Disclosure via pc_get_data

The Product Configurator for WooCommerce WordPress plugin before 1.7.3 does not perform any authorisation or post-status check before returning WooCommerce product data through a public AJAX action, allowing unauthenticated users to retrieve the data title, price, weight, stock status, and...

0.00284EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 1:39 p.m.7 views

CLEANSTART-2026-FP26400 Security fixes for CVE-2025-68121, CVE-2026-25679, CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-27142, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501 applied in versions: 2.4.4-r0, 2.4.4-r1, 2.9.0-r0

Multiple security vulnerabilities affect the newrelic-prometheus-configurator package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS7.4AI score0.00813EPSS
Exploits1References37
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.11 views

CVE-2026-34274

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successf...

6.1CVSS7.3AI score0.00179EPSS
Exploits0References1
OSV
OSV
added 2026/05/18 1:47 p.m.16 views

CLEANSTART-2026-SP88135 Security fixes for CVE-2025-68121, CVE-2026-25679, CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-27142 applied in versions: 2.4.4-r0, 2.4.4-r1

Multiple security vulnerabilities affect the newrelic-prometheus-configurator package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS5.8AI score0.00765EPSS
Exploits1References13
EUVD
EUVD
added 2026/04/21 9:31 p.m.5 views

EUVD-2026-24349

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successf...

6.1CVSS5.8AI score0.00179EPSS
Exploits0References2
NVD
NVD
added 2026/04/21 9:16 p.m.5 views

CVE-2026-34274

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successf...

6.1CVSS0.00179EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/21 8:35 p.m.3 views

CVE-2026-34274

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successf...

6.1CVSS5.8AI score0.00179EPSS
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2026/04/21 8:0 p.m.7 views

com.aegisql:conveyor-configurator (>=1.5.1 <=1.5.2), com.datastax.oss.quarkus:cassandra-quarkus-client (>=1.0.1 <=1.0.4) +2043 more potentially affected by CVE-2026-22013 via org.graalvm.sdk:graal-sdk (>=21.0.0 <=21.0.0.2)

org.graalvm.sdk:graal-sdk MAVEN version =21.0.0, =1.5.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.3, =1.0.1, =1.0.1, =1.0.1, =4.11.0, =1.2.0, =1.2.0, =1.4.0 and more Source cves: CVE-2026-22013 Source advisory: SNYK:JAVA-ORGGRAALVMSDK-...

5.3CVSS7.2AI score0.0028EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/21 8:0 p.m.9 views

com.aegisql:conveyor-configurator (>=1.5.1 <=1.5.2), com.datastax.oss.quarkus:cassandra-quarkus-client (>=1.0.1 <=1.0.4) +2043 more potentially affected by CVE-2026-22007 via org.graalvm.sdk:graal-sdk (>=21.0.0 <=21.0.0.2)

org.graalvm.sdk:graal-sdk MAVEN version =21.0.0, =1.5.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.3, =1.0.1, =1.0.1, =1.0.1, =4.11.0, =1.2.0, =1.2.0, =1.4.0 and more Source cves: CVE-2026-22007 Source advisory: SNYK:JAVA-ORGGRAALVMSDK-...

2.9CVSS7.2AI score0.00124EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/21 8:0 p.m.8 views

com.aegisql:conveyor-configurator (>=1.5.1 <=1.5.2), com.datastax.oss.quarkus:cassandra-quarkus-client (>=1.0.1 <=1.0.4) +2043 more potentially affected by CVE-2026-22018 via org.graalvm.sdk:graal-sdk (>=21.0.0 <=21.0.0.2)

org.graalvm.sdk:graal-sdk MAVEN version =21.0.0, =1.5.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.3, =1.0.1, =1.0.1, =1.0.1, =4.11.0, =1.2.0, =1.2.0, =1.4.0 and more Source cves: CVE-2026-22018 Source advisory: SNYK:JAVA-ORGGRAALVMSDK-...

3.7CVSS7.2AI score0.00269EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/21 8:0 p.m.8 views

com.aegisql:conveyor-configurator (>=1.5.1 <=1.5.2), com.datastax.oss.quarkus:cassandra-quarkus-client (>=1.0.1 <=1.0.4) +2043 more potentially affected by CVE-2026-34268 via org.graalvm.sdk:graal-sdk (>=21.0.0 <=21.0.0.2)

org.graalvm.sdk:graal-sdk MAVEN version =21.0.0, =1.5.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.3, =1.0.1, =1.0.1, =1.0.1, =4.11.0, =1.2.0, =1.2.0, =1.4.0 and more Source cves: CVE-2026-34268 Source advisory: SNYK:JAVA-ORGGRAALVMSDK-...

2.9CVSS7.2AI score0.00122EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.8 views

PT-2026-34098

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successf...

6.1CVSS5.8AI score0.00179EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.11 views

Oracle Configurator 安全漏洞

Oracle Configurator is a product service provided by Oracle Corporation in the United States. It enables proactive collection of customer needs and management for Oracle products. This service is part of systems such as the Oracle Ordering System and the Oracle Customer Management System. Version...

6.1CVSS7.2AI score0.00179EPSS
Exploits0References2
OSV
OSV
added 2026/04/01 9:33 a.m.5 views

CLEANSTART-2026-BC17682 Security fixes for CVE-2025-68121, CVE-2026-25679, CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-27142 applied in versions: 2.4.4-r0, 2.4.4-r1

Multiple security vulnerabilities affect the newrelic-prometheus-configurator package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS7.1AI score0.00765EPSS
Exploits1References13
RedhatCVE
RedhatCVE
added 2026/03/26 5:3 p.m.4 views

CVE-2026-32501

Missing Authorization vulnerability in wp-configurator WP Configurator Pro wp-configurator-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Configurator Pro: from n/a through = 3.7.9...

7.1CVSS5.8AI score0.00219EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:18 p.m.6 views

CVE-2026-29104

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, SuiteCRM contains an authenticated arbitrary file upload vulnerability in the Configurator module. An authenticated administrator can bypass intended file ty...

2.7CVSS5.7AI score0.0023EPSS
Exploits0References1
Rows per page
Query Builder