Lucene search
K

817 matches found

HackRead
HackRead
added 2026/05/17 10:17 a.m.13 views

Grafana Says It Rejected Ransom Demand After Source Code Theft

Grafana says hackers stole its source code after accessing a GitHub token, but no customer data or systems were affected...

5.9AI score
Exploits0
NVD
NVD
added 2026/05/13 9:16 p.m.30 views

CVE-2026-45054

CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin orders-transactions listing page admin.php?g=orders&node=transactions builds a raw ORDER BY SQL fragment from the attacker-controlled $GET'sort' array without column or direction validation. Both the column key and the directio...

4.9CVSS0.00239EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/06 6:47 a.m.5 views

CVE-2026-7457

The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. This is due to insufficient input sanitization on the customer cabinet profile update endpoint — where raw POST parameters firstname, lastname, phone, notes bypass sanitizati...

6.4CVSS6AI score0.00339EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.16 views

PT-2026-37353

The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. This is due to insufficient input sanitization on the customer cabinet profile update endpoint — where raw POST parameters first name, last name, phone, notes bypass...

6.4CVSS6AI score0.00339EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.13 views

PT-2026-36876

Name of the Vulnerable Software and Affected Versions Easy PayPal Events & Tickets plugin for WordPress versions 1.3 and earlier Description An information disclosure issue exists in the QR code scanning endpoint. Unauthenticated attackers can enumerate and retrieve all customer order records by...

8.2CVSS5.9AI score0.00349EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/02 1:26 p.m.10 views

CVE-2026-3504

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/stores/id/reviews' REST API endpoint. This is due to the 'preparereviewsforresponse' method...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2026/04/27 2:19 p.m.8 views

Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack

Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group published data related to the company on the dark web. "Based on current evidence, we believe this data originated from Checkmarx's GitHub repository, and that...

5.9AI score
Exploits0
EUVD
EUVD
added 2026/04/23 9:32 a.m.4 views

EUVD-2026-25196

The HT Mega Addons for Elementor WordPress plugin before 3.0.7 contains an unauthenticated AJAX action returning some PII such as full name, city, state and country of customers who placed orders in the last 7 days...

5.3CVSS5.8AI score0.00742EPSS
Exploits1References2
NVD
NVD
added 2026/04/23 7:16 a.m.6 views

CVE-2026-4106

The HT Mega Addons for Elementor WordPress plugin before 3.0.7 contains an unauthenticated AJAX action returning some PII such as full name, city, state and country of customers who placed orders in the last 7 days...

5.3CVSS0.00742EPSS
Exploits1References1
CVE
CVE
added 2026/04/23 6:0 a.m.55 views

CVE-2026-4106

The HT Mega Addons for Elementor WordPress plugin is affected by CVE-2026-4106, with versions before 3.0.7 exposing an unauthenticated AJAX action that returns PII (e.g., full name, city, state, country) for customers who placed orders in the last 7 days. Impact is information disclosure of custo...

5.3CVSS5.8AI score0.00742EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/23 6:0 a.m.30 views

CVE-2026-4106 HT Mega < 3.0.7 – Unauthenticated PII Disclosure

The HT Mega Addons for Elementor WordPress plugin before 3.0.7 contains an unauthenticated AJAX action returning some PII such as full name, city, state and country of customers who placed orders in the last 7 days...

0.00742EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/23 6:0 a.m.3 views

CVE-2026-4106 HT Mega < 3.0.7 – Unauthenticated PII Disclosure

The HT Mega Addons for Elementor WordPress plugin before 3.0.7 contains an unauthenticated AJAX action returning some PII such as full name, city, state and country of customers who placed orders in the last 7 days...

5.8AI score0.00742EPSS
Exploits1References1
NVD
NVD
added 2026/04/21 5:16 p.m.6 views

CVE-2026-40570

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the loadcustomerinfo action in POST /conversation/ajax returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to retriev...

7.1CVSS0.00249EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/21 4:48 p.m.6 views

EUVD-2026-24173

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the loadcustomerinfo action in POST /conversation/ajax returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to retriev...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/21 4:48 p.m.33 views

CVE-2026-40570 FreeScout's Missing Authorization in load_customer_info Allows Any Authenticated User to Access Full Customer PII

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the loadcustomerinfo action in POST /conversation/ajax returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to retriev...

7.1CVSS0.00249EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/21 4:48 p.m.4 views

CVE-2026-40570

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the loadcustomerinfo action in POST /conversation/ajax returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to retriev...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/04/18 12:16 a.m.9 views

CVE-2026-2262

The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the /wp-json/wp/v2/eablocks/eaappointments/ REST API endpoint. This is due to the endpoint being registered with 'permissioncallback' = 'returntrue', which...

7.5CVSS0.0239EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/18 12:0 a.m.12 views

WordPress plugin Easy Appointments 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.5CVSS5.8AI score0.0239EPSS
Exploits0References2
CVE
CVE
added 2026/04/17 11:26 p.m.27 views

CVE-2026-2262

The Easy Appointments WordPress plugin (up to version 3.12.21) exposes sensitive customer data via the REST endpoint /wp-json/wp/v2/eablocks/ea_appointments/ because permission_callback is set to __return_true. This allows unauthenticated access to full names, email addresses, phone numbers, IP a...

7.5CVSS5.7AI score0.0239EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/17 11:26 p.m.3 views

CVE-2026-2262

The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the /wp-json/wp/v2/eablocks/eaappointments/ REST API endpoint. This is due to the endpoint being registered with 'permissioncallback' = 'returntrue', which...

7.5CVSS5.7AI score0.0239EPSS
Exploits0References7
Rows per page
Query Builder