Lucene search
K

106 matches found

NVD
NVD
added 5 days ago7 views

CVE-2026-58493

grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, Database::call builds PDO DSN strings by directly concatenating user-configurable YAML values from fields such as host, dbname, charset, server, database, directory, and filename without sanitization or validation, allowing...

5.1CVSS0.00288EPSS
Exploits0References3
NVD
NVD
added 5 days ago7 views

CVE-2026-58492

grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, the PDO::tableExists method interpolates its table argument directly into a raw SQL query string without sanitization, escaping, quoting, or whitelisting, allowing attacker-controlled table names passed by consuming plugin ...

9.2CVSS0.00302EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-58492 grav-plugin-database: SQL Injection in PDO::tableExists() due to Unsanitized Table Name Interpolation

grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, the PDO::tableExists method interpolates its table argument directly into a raw SQL query string without sanitization, escaping, quoting, or whitelisting, allowing attacker-controlled table names passed by consuming plugin ...

9.2CVSS0.00302EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.36 views

CVE-2026-57669 WordPress Advanced Contact form 7 DB plugin <= 2.0.9 - Broken Access Control vulnerability

Subscriber Broken Access Control in Advanced Contact form 7 DB = 2.0.9 versions...

6.5CVSS0.0034EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:15 a.m.22 views

CVE-2026-57669

The affected software is the WordPress plugin Advanced Contact form 7 DB (versions

6.5CVSS5.8AI score0.0034EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.38 views

CVE-2026-12094 Advanced Contact Form 7 <= 1.0.0 - Missing Authorization to Unauthenticated Arbitrary Contact Form Submission Deletion via 'form_id' Parameter

The Advanced Contact Form 7 - Compact DB plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the cf7cdbajaxdeleteuser function in versions up to, and including, 1.0.0. The handler is registered against both wpajaxcf7cdbdelete and...

5.3CVSS0.00295EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.20 views

PT-2026-51128

Name of the Vulnerable Software and Affected Versions Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress versions prior to 1.5.2 Description Insufficient file path validation in the view page function allows unauthenticated attackers to delete arbitrary files on the server...

8.1CVSS6.3AI score0.00662EPSS
Exploits0References14
EUVD
EUVD
added 2026/06/11 8:33 p.m.15 views

EUVD-2026-34901

AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance...

8.6CVSS5.4AI score0.00305EPSS
Exploits0References4
Veracode
Veracode
added 2026/06/09 7:49 a.m.14 views

Privilege Escalation

AWS Advanced JDBC Wrapper is vulnerable to Privilege Escalation. The vulnerability is due to an untrusted search path issue in the GlobalDatabasePlugin, where a low-privileged authenticated user can create a crafted function that is executed when another user connects through the affected wrapper...

8.6CVSS5.5AI score0.00305EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/06/05 8:17 p.m.13 views

CVE-2026-11401

An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rdssuperuser, via a crafted function created by the...

8.6CVSS0.00305EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/05 7:7 p.m.31 views

CVE-2026-11400 Privilege Escalation in AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL

An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rdssuperuser, via a crafted function created by the...

8.6CVSS0.00305EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.17 views

PT-2026-47035

Name of the Vulnerable Software and Affected Versions AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL versions prior to 2026-05-26 Description An untrusted search path issue exists in the GlobalDatabasePlugin. This allows a remote authenticated low-privilege actor to escalate privileges to...

8.6CVSS5.5AI score0.00305EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.11 views

Amazon Web Services JDBC Driver 安全漏洞

The Amazon Web Services JDBC Driver is an open-source Go language wrapper developed by Amazon Web Services. There is a security vulnerability in the Amazon Web Services JDBC Driver, which stems from an unreliable search path issue in the GlobalDatabasePlugin. This vulnerability allows remote,...

8.6CVSS5.3AI score0.00305EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 7:16 a.m.18 views

CVE-2026-8845

The Islamic Database plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'islamicDB-roqya' shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user-supplied 'width' and 'height' shortcode attributes within th...

6.4CVSS0.00187EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/27 5:31 a.m.12 views

CVE-2026-8845 Islamic Database <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Islamic Database plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'islamicDB-roqya' shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user-supplied 'width' and 'height' shortcode attributes within th...

6.4CVSS6AI score0.00187EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 5:31 a.m.10 views

EUVD-2026-32081

The Islamic Database plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'islamicDB-roqya' shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user-supplied 'width' and 'height' shortcode attributes within th...

6.4CVSS6AI score0.00187EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

WordPress plugin Islamic Database 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.00187EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/04/09 9:44 p.m.7 views

WordPress Advanced CF7 DB plugin <= 2.0.9 - Missing Authorization to Authenticated (Subscriber+) Form Submissions Excel Export vulnerability

Missing Authorization to Authenticated Subscriber+ Form Submissions Excel Export vulnerability discovered by Kai Aizen in WordPress Plugin Advanced Contact form 7 DB versions = 2.0.9...

4.3CVSS5.9AI score0.00303EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.8 views

PT-2026-20587

Name of the Vulnerable Software and Affected Versions Tablesome Table – Contact Form DB plugin for WordPress versions 0.5.4 through 1.2.1 Description The Tablesome Table – Contact Form DB plugin for WordPress has a flaw where a missing capability check in the get table data function allows...

8.8CVSS5.2AI score0.00356EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/09 12:33 p.m.13 views

CVE-2023-31235

Cross-Site Request Forgery CSRF vulnerability in Roland Barker, xnau webdesign Participants Database plugin = 2.4.9 versions...

8.8CVSS8.5AI score0.00339EPSS
Exploits0References1
Rows per page
Query Builder