Lucene search
+L

12591 matches found

nvd
nvd
added 5 hours ago5 views

CVE-2026-15727

The WP Bulk Delete plugin for WordPress is vulnerable to generic SQL Injection via the 'deleteuserroles' parameter in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

4.9CVSS
Exploits0References10
nvd
nvd
added 5 hours ago4 views

CVE-2026-15106

The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 8.5.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS
Exploits0References8
cvelist
cvelist
added 6 hours ago9 views

CVE-2026-15727 WP Bulk Delete <= 1.4.2 - Authenticated (Administrator+) SQL Injection via 'delete_user_roles' Parameter

The WP Bulk Delete plugin for WordPress is vulnerable to generic SQL Injection via the 'deleteuserroles' parameter in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

4.9CVSS
Exploits0References10
cve
cve
added 6 hours ago8 views

CVE-2026-15727

The CVE-2026-15727 entry concerns the WP Bulk Delete WordPress plugin. Affected: WP Bulk Delete (plugins bundle) up to version 1.4.2. Vulnerability: generic SQL Injection via the delete_user_roles parameter, caused by insufficient escaping of user-supplied input and inadequate preparation in the ...

4.9CVSS6.1AI score
Exploits0References10
cvelist
cvelist
added 6 hours ago8 views

CVE-2026-15106 WPBot <= 8.5.6 - Missing Authorization to Unauthenticated Arbitrary Chat Session Deletion via 'userid' Parameter

The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 8.5.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS
Exploits0References8
euvd
euvd
added 6 hours ago5 views

EUVD-2026-44892

The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 8.5.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS6.2AI score
Exploits0References8
euvd
euvd
added 6 hours ago5 views

EUVD-2026-44891

The Themify Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 7.7.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS6.2AI score
Exploits0References10
cve
cve
added 6 hours ago8 views

CVE-2026-15407

The CVE-2026-15407 entry describes an authorization bypass in Themify Builder for WordPress up to version 7.7.7. The underlying issue is insufficient verification of a user’s authorization for actions performed via the tb_generate_on_fly AJAX action, enabling authenticated users with subscriber-l...

4.3CVSS6.2AI score
Exploits0References10
attackerkb
attackerkb
added 8 hours ago3 views

CVE-2026-12979

The FunnelKit WordPress plugin before 3.15.0.6 does not validate a user-supplied path before deleting a file during a template-import operation, allowing users with administrator privileges to delete arbitrary .json files outside the intended directory through path traversal, which can disable...

5.5CVSS6.2AI score
Exploits0References1
cve
cve
added yesterday8 views

CVE-2026-45533

DataEase prior to 2.10.23 contains a path traversal vulnerability in the export-center bulk delete API. Maliciously crafted identifiers can be passed to ExportCenterManage.delete using sequences like ../, enabling recursive deletion of arbitrary server directories during export task cleanup. Impa...

8.3CVSS6.2AI score0.00024EPSS
Exploits0References3
euvd
euvd
added yesterday5 views

EUVD-2026-44716

A vulnerability in Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system to either read or delete arbitrary files. To exploit this vulnerability, the...

5.5CVSS6.2AI score
Exploits0References1
cvelist
cvelist
added yesterday21 views

CVE-2026-20146 Cisco Identity Services Engine Path Traversal Vulnerability

A vulnerability in Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system to either read or delete arbitrary files. To exploit this vulnerability, the...

5.5CVSS
Exploits0References1
cve
cve
added yesterday18 views

CVE-2026-49997

CVE-2026-49997 affects SurrealDB prior to version 3.1.0, where Document::purge_edges could bypass edge table permissions for delete and select when a connected node was deleted. The issue occurs as edge records connected to a deleted node were removed with permissions disabled, bypassing edge-tab...

5.4CVSS6.1AI score0.00023EPSS
Exploits0References3
nvd
nvd
added yesterday6 views

CVE-2026-61740

LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.5.4, when LightRAG is deployed with LIGHTRAGAPIKEY set but AUTHACCOUNTS unset, X-API-Key protection can be bypassed because lightrag/api/auth.py falls back to a hardcoded DEFAULTTOKENSECRET, /auth-status and /login can...

9.3CVSS
Exploits0References4
euvd
euvd
added yesterday4 views

EUVD-2026-44644

PraisonAI Platform before 0.1.9 fails to properly authorize label and issue-label mutations, allowing workspace members to rename and recolor shared labels and add or remove labels on owner-created issues. Attackers with workspace member privileges can exploit PATCH and POST/DELETE endpoints to...

7.1CVSS6.1AI score
Exploits0References3
nuclei
nuclei
added yesterday107 views

OpenAPI Generator <= 7.5.0 - Arbitrary File Read/Delete

OpenAPI Generator versions 7.5.0 and below are prone to an Arbitrary File Read/Delete vulnerability. Attackers can exploit this vulnerability to read and delete files and folders from an arbitrary, writable directory. id: CVE-2024-35219 info: name: OpenAPI Generator = 7.5.0 - Arbitrary File...

8.3CVSS7AI score0.03592EPSS
Exploits0References5
nuclei
nuclei
added yesterday67 views

Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Delete

Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request. id: CVE-2021-46424 info: name: Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Delete author: gy741 severity:...

9.4CVSS7.2AI score0.36459EPSS
Exploits3References5
nvd
nvd
added 2 days ago4 views

CVE-2026-45073

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, PdoAdapter::doClear builds a DELETE statement using a namespace derived from the caller-supplied $prefix without binding or escaping it, allowing a caller...

7.3CVSS0.00536EPSS
Exploits0References6
euvd
euvd
added 2 days ago12 views

EUVD-2026-37897

Woodpecker gRPC agentid metadata can be spoofed- cross-tenant agent impersonation...

7.1CVSS6.1AI score0.00246EPSS
Exploits0References6
osv
osv
added 2 days ago3 views

CVE-2026-45073 Symfony: SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, PdoAdapter::doClear builds a DELETE statement using a namespace derived from the caller-supplied $prefix without binding or escaping it, allowing a caller...

6.3CVSS6.1AI score0.00536EPSS
Exploits0References8
Rows per page
Query Builder