Lucene search
K

49660 matches found

CVE
CVE
added 2026/06/28 1:0 p.m.18 views

CVE-2026-13498

The CVE concerns yashpokharna2555 restaurant-management-system. It identifies a vulnerability in an unknown function within /forgotpassword.php (POST Parameter Handler) where manipulating the email parameter leads to SQL injection. The issue can be exploited remotely and publicly available exploi...

7.5CVSS6.9AI score0.00269EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.10 views

PT-2026-53109

Name of the Vulnerable Software and Affected Versions yashpokharna2555 restaurent-management-system affected versions not specified Description An issue exists in the POST Parameter Handler component within the /forgotpassword.php file. Remote manipulation of the email parameter allows for SQL...

7.5CVSS7.1AI score0.00269EPSS
Exploits0References12
NVD
NVD
added 2026/06/27 5:16 a.m.9 views

CVE-2026-12415

The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravelinvoiceeditaccount AJAX action in versions up to, and including, 1.0.0. The handler is exposed via wpajaxnoprivpravelinvoiceeditaccount, accepts an attacker-controlled...

9.8CVSS0.00662EPSS
Exploits0References4
CVE
CVE
added 2026/06/27 4:30 a.m.26 views

CVE-2026-12415

The CVE concerns the WordPress plugin Invoice Generator. Vulnerable in versions up to 1.0.0 due to a missing capability check on the pravel_invoice_edit_account() AJAX action. The handler is exposed via wp_ajax_nopriv_pravel_invoice_edit_account and accepts attacker-controlled user_id and user_em...

9.8CVSS5.8AI score0.00662EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/27 4:30 a.m.9 views

EUVD-2026-39943

The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravelinvoiceeditaccount AJAX action in versions up to, and including, 1.0.0. The handler is exposed via wpajaxnoprivpravelinvoiceeditaccount, accepts an attacker-controlled...

9.8CVSS5.8AI score0.00662EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/27 4:30 a.m.35 views

CVE-2026-12415 Invoice Generator <= 1.0.0 - Unauthenticated Privilege Escalation via Account Takeover via 'user_id' Parameter

The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravelinvoiceeditaccount AJAX action in versions up to, and including, 1.0.0. The handler is exposed via wpajaxnoprivpravelinvoiceeditaccount, accepts an attacker-controlled...

9.8CVSS0.00662EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/27 4:30 a.m.16 views

CVE-2026-12415

The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravelinvoiceeditaccount AJAX action in versions up to, and including, 1.0.0. The handler is exposed via wpajaxnoprivpravelinvoiceeditaccount, accepts an attacker-controlled...

9.8CVSS5.8AI score0.00662EPSS
Exploits0References5
Fedora
Fedora
added 2026/06/27 12:56 a.m.6 views

[SECURITY] Fedora 43 Update: nginx-1.30.3-1.fc43

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

9.2CVSS7AI score0.03225EPSS
Exploits4
EUVD
EUVD
added 2026/06/26 3:32 p.m.6 views

EUVD-2026-39781

Unauthenticated Broken Access Control in SiteGround Email Marketing = 1.7.5 versions...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2026-57632

Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend = 1.19.0 versions...

5.4CVSS0.00275EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-24547

Unauthenticated Broken Access Control in SiteGround Email Marketing = 1.7.5 versions...

5.3CVSS0.00214EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:53 p.m.4 views

EUVD-2026-39748

Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend = 1.19.0 versions...

5.4CVSS5.8AI score0.00275EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.12 views

CVE-2026-24547

The vulnerability CVE-2026-24547 affects the WordPress SiteGround Email Marketing plugin (versions up to and including 1.7.5). It is described as Unauthenticated Broken Access Control, indicating that an attacker could access restricted functionality or data without authentication. The CVSS v3.1 ...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.35 views

CVE-2026-24547 WordPress SiteGround Email Marketing plugin <= 1.7.5 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in SiteGround Email Marketing = 1.7.5 versions...

5.3CVSS0.00214EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 3:16 p.m.7 views

CVE-2026-13225

Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page for individual tickets in that order...

5.3CVSS0.00345EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 2:26 p.m.5 views

EUVD-2026-39418

Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page for individual tickets in that order...

5.3CVSS5.9AI score0.00345EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 2:26 p.m.34 views

CVE-2026-13225 Stored XSS in ticket confirmation page

Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page for individual tickets in that order...

5.3CVSS0.00345EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 2:26 p.m.14 views

CVE-2026-13225

The provided connected documents confirm CVE-2026-13225 as a Stored XSS in pretix. Malicious HTML content could be injected into the email address field of an order; pretix displays this on the confirmation page for individual tickets without sanitization. Affects pretix’s order confirmation page...

5.3CVSS5.9AI score0.00345EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 9:31 a.m.5 views

EUVD-2026-39187

The Email Address Encoder WordPress plugin before 1.0.25, email-encoder-premium WordPress plugin before 0.3.12 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks...

8.8CVSS5.8AI score0.00301EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/25 8:2 a.m.6 views

WordPress SiteGround Email Marketing plugin <= 1.7.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin SiteGround Email Marketing versions = 1.7.5...

5.3CVSS5.8AI score0.00214EPSS
Exploits0Affected Software1
Rows per page
Query Builder