Lucene search
K

8725 matches found

NVD
NVD
added 2026/06/18 6:16 a.m.11 views

CVE-2026-11360

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'sortdirection' parameter in all versions up to, and including, 4.0.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00369EPSS
Exploits0References14
EUVD
EUVD
added 2026/06/18 5:34 a.m.10 views

EUVD-2026-37844

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'sortdirection' parameter in all versions up to, and including, 4.0.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS5.8AI score0.00369EPSS
Exploits0References14
CVE
CVE
added 2026/06/18 5:34 a.m.27 views

CVE-2026-11360

The CVE-2026-11360 entry concerns the WordPress plugin Advanced Order Export For WooCommerce (WooCommerce), affected up to version 4.0.10. The vulnerability is a generic SQL Injection via the sort_direction parameter caused by insufficient escaping and inadequate SQL query preparation. Exploitati...

4.9CVSS5.9AI score0.00369EPSS
Exploits0References14
Cvelist
Cvelist
added 2026/06/18 5:34 a.m.32 views

CVE-2026-11360 Advanced Order Export For WooCommerce <= 4.0.10 - Authenticated (Shop Manager+) SQL Injection via 'sort_direction' Parameter

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'sortdirection' parameter in all versions up to, and including, 4.0.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00369EPSS
Exploits0References14
EUVD
EUVD
added 2026/06/18 4:31 a.m.9 views

EUVD-2026-37839

The FireBox Popups – Increase Sales and Grow Your Email List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.7 via the 'formid' parameter. This makes it possible for unauthenticated attackers to extract download a full CSV export of a...

5.3CVSS5.4AI score0.00331EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/06/18 4:31 a.m.23 views

CVE-2026-12120 FireBox Popups <= 3.1.7 - Unauthenticated Sensitive Information Exposure in 'form_id' Parameter

The FireBox Popups – Increase Sales and Grow Your Email List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.7 via the 'formid' parameter. This makes it possible for unauthenticated attackers to extract download a full CSV export of a...

5.3CVSS0.00331EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/06/18 12:0 a.m.14 views

CVE-2026-38716

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the Python application export function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

0.01316EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/18 12:0 a.m.8 views

EUVD-2026-37919

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the Python application export function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

9.8CVSS5.9AI score0.01316EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/18 12:0 a.m.8 views

CVE-2026-38716

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the Python application export function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

9.8CVSS5.9AI score0.01316EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 12:0 a.m.18 views

CVE-2026-38716

InHand Networks CVE-2026-38716 affects IR912 IR915 devices (V1.0.0.r20042 and earlier). The vulnerability is a command injection in the Python application export function that allows a remote attacker to execute arbitrary commands as root via a crafted input. The CVSS-derived metrics indicate a h...

9.8CVSS6AI score0.01316EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/17 7:18 p.m.15 views

CVE-2026-55198

Hermes WebUI before 0.51.443 contains an authorization bypass vulnerability in the session export endpoint that allows authenticated users to access sessions from other profiles. The handlesessionexport handler in api/routes.py fails to verify active-profile ownership before serializing session...

7.1CVSS0.00272EPSS
Exploits0References5
Rockylinux
Rockylinux
added 2026/06/17 6:3 p.m.10 views

389-ds-base security, bug fix, and enhancement update

An update is available for 389-ds-base. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The ba...

7.5CVSS5.4AI score0.00815EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/17 5:59 p.m.19 views

CVE-2026-55198 Hermes WebUI < 0.51.443 - Cross-Profile Session Data Exfiltration via Session Export Endpoint

Hermes WebUI before 0.51.443 contains an authorization bypass vulnerability in the session export endpoint that allows authenticated users to access sessions from other profiles. The handlesessionexport handler in api/routes.py fails to verify active-profile ownership before serializing session...

7.1CVSS0.00272EPSS
Exploits0References5
CVE
CVE
added 2026/06/17 5:59 p.m.17 views

CVE-2026-55198

Hermes WebUI prior to 0.51.443 contains an authorization bypass in the session export endpoint. The _handle_session_export handler in api/routes.py fails to verify active-profile ownership before serializing session data, allowing authenticated users to exfiltrate transcripts from other profiles ...

7.1CVSS5.3AI score0.00272EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/06/17 4:45 p.m.6 views

WordPress Advanced Order Export For WooCommerce plugin <= 4.0.10 - Authenticated (Shop Manager+) SQL Injection vulnerability

Authenticated Shop Manager+ SQL Injection vulnerability discovered by Yaswanth Reddy Sunkara in WordPress Plugin Advanced Order Export For WooCommerce versions = 4.0.10...

4.9CVSS5.9AI score0.00369EPSS
Exploits0References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 4:37 p.m.10 views

Malicious code in swift-parse-stream (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ab8561c6c561b045d817d4fab3aa0754ce7cd767a3c5ec07b95151dda6b92c8 swift-parse-stream advertises itself as an SVG sanitizer/minifier but ships an undocumented getPlugin export in index.js that, when invoked, performs...

6.5AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 4:37 p.m.10 views

Malicious code in quirky-token (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b263413912feb72882ee0b52e7025c636ed98472ba90e6db4714b3b111b4e2e8 The package is advertised as an SVG sanitizer but exposes an undocumented getPlugin export whose returned function fetches JSON from...

6AI score
Exploits0References4
OSV
OSV
added 2026/06/17 4:37 p.m.7 views

MAL-2026-6066 Malicious code in quirky-token (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b263413912feb72882ee0b52e7025c636ed98472ba90e6db4714b3b111b4e2e8 The package is advertised as an SVG sanitizer but exposes an undocumented getPlugin export whose returned function fetches JSON from...

6AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/17 1:55 a.m.10 views

Important: Red Hat Security Advisory: 389-ds-base security, bug fix, and enhancement update

An update for 389-ds-base is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

7.5CVSS5.4AI score0.00815EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/17 1:51 a.m.7 views

Important: Red Hat Security Advisory: 389-ds-base security, bug fix, and enhancement update

An update for 389-ds-base is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

7.5CVSS5.4AI score0.00815EPSS
Exploits0References2
Rows per page
Query Builder