Lucene search
K

957 matches found

Nuclei
Nuclei
added 19 hours ago45 views

JoomSport <= 5.7.7 - SQL Injection

The JoomSport WordPress plugin through 5.7.7 is vulnerable to unauthenticated time-based blind SQL injection via the 'sortf' GET parameter in the player list view. The parameter value is backtick-wrapped and directly concatenated into an ORDER BY clause. id: CVE-2026-42647 info: name: JoomSport =...

9.3CVSS6.1AI score0.01323EPSS
Exploits1References4
CVE
CVE
added 2 days ago7 views

CVE-2026-13010

The CVE-2026-13010 entry concerns the JoomSport plugin for WordPress (Team & League, Football, Hockey & more). Affected versions: all up to and including 5.7.9. Vulnerability type: time-based SQL Injection via the 'event' shortcode attribute, caused by insufficient escaping of the user-supplied p...

6.5CVSS6.1AI score0.00254EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-42860

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based SQL Injection via 'event' Shortcode Attribute in all versions up to, and including, 5.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS6.1AI score0.00254EPSS
Exploits0References4
OSV
OSV
added 2026/07/05 5:19 a.m.9 views

ROOT-OS-UBUNTU-2404-CVE-2025-71192 CVE-2025-71192 in rootio-linux - Patched by Root

Root has patched CVE-2025-71192 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

5.4AI score0.00156EPSS
Exploits0
NVD
NVD
added 2026/07/02 12:16 p.m.5 views

CVE-2025-69155

Unauthenticated Cross Site Scripting XSS in Fitness Zone WordPress Theme = 5.7 versions...

7.1CVSS0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 8:33 a.m.7 views

EUVD-2026-41265

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.7.8. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS5.9AI score0.00232EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/02 8:33 a.m.44 views

CVE-2026-12134 JoomSport <= 5.7.8 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Group Creation/Modification via season_groupedit AJAX action

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.7.8. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00232EPSS
Exploits0References8
NVD
NVD
added 2026/07/01 5:16 a.m.7 views

CVE-2026-12133

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Group Deletion in versions up to, and including, 5.7.8. This is due to a missing capability check in the joomsportseasongroupdel AJAX handler, which only...

4.3CVSS0.0025EPSS
Exploits0References10
Patchstack
Patchstack
added 2026/06/30 1:26 p.m.5 views

WordPress Fitness Zone WordPress Theme theme <= 5.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Fitness Zone WordPress Theme versions = 5.7...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/06/22 2:0 p.m.3 views

MINI-MX7M-PFRJ-5X7M

Bulletin has no description...

8CVSS5.8AI score0.00472EPSS
Exploits0
CVE
CVE
added 2026/06/17 7:42 p.m.44 views

CVE-2026-48814

Network-AI is a TypeScript/Node.js multi-agent orchestrator. In versions

9.1CVSS5.3AI score0.00297EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 5:7 p.m.8 views

EUVD-2026-37767

In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration. The vulnerability exists...

4.3CVSS5.3AI score0.00217EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-50174

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description The MicrosoftAgent365Trigger and StripeTrigger nodes fail to validate inbound requests. This allows an unauthenticated attacker with knowledge of the webhook URL to submit a...

7.2CVSS6AI score0.00276EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/15 8:18 p.m.8 views

EUVD-2026-36839

Unauthenticated Cross Site Scripting XSS in AutomatorWP = 5.7.2 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 9:4 p.m.9 views

CVE-2026-42647 WordPress JoomSport plugin <= 5.7.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Beardev JoomSport allows Blind SQL Injection. This issue affects JoomSport: from n/a through 5.7.7...

9.3CVSS5.6AI score0.01323EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.14 views

CVE-2026-53694

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Nomachine allows Argument Injection.This issue affects Nomachine: before 9.5.7, before 8.23.2...

7.3CVSS5.4AI score0.00131EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.9 views

CVE-2026-42266

A flaw was found in JupyterLab, an extensible environment for interactive computing. The PyPI Extension Manager, responsible for installing extensions, failed to properly enforce its allow-list of approved extensions. This vulnerability allowed for the installation of unauthorized extensions from...

8.8CVSS6.4AI score0.0053EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.20 views

PHP 8.5.x < 8.5.7 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.5.7. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.5.7 advisory. - In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal. CVE-2026-44928 - In uriparse...

5.3CVSS5.6AI score0.00211EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/03 1:22 p.m.9 views

WordPress AutomatorWP plugin <= 5.7.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin AutomatorWP versions = 5.7.2...

7.1CVSS5.5AI score0.00175EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.7 views

DesDev DedeCMS SQL注入漏洞

DesDev DedeCMS is an open-source content management system CMS developed by DesDev Corporation. It is built using PHP. This system offers functions such as content publishing, content management, content editing, and content retrieval. Version 5.7.88 of DesDev DedeCMS contains a SQL injection...

7.5CVSS5.6AI score0.00308EPSS
Exploits0References4
Rows per page
Query Builder