Lucene search
K

25068 matches found

EUVD
EUVD
added 2026/03/08 12:31 a.m.5 views

EUVD-2026-10194

A vulnerability was identified in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex. Such manipulation of the argument mitlinktype/PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The...

9CVSS6.4AI score0.00594EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/03/08 12:0 a.m.5 views

smart-admin 代码注入漏洞

Smart-Admin is a rapid development platform developed by individual developers of 1024-lab. Versions of Smart-Admin prior to 3.29 contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of the file...

5.4CVSS5.7AI score0.00221EPSS
Exploits1References5
OSV
OSV
added 2026/03/07 11:15 p.m.4 views

CVE-2026-3679

A vulnerability was identified in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex. Such manipulation of the argument mitlinktype/PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The...

8.8CVSS8AI score0.00594EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/07 10:32 p.m.2 views

CVE-2026-3679

A vulnerability was identified in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex. Such manipulation of the argument mitlinktype/PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The...

9CVSS6.4AI score0.00594EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/07 10:32 p.m.1 views

CVE-2026-3679 Tenda FH451 QuickIndex formQuickIndex stack-based overflow

A vulnerability was identified in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex. Such manipulation of the argument mitlinktype/PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The...

9CVSS8AI score0.00594EPSS
Exploits1References5
Patchstack
Patchstack
added 2026/03/07 9:45 p.m.7 views

WordPress Contact Form by WPForms plugin <= 1.9.9.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by davidfdzmorilla in WordPress Plugin Contact Form by WPForms versions = 1.9.9.3...

4.3CVSS5.8AI score0.00172EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/03/07 9:30 a.m.7 views

EUVD-2026-10136

The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...

4.4CVSS5.7AI score0.00193EPSS
Exploits0References4
NVD
NVD
added 2026/03/07 8:16 a.m.5 views

CVE-2026-2420

The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...

4.4CVSS0.00193EPSS
Exploits0References3
NVD
NVD
added 2026/03/07 8:16 a.m.7 views

CVE-2026-1073

The Purchase Button For Affiliate Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing nonce validation on the settings page form handler in inc/purchase-btn-options-page.php. This makes it possible for...

4.3CVSS0.00126EPSS
Exploits0References3
CVE
CVE
added 2026/03/07 7:22 a.m.13 views

CVE-2026-1073

CVE-2026-1073 is a CSRF vulnerability in the WordPress plugin Purchase Button For Affiliate Link (versions up to 1.0.2). The issue arises from missing nonce validation on the settings page form handler in inc/purchase-btn-options-page.php, enabling unauthenticated attackers to modify plugin setti...

4.3CVSS5.6AI score0.00126EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/07 7:22 a.m.3 views

CVE-2026-1073

The Purchase Button For Affiliate Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing nonce validation on the settings page form handler in inc/purchase-btn-options-page.php. This makes it possible for...

4.3CVSS5.6AI score0.00126EPSS
Exploits0References4
CVE
CVE
added 2026/03/07 7:22 a.m.10 views

CVE-2026-2420

CVE-2026-2420 (LotekMedia Popup Form, WordPress) : Stored XSS in plugin settings affecting all versions up to 1.0.6. Exploitation requires Administrator+ privileges; payload executes on frontend pages displaying the popup. Connected docs confirm the issue and affected version range; no explicit f...

4.4CVSS5.7AI score0.00193EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/07 7:22 a.m.34 views

CVE-2026-2420 LotekMedia Popup Form <= 1.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings

The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...

4.4CVSS0.00193EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/07 7:22 a.m.3 views

CVE-2026-2420

The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...

4.4CVSS5.7AI score0.00193EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/07 7:22 a.m.3 views

CVE-2026-2420 LotekMedia Popup Form <= 1.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings

The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...

4.4CVSS5.7AI score0.00193EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/07 6:31 a.m.6 views

EUVD-2025-208352

The Paid Videochat Turnkey Site – HTML5 PPV Live Webcams plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.3.20. This is due to videowhisperregisterform function not restricting user roles that can be set during registration. This makes it possible...

8.8CVSS5.7AI score0.0037EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/07 5:46 a.m.3 views

CVE-2025-8899 Paid Videochat Turnkey Site – HTML5 PPV Live Webcams <= 7.3.20 - Authenticated (Author+) Privilege Escalation

The Paid Videochat Turnkey Site – HTML5 PPV Live Webcams plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.3.20. This is due to videowhisperregisterform function not restricting user roles that can be set during registration. This makes it possible...

8.8CVSS5.7AI score0.0037EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/07 5:46 a.m.2 views

CVE-2025-8899

The Paid Videochat Turnkey Site – HTML5 PPV Live Webcams plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.3.20. This is due to videowhisperregisterform function not restricting user roles that can be set during registration. This makes it possible...

8.8CVSS5.7AI score0.0037EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/07 5:46 a.m.32 views

CVE-2025-8899 Paid Videochat Turnkey Site – HTML5 PPV Live Webcams <= 7.3.20 - Authenticated (Author+) Privilege Escalation

The Paid Videochat Turnkey Site – HTML5 PPV Live Webcams plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.3.20. This is due to videowhisperregisterform function not restricting user roles that can be set during registration. This makes it possible...

8.8CVSS0.0037EPSS
Exploits0References3
CVE
CVE
added 2026/03/07 5:46 a.m.16 views

CVE-2025-8899

The Paid Videochat Turnkey Site – HTML5 PPV Live Webcams WordPress plugin is vulnerable to privilege escalation in all versions up to and including 7.3.20. The root cause is videowhisper_register_form() not restricting user roles during registration, allowing authenticated users with Author-level...

8.8CVSS5.7AI score0.0037EPSS
Exploits0References3
Rows per page
Query Builder