Lucene search
K

25071 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/07 5:46 a.m.2 views

CVE-2025-8899

The Paid Videochat Turnkey Site – HTML5 PPV Live Webcams plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.3.20. This is due to videowhisperregisterform function not restricting user roles that can be set during registration. This makes it possible...

8.8CVSS5.7AI score0.0037EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/07 5:46 a.m.32 views

CVE-2025-8899 Paid Videochat Turnkey Site – HTML5 PPV Live Webcams <= 7.3.20 - Authenticated (Author+) Privilege Escalation

The Paid Videochat Turnkey Site – HTML5 PPV Live Webcams plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.3.20. This is due to videowhisperregisterform function not restricting user roles that can be set during registration. This makes it possible...

8.8CVSS0.0037EPSS
Exploits0References3
CVE
CVE
added 2026/03/07 5:46 a.m.16 views

CVE-2025-8899

The Paid Videochat Turnkey Site – HTML5 PPV Live Webcams WordPress plugin is vulnerable to privilege escalation in all versions up to and including 7.3.20. The root cause is videowhisper_register_form() not restricting user roles during registration, allowing authenticated users with Author-level...

8.8CVSS5.7AI score0.0037EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/03/07 2:32 a.m.6 views

WordPress LotekMedia Popup Form plugin <= 1.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Plugin Settings vulnerability discovered by Hieus in WordPress Plugin LotekMedia Popup Form versions = 1.0.6...

4.4CVSS5.8AI score0.00193EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.6 views

CVE-2026-3613

A vulnerability was identified in Wavlink WL-NU516U1 V240425. This vulnerability affects the function sub401A0C of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly...

8.6CVSS7.5AI score0.00709EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.7 views

PT-2026-23828

Name of the Vulnerable Software and Affected Versions Paid Videochat Turnkey Site – HTML5 PPV Live Webcams plugin for WordPress versions through 7.3.20 Description The Paid Videochat Turnkey Site – HTML5 PPV Live Webcams plugin for WordPress is susceptible to a privilege escalation issue. The...

8.8CVSS5.8AI score0.0037EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.9 views

PT-2026-23834

The Purchase Button For Affiliate Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing nonce validation on the settings page form handler in inc/purchase-btn-options-page.php. This makes it possible for...

4.3CVSS5.6AI score0.00126EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.6 views

WordPress plugin LotekMedia Popup Form 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.4CVSS5.8AI score0.00193EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.13 views

PT-2026-23888

Name of the Vulnerable Software and Affected Versions Tenda FH451 version 1.0.0.9 Description A stack-based buffer overflow exists in the formQuickIndex function of the /goform/QuickIndex file. Manipulation of the mit linktype/PPPOEPassword argument can trigger this issue, allowing for remote...

9CVSS7.7AI score0.00594EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2026/03/07 12:0 a.m.3 views

SUSE SLES16 Security Update : go1.24-openssl (SUSE-SU-2026:20629-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20629-1 advisory. - Update to version 1.24.13 jscSLE-18320 - CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled...

10CVSS7.2AI score0.01945EPSS
Exploits4References63
RedhatCVE
RedhatCVE
added 2026/03/06 7:45 p.m.6 views

CVE-2026-3459

The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnduploadcf7upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to...

8.1CVSS6.4AI score0.00553EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/03/06 4:36 p.m.3 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS5.8AI score0.01945EPSS
Exploits0References8
EUVD
EUVD
added 2026/03/06 3:31 p.m.8 views

EUVD-2018-21617

2-Plan Team 1.0.4 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload executable PHP files by sending multipart form data to managefile.php. Attackers can upload PHP files through the userfile1 parameter with action=upload, which are stored in the files...

7.1CVSS6.2AI score0.00444EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/06 12:30 p.m.5 views

EUVD-2026-10028

QuickCMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. An attacker can craft special website, which when visited by the victim, will automatically send a POST request with victim's privileges. This software does not implement any protection against this type of attack. Al...

5.1CVSS5.8AI score0.00222EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/06 7:52 a.m.4 views

CVE-2026-2365

The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fluentformstepformsavedata AJAX action in all versions up to, and including, 6.1.17. This is due to the draft form submission endpoint being publicly accessible without authentication or nonce...

7.2CVSS5.9AI score0.00263EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/06 7:35 a.m.10 views

WordPress Drag and Drop Multiple File Upload for Contact Form 7 plugin <= 1.3.9.5 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Thomas Sanzey in WordPress Plugin Drag and Drop Multiple File Upload – Contact Form 7 versions = 1.3.9.5...

8.1CVSS5.8AI score0.00553EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/06 7:29 a.m.8 views

WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.4.7 - Unauthenticated PHP Object Injection via 'download_csv' vulnerability

Unauthenticated PHP Object Injection via 'downloadcsv' vulnerability discovered by Chiao-Lin Yu Steven Meow - Trend Micro in WordPress Plugin Contact Form Entries versions = 1.4.7...

9.8CVSS5.8AI score0.00519EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.3 views

openSUSE 16 Security Update : go1.24-openssl (openSUSE-SU-2026:20308-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20308-1 advisory. - Update to version 1.24.13 jscSLE-18320 - CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information. bsc12512...

10CVSS7.1AI score0.01945EPSS
Exploits4References62
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.4 views

RHEL 9 : Red Hat JBoss Enterprise Application Platform 8.0.12 (RHSA-2026:3891)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3891 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release o...

9.6CVSS7.7AI score0.0217EPSS
Exploits1References27
EUVD
EUVD
added 2026/03/05 9:30 p.m.5 views

EUVD-2026-9865

The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnduploadcf7upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to...

8.1CVSS6.6AI score0.00553EPSS
Exploits0References5
Rows per page
Query Builder