Lucene search
K

8327 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/27 5:33 a.m.7 views

CVE-2026-12404

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS5.8AI score0.00281EPSS
Exploits0References9
CVE
CVE
added 2026/06/27 5:33 a.m.21 views

CVE-2026-12404

The CVE concerns the NEX-Forms – Ultimate Forms Plugin for WordPress. All versions up to and including 9.2.2 are vulnerable to an authorization bypass due to improper verification of user permissions. This allows unauthenticated attackers to enumerate sequential report IDs and download complete f...

5.3CVSS5.8AI score0.00281EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/27 5:33 a.m.38 views

CVE-2026-12404 NEX-Forms <= 9.2.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via CSVExport Class

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS0.00281EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/26 7:17 p.m.11 views

EUVD-2026-37512

pydantic-ai: SSRF blocklist bypass via IPv4-compatible, SIIT/IVI, and local NAT64 IPv6 addresses incomplete fix of CVE-2026-46678...

6.8CVSS5.8AI score0.00332EPSS
Exploits0References5
NVD
NVD
added 2026/06/26 3:16 p.m.5 views

CVE-2026-57312

Unauthenticated Cross Site Scripting XSS in Everest Forms = 3.4.8 versions...

7.1CVSS0.0018EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2026-56069

Unauthenticated Insecure Direct Object References IDOR in Toolset Forms = 2.6.24 versions...

7.5CVSS0.003EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.32 views

CVE-2026-57312 WordPress Everest Forms plugin <= 3.4.8 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Everest Forms = 3.4.8 versions...

7.1CVSS0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.5 views

EUVD-2026-39725

Unauthenticated Cross Site Scripting XSS in Everest Forms = 3.4.8 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.10 views

CVE-2026-57312

CVE-2026-57312 affects the WordPress plugin Everest Forms up to version 3.4.8 . The connected documents describe an unauthenticated Cross-Site Scripting (XSS) vulnerability, identified as a reflected XSS in CVE-2026-57312. The exact vectors, input points, and root cause details are not provided i...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.33 views

CVE-2026-56069 WordPress Toolset Forms plugin <= 2.6.24 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in Toolset Forms = 2.6.24 versions...

7.5CVSS0.003EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.6 views

EUVD-2026-39722

Unauthenticated Insecure Direct Object References IDOR in Toolset Forms = 2.6.24 versions...

7.5CVSS5.8AI score0.003EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.11 views

CVE-2026-56069

This CVE concerns the WordPress Toolset Forms plugin (versions up to 2.6.24). The issue is an Unauthenticated Insecure Direct Object Reference (IDOR) in Toolset Forms, allowing access to objects without authentication. The CVSS 3.1 vector indicates network attack, low attack complexity, no privil...

7.5CVSS5.8AI score0.003EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 4:17 a.m.7 views

CVE-2026-2508

The Gravity Forms Booking plugin for WordPress is vulnerable to time-based SQL Injection via the ‘staffid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS0.00241EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 3:42 a.m.9 views

EUVD-2026-39167

The Gravity Forms Booking plugin for WordPress is vulnerable to time-based SQL Injection via the ‘staffid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS6AI score0.00241EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 3:42 a.m.34 views

CVE-2026-2508 Gravity Forms Booking <= 2.7.1 - Authenticated (Subscriber+) Time-Based SQL Injection via 'staff_id'

The Gravity Forms Booking plugin for WordPress is vulnerable to time-based SQL Injection via the ‘staffid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS0.00241EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 3:42 a.m.12 views

CVE-2026-2508

CVE-2026-2508 affects the Gravity Forms Booking plugin for WordPress, all versions up to and including 2.7.1. The vulnerability is a time-based SQL Injection via the 'staff_id' parameter caused by insufficient escaping and lack of proper query preparation. Authenticated attackers with Subscriber-...

6.5CVSS6AI score0.00241EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Chromium

The use of after-free in Forms in Google Chrome before version 147.0.7727.101 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: High...

8.8CVSS7.7AI score0.00323EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/24 8:43 a.m.6 views

WordPress WP Forms Connector plugin <= 1.8 - Missing Authorization to Unauthenticated Information Exposure vulnerability

Missing Authorization to Unauthenticated Information Exposure vulnerability discovered by jamaal in WordPress Plugin WP Forms Connector versions = 1.8...

7.5CVSS5.8AI score0.00347EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/24 8:38 a.m.7 views

WordPress WP Forms Connector plugin <= 1.8 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by jamaal in WordPress Plugin WP Forms Connector versions = 1.8...

7.5CVSS6AI score0.00376EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/24 7:16 a.m.13 views

CVE-2026-9179

The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/wp/v3/post/list REST endpoint in versions up to and including 1.8. This is due to insufficient escaping on the user-supplied 'order' parameter read directly from $GET'order' into...

7.5CVSS0.00376EPSS
Exploits0References4
Rows per page
Query Builder