Lucene search
K

13 matches found

CVE
CVE
added yesterday10 views

CVE-2026-57810

CVE-2026-57810 describes a SQL injection in the WordPress plugin APIExperts Square for WooCommerce (woosquare), affecting versions up to and including 4.7.4. The vulnerability is characterized as blind SQL injection due to improper neutralization of special elements in SQL queries. The provided d...

8.5CVSS6.1AI score0.00357EPSS
Exploits0References1
Patchstack
Patchstack
added 5 days ago5 views

WordPress APIExperts Square for WooCommerce plugin <= 4.7.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Averon Averenkov in WordPress Plugin APIExperts Square for WooCommerce versions = 4.7.4...

8.5CVSS6.1AI score0.00357EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/07/06 10:16 p.m.7 views

CVE-2026-42148

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the buildHelperImage method in app/Livewire/Settings/Index.php constructs a Docker build command using the devhelperversion field without shell escaping, allowing an attack...

3.8CVSS0.00121EPSS
Exploits0References3
NVD
NVD
added 2026/06/29 8:17 p.m.11 views

CVE-2026-57498

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, Coolify's API controllers consistently validate server ownership with Server::whereTeamId$teamId before any operation. However, multiple Livewire web UI components accept...

9.6CVSS0.00223EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.10 views

RHCOS 4 : OpenShift Container Platform 4.7.4 (RHSA-2021:0958)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0958 advisory. - golang: crypto/elliptic: incorrect operations on the P-224 curve CVE-2021-3114 Note that Nessus has not tested for this issue but has inste...

6.5CVSS5.8AI score0.02689EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/09 4:45 p.m.3 views

CVE-2026-39974

n8n-MCP is a Model Context Protocol MCP server that provides AI assistants with comprehensive access to n8n node documentation, properties, and operations. Prior to 2.47.4, an authenticated Server-Side Request Forgery in n8n-mcp allows a caller holding a valid AUTHTOKEN to cause the server to iss...

8.5CVSS6.1AI score0.00316EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/08 7:53 p.m.4 views

GHSA-4GGG-H7PH-26QR n8n-mcp has authenticated SSRF via instance-URL header in multi-tenant HTTP mode

Impact An authenticated Server-Side Request Forgery in n8n-mcp allows a caller holding a valid AUTHTOKEN to cause the server to issue HTTP requests to arbitrary URLs supplied through multi-tenant HTTP headers. Response bodies are reflected back through JSON-RPC, so an attacker can read the conten...

8.5CVSS5.8AI score0.00316EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/10/15 12:0 a.m.5 views

WordPress plugin WP ULike 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...

4.3CVSS6.6AI score0.00207EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/09/25 6:57 a.m.4 views

WordPress WP ULike plugin < 4.7.4 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin WP ULike versions 4.7.4...

4.8CVSS6.1AI score0.00373EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2024/09/25 12:0 a.m.4 views

WordPress plugin WP ULike 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

4.8CVSS6.5AI score0.00373EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/09/24 12:0 a.m.6 views

PT-2024-38654 · WordPress · Wp Ulike

Name of the Vulnerable Software and Affected Versions: WP ULike versions prior to 4.7.4 Description: The issue is related to the WP ULike WordPress plugin, which does not properly sanitize and escape some of its settings. This could allow high-privilege users, such as administrators, to perform...

4.8CVSS6.1AI score0.00373EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2023/03/30 1:44 a.m.4 views

SUSE CVE-2023-26437

Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3...

5.3CVSS7AI score0.00593EPSS
Exploits0References5
CNVD
CNVD
added 2019/07/18 12:0 a.m.3 views

Pluck Code Issue Vulnerability

Pluck is a content management system CMS developed using the PHP language. A code issue vulnerability exists in the data/inc/images.php file in Pluck 4.7.4 and earlier versions. The vulnerability stems from an improperly designed or implemented code development process for a web-based system or...

9.8CVSS7.2AI score0.01808EPSS
Exploits0References1
Rows per page
Query Builder