Lucene search
K

766 matches found

Nuclei
Nuclei
added 14 hours ago71 views

WPS Hide Login <= 1.9.15.2 - Login Page Disclosure

The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may...

5.3CVSS6.1AI score0.01235EPSS
Exploits1References2
Nuclei
Nuclei
added 14 hours ago20 views

Hide My WP Ghost < 5.2.02 - Hidden Login Page Disclosure

The Hide My WP Ghost plugin does not prevent redirects to the login page via the authredirect WordPress function, allowing an unauthenticated visitor to access the hidden login page. id: CVE-2024-6420 info: name: Hide My WP Ghost 5.2.02 - Hidden Login Page Disclosure author: jpg0mez severity: hig...

8.6CVSS6.1AI score0.018EPSS
Exploits1References3
CVE
CVE
added 5 days ago9 views

CVE-2026-22659

FlaskBB up to version 2.2.0 is vulnerable to an authorization bypass. The issue arises when an attacker manipulates a batch request with crafted topic ID lists, causing a low-ID topic from a permitted forum to be used as an anchor and bypass the permission check applied only to the first result. ...

8.1CVSS6.2AI score0.00284EPSS
Exploits0References3
NVD
NVD
added 5 days ago9 views

CVE-2026-13347

The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the hewrapperjs and hewrappercss query parameters processed by the elementorassetsfilter function. This is due to the function concatenating user-supplied input directly onto...

7.5CVSS0.00512EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42831

The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the hewrapperjs and hewrappercss query parameters processed by the elementorassetsfilter function. This is due to the function concatenating user-supplied input directly onto...

7.5CVSS6.1AI score0.00512EPSS
Exploits0References3
CVE
CVE
added 5 days ago15 views

CVE-2026-13347

The CVE-2026-13347 entry documents an unauthenticated Arbitrary File Read in WordPress Hide My WP Lite (versions ≤ 1.3) via the he_wrapper_js and he_wrapper_css parameters. The vulnerability stems from elementor_assets_filter() concatenating user input onto ABSPATH and passing it to file_get_cont...

7.5CVSS6.1AI score0.00512EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 5 days ago9 views

CVE-2026-13347

The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the hewrapperjs and hewrappercss query parameters processed by the elementorassetsfilter function. This is due to the function concatenating user-supplied input directly onto...

7.5CVSS6.1AI score0.00512EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-13347 Hide My WP Lite <= 1.3 - Unauthenticated Path Traversal to Arbitrary File Read via 'he_wrapper_js' Parameter

The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the hewrapperjs and hewrappercss query parameters processed by the elementorassetsfilter function. This is due to the function concatenating user-supplied input directly onto...

7.5CVSS0.00512EPSS
Exploits0References3
Patchstack
Patchstack
added 5 days ago8 views

WordPress Hide My WP Lite plugin <= 1.3 - Unauthenticated Path Traversal to Arbitrary File Read vulnerability

Unauthenticated Path Traversal to Arbitrary File Read vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Hide My WP Lite versions = 1.3...

7.5CVSS5.9AI score0.00512EPSS
Exploits0References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago9 views

Malicious code in express-router-engine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49091d8e8923e3e709cebd14f01ee1617267bf3f9b6be99052603715b7cf9f70 The sole shipped file index.js is a heavily obfuscated RC4 + base64 string-array, 337-entry rotated array, control-flow flattening IIFE that executes...

6.1AI score
Exploits0References4
NVD
NVD
added 6 days ago9 views

CVE-2026-6910

The Bookero.pl – system rezerwacji online plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the bookeroproducts shortcode's hideproducts and filterproducts attributes in versions up to and including 2.2. This is due to insufficient input sanitization and output escaping in the...

6.4CVSS0.00212EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-6910

The Bookero.pl – system rezerwacji online plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the bookeroproducts shortcode's hideproducts and filterproducts attributes in versions up to and including 2.2. This is due to insufficient input sanitization and output escaping in the...

6.4CVSS5.9AI score0.00212EPSS
Exploits0References7
CVE
CVE
added 6 days ago8 views

CVE-2026-6910

Overview : CVE-2026-6910 affects the Bookero.pl online booking plugin for WordPress. Issue : Stored Cross-Site Scripting via the bookero_products shortcode attributes hide_products and filter_products in versions up to 2.2. The root cause is insufficient input sanitization and output escaping in ...

6.4CVSS6.1AI score0.00212EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/07/01 3:1 p.m.5 views

CVE-2026-58027

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseFilters.Php. This issue affects AbuseFilter: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

6.5CVSS5.8AI score0.00371EPSS
Exploits0
NVD
NVD
added 2026/06/12 10:16 p.m.15 views

CVE-2026-53829

OpenClaw before 2026.5.18 contains an approval display truncation vulnerability allowing authenticated users to hide command suffixes from approvers. Attackers can submit oversized exec commands with benign prefixes and malicious suffixes to execute unauthorized operations after approval...

8.5CVSS0.00232EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 3:59 p.m.13 views

Malicious code in @sqlite-node/createsql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f6f2c4e3192b71fc68681fbb8c8216a5e581e9f2baaa13954172249a8ddf5b6 The package advertises itself as a SQLite toolkit but ships no SQLite functionality. Its main entry index.js is a single heavily obfuscated module...

6.1AI score
Exploits0References17
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/08 12:0 a.m.9 views

Security update for epiphany (important)

openSUSE Security Update: Security update for epiphany Announcement ID: openSUSE-SU-2026:0193-1 Rating: important References: 1208472 Cross-References: CVE-2023-26081 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description: This update...

7.5CVSS6.9AI score0.01228EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.9 views

CVE-2026-40495

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in HTML output, bypassing the hideversionpublic security setting. The FOSSBilling version is embedded in the query string of every...

6.9CVSS5.5AI score0.00279EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 8:16 p.m.12 views

CVE-2026-40495

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in HTML output, bypassing the hideversionpublic security setting. The FOSSBilling version is embedded in the query string of every a...

6.9CVSS0.00279EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/03 7:38 p.m.6 views

CVE-2026-40495

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in HTML output, bypassing the hideversionpublic security setting. The FOSSBilling version is embedded in the query string of every...

6.9CVSS5.8AI score0.00279EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder