Lucene search
K

460443 matches found

NVD
NVD
added yesterday6 views

CVE-2026-61501

Rejetto HFS 3.0.0 through 3.2.0 renders log entries in the administration panel as HTML without sanitization. A remote unauthenticated attacker can submit a failed login with a crafted username that is written to the error log and executes JavaScript in an administrator's browser when the logs ar...

6.1CVSS
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-61504

Rejetto HFS 3.0.0 through 3.2.0 does not escape file names in its fallback "basic" web listing, and this listing can be forced by any browser via the ?get=basic parameter. A user with upload permission - or an anonymous user on servers with an open upload folder - can store a file whose name...

5.4CVSS
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-59521

Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC Real Testimonials testimonial-free allows Object Injection.This issue affects Real Testimonials: from n/a through = 3.1.15...

7.2CVSS0.00539EPSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-61955

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Hannan گرویتی فرم فارسی persian-gravity-forms allows Blind SQL Injection.This issue affects گرویتی فرم فارسی: from n/a through = 3.0.2...

7.6CVSS0.00383EPSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-59515

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Sergey AIWU ai-copilot-content-generator allows Blind SQL Injection.This issue affects AIWU: from n/a through = 1.5.4...

9.3CVSS0.004EPSS
Exploits0References1
NVD
NVD
added yesterday6 views

CVE-2026-59518

Deserialization of Untrusted Data vulnerability in wpWax Directorist directorist allows Object Injection.This issue affects Directorist: from n/a through = 8.8.2...

9.8CVSS0.00564EPSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-57810

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affects APIExperts Square for WooCommerce: from n/a through = 4.7.4...

8.5CVSS0.00357EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-57787

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CreativeWS CWS SVGicons cws-svgicons allows Blind SQL Injection.This issue affects CWS SVGicons: from n/a through = 1.5.5...

8.5CVSS0.00347EPSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-57770

Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Photography grandphotography allows Object Injection.This issue affects Grand Photography: from n/a through = 5.7.8...

9.8CVSS0.00564EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-57773

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Zorem Advanced Shipment Tracking for WooCommerce woo-advanced-shipment-tracking allows Blind SQL Injection.This issue affects Advanced Shipment Tracking for WooCommerce: from n/a through = 4.0...

7.6CVSS0.00372EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57771

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Milan Petrovic GD Rating System gd-rating-system allows Blind SQL Injection.This issue affects GD Rating System: from n/a through = 3.7...

8.5CVSS0.00357EPSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-57772

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Inventory WP Inventory Manager wp-inventory-manager allows Blind SQL Injection.This issue affects WP Inventory Manager: from n/a through = 2.4.0...

8.5CVSS0.00357EPSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-57738

Deserialization of Untrusted Data vulnerability in axiomthemes 777 triple-seven allows Object Injection.This issue affects 777: from n/a through = 1.13.0...

9.8CVSS0.00564EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57739

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Blind SQL Injection.This issue affects AcyMailing SMTP Newsletter: from n/a through = 10.11.0...

9.3CVSS0.004EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-57744

Deserialization of Untrusted Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Object Injection.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...

9.8CVSS0.00564EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-57724

Deserialization of Untrusted Data vulnerability in Themeum Kirki kirki allows Object Injection.This issue affects Kirki: from n/a through = 6.0.12...

9.8CVSS0.00564EPSS
Exploits0References1
NVD
NVD
added yesterday2 views

CVE-2026-57726

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeum Kirki kirki allows Blind SQL Injection.This issue affects Kirki: from n/a through = 6.0.12...

9.3CVSS0.004EPSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-57713

Deserialization of Untrusted Data vulnerability in Marcus aka @msykes Events Manager events-manager allows Object Injection.This issue affects Events Manager: from n/a through = 7.3.6...

8.8CVSS0.00461EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57714

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LatePoint LatePoint latepoint allows Blind SQL Injection.This issue affects LatePoint: from n/a through = 5.6.3...

9.3CVSS0.004EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-57702

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Melograno Venture Studio Amelia ameliabooking allows Blind SQL Injection.This issue affects Amelia: from n/a through = 2.4.2...

9.3CVSS0.004EPSS
Exploits0References1
Rows per page
Query Builder