Lucene search
K

457711 matches found

CVE
CVE
added 2026/06/16 9:3 p.m.17 views

CVE-2026-11409

The CVE-2026-11409 entry concerns an authenticated OS command injection in the IPv6 PPPoE configuration handler of TL-WR940N v6. The vulnerability arises from improper sanitization of user input, allowing an authenticated attacker with administrative access to execute arbitrary system commands wi...

8.5CVSS5.8AI score0.02787EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/16 9:3 p.m.19 views

CVE-2026-11410 OS Command Injection in BigPond Cable (BPA) Configuration in TP-Link TL-WR940N

An authenticated OS command injection vulnerability exists in the BigPond Cable BPA WAN configuration module in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges...

8.5CVSS0.02787EPSS
Exploits0References3
CVE
CVE
added 2026/06/16 9:3 p.m.12 views

CVE-2026-11410

The CVE-2026-11410 entry concerns TL-WR940N v6 (BigPond Cable BPA WAN config) with an authenticated OS command injection caused by improper input sanitization in the configuration module. An administrator can trigger arbitrary command execution with elevated privileges on the device via the BPA W...

8.5CVSS5.8AI score0.02787EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/16 9:2 p.m.9 views

GHSA-7CX2-G3H9-382P Crawl4AI: Arbitrary file write (symlink/TOCTOU) plus log and webhook-header injection in Docker server

Summary Three backward-compatible hardening fixes in the Docker API server. The headline issue is an arbitrary file write via the screenshot/PDF outputpath. 1. Arbitrary file write via outputpath symlink / TOCTOU primary POST /screenshot and POST /pdf accept an outputpath constrained to...

8.1CVSS5.7AI score0.00656EPSS
Exploits0References5
CVE
CVE
added 2026/06/16 8:57 p.m.25 views

CVE-2026-49080

CVE-2026-49080 : Unauthenticated SQL Injection affecting the WordPress plugin wpDataTables, version

9.3CVSS5.7AI score0.00229EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.20 views

CVE-2026-49080 WordPress wpDataTables plugin <= 7.3.6 - SQL Injection vulnerability

Unauthenticated SQL Injection in wpDataTables = 7.3.6 versions...

9.3CVSS0.00229EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.19 views

CVE-2026-40761 WordPress Valeska theme <= 1.2.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Valeska = 1.2.2 versions...

8.1CVSS0.0025EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:57 p.m.11 views

CVE-2026-40761

WordPress Theme Valeska &lt;= 1.2.2 is affected by an unauthenticated PHP Object Injection vulnerability. Affected component: Valeska theme (WordPress). Root cause: PHP object injection in versions

8.1CVSS5.3AI score0.0025EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.18 views

CVE-2026-40760 WordPress Behold theme <= 1.5 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Behold = 1.5 versions...

8.1CVSS0.0025EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.19 views

CVE-2026-40759 WordPress Esmée theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Esmée = 1.4 versions...

8.1CVSS0.0032EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:57 p.m.15 views

CVE-2026-40759

CVE-2026-40759 affects WordPress Esmée theme versions

8.1CVSS5.3AI score0.0032EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:57 p.m.10 views

CVE-2026-40760

WordPress Behold theme

8.1CVSS5.3AI score0.0025EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.18 views

CVE-2026-40758 WordPress Léonie theme <= 1.2.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Léonie = 1.2.1 versions...

8.1CVSS0.0032EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:57 p.m.11 views

CVE-2026-40758

The CVE concerns WordPress Léonie theme versions

8.1CVSS5.3AI score0.0032EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.24 views

CVE-2026-40754 WordPress Roisin theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Roisin = 1.4 versions...

8.1CVSS0.0025EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:57 p.m.11 views

CVE-2026-40754

CVE-2026-40754 concerns the WordPress Roisin theme (versions &lt;= 1.4) with unauthenticated PHP Object Injection. Public references describe an object-injection vulnerability in Roisin

8.1CVSS5.3AI score0.0025EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:57 p.m.13 views

CVE-2026-40755

CVE-2026-40755 affects WordPress TechLink theme versions

8.1CVSS5.3AI score0.0025EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.20 views

CVE-2026-40755 WordPress TechLink theme <= 1.3 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in TechLink = 1.3 versions...

8.1CVSS0.0025EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.21 views

CVE-2026-40751 WordPress Ashtanga theme <= 1.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Ashtanga = 1.2 versions...

8.1CVSS0.0032EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:57 p.m.11 views

CVE-2026-40751

CVE-2026-40751 affects WordPress Theme Ashtanga versions

8.1CVSS5.3AI score0.0032EPSS
Exploits0References1
Rows per page
Query Builder