Lucene search
+L

140 matches found

nvd
nvd
added 5 days ago9 views

CVE-2026-15500

A weakness has been identified in AstrBotDevs AstrBot up to 4.25.2. Affected by this vulnerability is the function getonlineplugins of the file astrbot/dashboard/routes/plugin.py of the component marketlist Endpoint. Executing a manipulation of the argument customregistry can lead to server-side...

6.5CVSS0.00209EPSS
Exploits0References6
cve
cve
added 5 days ago12 views

CVE-2026-15500

AstrBotDevs AstrBot (

6.5CVSS6.4AI score0.00209EPSS
Exploits0References6
cve
cve
added 2026/06/30 3:51 p.m.14 views

CVE-2026-58167

Nightingale (n9e) prior to 9.0.0-beta.2 exposes full datasource configurations (plaintext DB passwords, HTTP Bearer tokens, HTTP Basic passwords, and mTLS keys) via POST /api/n9e/datasource/list to any authenticated low-privilege user. The route lacks an admin gate and the DatasourceFilter does n...

7.1CVSS5.8AI score0.00238EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/06/29 5:24 p.m.8 views

CVE-2026-57960 Hi.Events 1.9.0 - Unauthenticated Attendee PII Exposure via Check-in List short_id

Hi.Events through 1.9.0 public check-in list endpoints use shortid as sole access control, allowing unauthenticated access to retrieve full attendee lists including emails and personal information. Attackers with knowledge of the shortid can call GET /api/public/check-in-lists/shortid/attendees t...

8.3CVSS5.8AI score0.00339EPSS
Exploits0References3
nvd
nvd
added 2026/06/24 7:16 a.m.14 views

CVE-2026-9179

The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/wp/v3/post/list REST endpoint in versions up to and including 1.8. This is due to insufficient escaping on the user-supplied 'order' parameter read directly from $GET'order' into...

7.5CVSS0.00376EPSS
Exploits0References4
cve
cve
added 2026/06/24 5:33 a.m.18 views

CVE-2026-9179

Summary: WP Forms Connector for WordPress (versions ≤ 1.8) is susceptible to unauthenticated SQL injection via the order parameter in the /wp-json/wp/v3/post/list endpoint. The root cause is insufficient escaping of $_GET['order'], with the value concatenated into the ORDER BY clause and executed...

7.5CVSS5.9AI score0.00376EPSS
Exploits0References4
euvd
euvd
added 2026/06/24 5:33 a.m.9 views

EUVD-2026-38661

The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/wp/v3/post/list REST endpoint in versions up to and including 1.8. This is due to insufficient escaping on the user-supplied 'order' parameter read directly from $GET'order' into...

7.5CVSS5.9AI score0.00376EPSS
Exploits0References4
cvelist
cvelist
added 2026/06/24 5:33 a.m.33 views

CVE-2026-9179 WP Forms Connector <= 1.8 - Unauthenticated SQL Injection via 'order' Parameter

The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/wp/v3/post/list REST endpoint in versions up to and including 1.8. This is due to insufficient escaping on the user-supplied 'order' parameter read directly from $GET'order' into...

7.5CVSS0.00376EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/24 12:0 a.m.16 views

PT-2026-51693

Name of the Vulnerable Software and Affected Versions WP Forms Connector versions prior to 1.9 Description An issue exists where unauthenticated attackers can execute additional SQL queries to extract sensitive information from the database. This occurs via the /wp-json/wp/v3/post/list REST...

7.5CVSS5.9AI score0.00376EPSS
Exploits0References6
euvd
euvd
added 2026/06/08 12:30 a.m.12 views

EUVD-2026-34995

A vulnerability was identified in JeecgBoot up to 3.9.2. Affected by this vulnerability is the function queryPageList of the file src\main\java\org\jeecg\modules\system\controller\SysUserController.java of the component User List Endpoint. The manipulation of the argument salt leads to informatio...

3.1CVSS4.9AI score0.0022EPSS
Exploits0References8
nvd
nvd
added 2026/06/07 11:16 p.m.9 views

CVE-2026-11464

A vulnerability was identified in JeecgBoot up to 3.9.2. Affected by this vulnerability is the function queryPageList of the file src\main\java\org\jeecg\modules\system\controller\SysUserController.java of the component User List Endpoint. The manipulation of the argument salt leads to informatio...

3.1CVSS0.0022EPSS
Exploits0References7
vulnrichment
vulnrichment
added 2026/06/07 10:30 p.m.12 views

CVE-2026-11464 JeecgBoot User List Endpoint SysUserController.java queryPageList information disclosure

A vulnerability was identified in JeecgBoot up to 3.9.2. Affected by this vulnerability is the function queryPageList of the file src\main\java\org\jeecg\modules\system\controller\SysUserController.java of the component User List Endpoint. The manipulation of the argument salt leads to informatio...

3.1CVSS4.9AI score0.0022EPSS
Exploits0References7
attackerkb
attackerkb
added 2026/06/07 10:30 p.m.9 views

CVE-2026-11464

A vulnerability was identified in JeecgBoot up to 3.9.2. Affected by this vulnerability is the function queryPageList of the file src\main\java\org\jeecg\modules\system\controller\SysUserController.java of the component User List Endpoint. The manipulation of the argument salt leads to informatio...

3.1CVSS4.8AI score0.0022EPSS
Exploits0References7
osv
osv
added 2026/06/07 10:30 p.m.2 views

CVE-2026-11464 JeecgBoot User List Endpoint SysUserController.java queryPageList information disclosure

A vulnerability was identified in JeecgBoot up to 3.9.2. Affected by this vulnerability is the function queryPageList of the file src\main\java\org\jeecg\modules\system\controller\SysUserController.java of the component User List Endpoint. The manipulation of the argument salt leads to informatio...

2.3CVSS5.2AI score0.0022EPSS
Exploits0References9
cnnvd
cnnvd
added 2026/06/07 12:0 a.m.14 views

JeecgBoot 访问控制错误漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.2 and earlier contain an access control vulnerability. This vulnerability stems from the function queryPageList in the User List Endpoint component, which process...

3.1CVSS4.7AI score0.0022EPSS
Exploits0References7
redhatcve
redhatcve
added 2026/06/05 7:46 p.m.9 views

CVE-2026-33386

QuickCMS is vulnerable to Cross-Site Scripting XSS through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑Middle MITM attack by impersonating the opensolution.org server and serving arbitrary HTML or JavaScript at the plugin list endpoint. When a...

2.3CVSS5.6AI score0.00185EPSS
Exploits0References1
euvd
euvd
added 2026/05/29 3:12 p.m.17 views

EUVD-2026-33339

QuickCMS is vulnerable to Cross-Site Scripting XSS through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑Middle MITM attack by impersonating the opensolution.org server and serving arbitrary HTML or JavaScript at the plugin list endpoint. When a...

4.8CVSS5.9AI score0.00185EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/29 3:12 p.m.11 views

CVE-2026-33386

QuickCMS is vulnerable to Cross-Site Scripting XSS through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑Middle MITM attack by impersonating the opensolution.org server and serving arbitrary HTML or JavaScript at the plugin list endpoint. When a...

4.8CVSS5.9AI score0.00185EPSS
Exploits0References3
cvelist
cvelist
added 2026/05/29 3:12 p.m.40 views

CVE-2026-33386 XSS in QuickCMS

QuickCMS is vulnerable to Cross-Site Scripting XSS through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑Middle MITM attack by impersonating the opensolution.org server and serving arbitrary HTML or JavaScript at the plugin list endpoint. When a...

2.3CVSS0.00185EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/29 12:0 a.m.11 views

QuickCMS 跨站脚本漏洞

QuickCMS is an open-source content management system developed by QuickCMS. QuickCMS has a cross-site scripting vulnerability. This vulnerability stems from an insecure HTTP-based plugin acquisition mechanism that makes it vulnerable to cross-site scripting attacks. Malicious attackers can...

4.8CVSS5.7AI score0.00185EPSS
Exploits0References2
Rows per page
Query Builder