Lucene search
K

994 matches found

NVD
NVD
added 6 hours ago3 views

CVE-2026-57355

Subscriber Broken Access Control in Classified Listing = 5.4.2 versions...

6.5CVSS
Exploits0References1
NVD
NVD
added 6 hours ago2 views

CVE-2026-27425

Unauthenticated Cross Site Scripting XSS in Automotive Listings = 18.6 versions...

7.1CVSS
Exploits0References1
Cvelist
Cvelist
added 8 hours ago3 views

CVE-2026-27425 WordPress Automotive Listings plugin <= 18.6 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Automotive Listings = 18.6 versions...

7.1CVSS
Exploits0References1
CVE
CVE
added 8 hours ago5 views

CVE-2026-27425

Unauthenticated Cross Site Scripting XSS in Automotive Listings = 18.6 versions...

7.1CVSS5.8AI score
Exploits0References1
Nuclei
Nuclei
added 9 hours ago38 views

Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File

The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible printphpinformation.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PH...

5.3CVSS7.2AI score0.00887EPSS
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-12435

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.111. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00232EPSS
Exploits0References8
EUVD
EUVD
added yesterday6 views

EUVD-2026-40935

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.111. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS5.9AI score0.00232EPSS
Exploits0References8
Cvelist
Cvelist
added yesterday24 views

CVE-2026-12435 Motors <= 1.4.111 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Modification via 'stm_mark_as_sold_car' Parameter

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.111. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00232EPSS
Exploits0References8
NVD
NVD
added 2 days ago9 views

CVE-2026-58371

SeaweedFS before 4.30 reflects the callback query parameter verbatim into responses served with Content-Type application/javascript in the shared writeJson helper weed/server/common.go, with no callback-name validation, no X-Content-Type-Options: nosniff header, and no CORS allow-list. Every JSON...

3.1CVSS0.0021EPSS
Exploits0References5
Patchstack
Patchstack
added 3 days ago4 views

WordPress Automotive Listings plugin <= 18.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Automotive Listings versions = 18.6...

7.1CVSS5.8AI score
Exploits0Affected Software1
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-39948

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.4 via the 'id' parameter due to missing validation on a user controlled key. This...

4.3CVSS5.7AI score0.00271EPSS
Exploits0References14
Fedora
Fedora
added 5 days ago3 views

[SECURITY] Fedora 43 Update: nginx-mod-fancyindex-0.6.0-6.fc43

The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...

9.2CVSS6.9AI score0.03299EPSS
Exploits4
EUVD
EUVD
added 6 days ago7 views

EUVD-2025-210347

The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing for arbitrary directories on the server...

5.3CVSS5.9AI score0.00263EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:11 p.m.27 views

CVE-2026-23513 FOSSBilling: Broken Authorization in Client Transaction and Order Listings

FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, a query-construction flaw in client list endpoints allowed authenticated clients to bypass tenant scoping and retrieve other clients’ data. Details In ServiceTransaction::getSearchQuery and...

7.1CVSS0.00282EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 8:11 p.m.11 views

CVE-2026-23513

CVE-2026-23513 affects FOSSBilling prior to 0.8.0. A query-construction flaw in client list endpoints (ServiceTransaction::getSearchQuery and Order\Service::getSearchQuery) fails to group OR-based filters, allowing authenticated clients to bypass tenant scoping and retrieve other clients’ data (i...

7.1CVSS5.9AI score0.00282EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 6:18 p.m.12 views

CVE-2026-50221

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...

5.4CVSS0.00146EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/06/23 5:3 p.m.34 views

CVE-2026-50221

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...

5.3CVSS0.00146EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/23 5:3 p.m.6 views

EUVD-2026-38537

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...

5.3CVSS6AI score0.00146EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/06/23 5:3 p.m.7 views

CVE-2026-50221

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...

5.4CVSS6AI score0.00146EPSS
Exploits1
CVE
CVE
added 2026/06/23 5:3 p.m.13 views

CVE-2026-50221

CVE-2026-50221 affects OpenStack Swift prior to 2.37.2, where proxy-server fails to strip internal update headers (X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device) from client requests before forwarding to object-servers. An authenticated user with write access can inje...

5.4CVSS6AI score0.00146EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder