Lucene search
K

230107 matches found

Cvelist
Cvelist
added yesterday30 views

CVE-2026-57766 WordPress WPIDE – File Manager & Code Editor plugin <= 3.5.6 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in WPIDE – File Manager & Code Editor = 3.5.6 versions...

8.8CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday6 views

CVE-2026-57766

Unauthenticated Cross Site Request Forgery CSRF in WPIDE – File Manager & Code Editor = 3.5.6 versions...

8.8CVSS5.8AI score
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-57758

CVE-2026-57758 corresponds to an unauthenticated CSRF in the WordPress Permalink Manager for WooCommerce plugin, affecting versions

7.1CVSS5.8AI score
Exploits0References1
EUVD
EUVD
added yesterday3 views

EUVD-2026-41314

Unauthenticated Cross Site Request Forgery CSRF in Permalink Manager for WooCommerce = 1.0.8.2 versions...

7.1CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added yesterday26 views

CVE-2026-57758 WordPress Permalink Manager for WooCommerce plugin <= 1.0.8.2 - CSRF to Stored XSS vulnerability

Unauthenticated Cross Site Request Forgery CSRF in Permalink Manager for WooCommerce = 1.0.8.2 versions...

7.1CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-57758

Unauthenticated Cross Site Request Forgery CSRF in Permalink Manager for WooCommerce = 1.0.8.2 versions...

7.1CVSS5.8AI score
Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2026-57345

The CVE-2026-57345 entry concerns WordPress Internal Links Manager plugin versions &lt;= 3.0.3 and describes an Unauthenticated Cross Site Scripting (XSS) vulnerability. The connected Patchstack reference confirms an XSS flaw in WordPress Internal Links Manager

7.1CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added yesterday26 views

CVE-2026-57345 WordPress Internal Links Manager plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Internal Links Manager = 3.0.3 versions...

7.1CVSS
Exploits0References1
NVD
NVD
added yesterday6 views

CVE-2026-10104

The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via customthumbnail Parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS0.00263EPSS
Exploits0References8
Nuclei
Nuclei
added yesterday53 views

IBM Operational Decision Manager - Java Deserialization

IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to...

9.8CVSS7.7AI score0.73398EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday56 views

HPE Edgeline Infrastructure Manager <1.22 - Authentication Bypass

HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22 contains an authentication bypass vulnerability which could be remotely exploited to bypass remote authentication and possibly lead to execution of arbitrary commands, gaining...

10CVSS7.6AI score0.68293EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday20 views

Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcard

A vulnerability in Ivanti Endpoint Manager EPM allows an unauthenticated attacker to coerce the EPM machine account credential via the GetHashForWildcard endpoint. The vulnerability exists due to improper input validation in the wildcard parameter, allowing an attacker to specify a remote UNC pat...

9.8CVSS7.7AI score0.89738EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday31 views

Micro Focus Operations Bridge Manager <=2020.05 - Remote Code Execution

Micro Focus Operations Bridge Manager in versions 2020.05 and below is vulnerable to remote code execution via UCMDB. The vulnerability allows remote attackers to execute arbitrary code on affected installations of Data Center Automation. An attack requires network access and authentication as a...

8.8CVSS8.1AI score0.7699EPSS
Exploits6References5
Nuclei
Nuclei
added yesterday37 views

Eaton Intelligent Power Manager 1.6 - Directory Traversal

Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via directory traversal, which can lead to sensitive information disclosure, denial of service and code execution. id: CVE-2018-12031 info: name: Eaton Intelligent Power Manager 1.6 - Directory Traversal author: daffainfo...

9.8CVSS7.4AI score0.17313EPSS
Exploits2References5
Patchstack
Patchstack
added yesterday7 views

WordPress WPIDE – File Manager & Code Editor plugin <= 3.5.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by dodoh4t in WordPress Plugin WPIDE – File Manager & Code Editor versions = 3.5.6...

8.8CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added yesterday8 views

WordPress Permalink Manager for WooCommerce plugin <= 1.0.8.2 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by dodoh4t in WordPress Plugin Permalink Manager for WooCommerce versions = 1.0.8.2...

7.1CVSS5.8AI score
Exploits0Affected Software1
CVE
CVE
added yesterday5 views

CVE-2026-10104

The Product Video Gallery for Woocommerce plugin (WordPress) is affected up to version 1.5.1.8 by a Stored Cross-Site Scripting flaw in the custom_thumbnail parameter, caused by insufficient input sanitization and output escaping. Exploitation requires shop manager-level access or higher (authent...

4.4CVSS5.9AI score0.00263EPSS
Exploits0References8
EUVD
EUVD
added yesterday4 views

EUVD-2026-41269

The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via customthumbnail Parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS5.9AI score0.00263EPSS
Exploits0References8
OSV
OSV
added yesterday8 views

ROOT-APP-NPM-CVE-2026-39365 CVE-2026-39365 in @rootio/vite - Patched by Root

Root has patched CVE-2026-39365 in the @rootio/vite package for Root:npm. Multiple fixed versions available...

5.3CVSS5.8AI score0.00914EPSS
Exploits1
CVE
CVE
added yesterday8 views

CVE-2026-11578

The CVE concerns the Fluent Forms WordPress plugin prior to 6.2.5, where deletion of form submission entries is not properly restricted to forms a restricted Manager is authorized to manage. This misconfiguration allows a Manager limited to specific forms to permanently delete submission entries ...

2.7CVSS5.8AI score0.00132EPSS
Exploits0References1
Rows per page
Query Builder