Lucene search
K

52 matches found

EUVD
EUVD
added 2026/06/17 6:35 p.m.7 views

EUVD-2026-37672

Unauthenticated Local File Inclusion in Mikado Core = 1.6 versions...

8.1CVSS5.2AI score0.00423EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 2:17 p.m.8 views

CVE-2025-69174

Unauthenticated Local File Inclusion in Etude = 1.6 versions...

8.1CVSS0.00348EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 2:17 p.m.11 views

CVE-2025-69127

Unauthenticated PHP Object Injection in Plumbing = 1.6 versions...

9.8CVSS0.00386EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.5 views

CVE-2026-39447

Unauthenticated Cross Site Scripting XSS in Simply Schedule Appointments = 1.6.10.6 versions...

7.1CVSS0.00237EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 11:52 a.m.18 views

CVE-2026-47195

CVE-2026-47195 affects the Quest Bot (Discord bot). Prior to version 1.1.6, purge and slowmode commands check only guild-level permissions, not the invoking member’s channel-level permissions. A user without channel moderation rights could still delete messages or modify slowmode via the bot. The...

7.1CVSS5.3AI score0.00215EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48858

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the purge and slowmode commands check only guild-level permissions on the invoking member. They do not check the member’s effective permissions in the channel where the command is run. A user denied channel-level moderation permissio...

7.1CVSS5.3AI score0.00215EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/05/26 8:46 p.m.9 views

WordPress myLinksDump plugin <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by san6051 - COFFSec in WordPress Plugin myLinksDump versions = 1.6...

4.8CVSS5.8AI score0.0023EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/26 6:57 p.m.9 views

WordPress MetaMagic SEO Plugin plugin <= 1.6 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin MetaMagic SEO Plugin versions = 1.6...

4.3CVSS5.8AI score0.00124EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/08 1:19 p.m.14 views

CVE-2026-41496

CVE-2026-41496 affects PraisonAI’s multi‑agent system where 9 conversation backends (MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase, SurrealDB) pass table_prefix directly into SQL, enabling unvalidated injection points (52 total). Root cause mirrors CVE-2026-40315 ...

8.1CVSS5.8AI score0.00347EPSS
Exploits1References1Affected Software2
EUVD
EUVD
added 2026/04/16 9:31 a.m.4 views

EUVD-2025-209493

The Career Section plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Path Traversal and Arbitrary File Deletion in all versions up to, and including, 1.6. This is due to missing nonce validation and insufficient file path validation on the delete action in the...

8.8CVSS5.7AI score0.00412EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.6 views

PT-2026-33079

Name of the Vulnerable Software and Affected Versions Smart Online Order for Clover versions n/a through 1.6.0 Description A Cross-Site Request Forgery CSRF flaw allows an attacker to induce a user to perform actions they did not intend to do. Recommendations At the moment, there is no informatio...

4.3CVSS5.2AI score0.00107EPSS
Exploits0References6
CVE
CVE
added 2026/04/08 8:30 a.m.7 views

CVE-2026-39668

The CVE-2026-39668 entry covers a Missing Authorization (Broken Access Control) vulnerability in the g5theme Book Previewer for Woocommerce plugin for WordPress, affected through version 1.0.6. The underlying issue is incorrectly configured access control, enabling potential unauthorized access t...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:9 p.m.5 views

CVE-2026-33281

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected...

7.5CVSS5.8AI score0.00393EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 4:15 p.m.3 views

CVE-2026-32502

Deserialization of Untrusted Data vulnerability in Select-Themes Borgholm borgholm-marketing-agency-theme allows Object Injection.This issue affects Borgholm: from n/a through 1.6...

5.8AI score0.00375EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/03/23 7:1 p.m.8 views

WordPress myLinksDump plugin <= 1.6 - Authenticated (Administrator+) SQL Injection via 'sort_by' and 'sort_order' Parameters vulnerability

Authenticated Administrator+ SQL Injection via 'sortby' and 'sortorder' Parameters vulnerability discovered by san6051 - PWC in WordPress Plugin myLinksDump versions = 1.6...

7.2CVSS5.9AI score0.00354EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/23 12:46 p.m.27 views

CVE-2026-4588 kalcaddle kodbox Site-level API key shareOut.class.php shareSafeGroup hard-coded key

A vulnerability was determined in kalcaddle kodbox 1.64. Impacted is the function shareSafeGroup of the file /workspace/source-code/app/controller/explorer/shareOut.class.php of the component Site-level API key Handler. This manipulation of the argument sk causes use of hard-coded cryptographic k...

6.3CVSS0.00268EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.8 views

WordPress plugin Verdure 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.1CVSS5.8AI score0.00519EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 4:22 p.m.11 views

CVE-2026-22367

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Coworking coworking allows PHP Local File Inclusion.This issue affects Coworking: from n/a through = 1.6.1...

8.1CVSS0.00561EPSS
Exploits0References1
NVD
NVD
added 2026/02/11 9:15 a.m.17 views

CVE-2026-1748

The Invoct – PDF Invoices & Billing for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access...

4.3CVSS0.00309EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/10 6:16 p.m.4 views

CVE-2026-21342 Substance3D - Stager | Out-of-bounds Write (CWE-787)

Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.3AI score0.00176EPSS
Exploits0References1
Rows per page
Query Builder