Lucene search
K

2887 matches found

NVD
NVD
added yesterday5 views

CVE-2026-57803

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Struktur Core struktur-core allows PHP Local File Inclusion.This issue affects Struktur Core: from n/a through = 2.5.1...

7.5CVSS0.00496EPSS
Exploits0References1
CVE
CVE
added yesterday13 views

CVE-2026-57745

CVE-2026-57745 concerns a Reflected Cross-Site Scripting vulnerability in the WordPress RT-Theme 18 Extensions (rt18-extensions) plugin, affecting version <= 2.5. The issue is described as improper neutralization of input during web page generation, enabling reflected XSS. Affected product/com...

7.1CVSS6.1AI score0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday17 views

CVE-2026-57745 WordPress RT-Theme 18 | Extensions plugin <= 2.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Reflected XSS.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...

7.1CVSS0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday19 views

CVE-2026-57744 WordPress RT-Theme 18 | Extensions plugin <= 2.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Object Injection.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...

9.8CVSS0.00564EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-15072 KiviCare <= 4.5.0 - Authenticated (Doctor+) SQL Injection via 'orderby' Parameter in KCQueryBuilder

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

6.5CVSS0.00281EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 3 days ago11 views

PT-2026-57402

Name of the Vulnerable Software and Affected Versions Print, PDF, Email by PrintFriendly for WordPress versions prior to 5.5.11 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with administrator-level access and...

4.4CVSS6.2AI score0.00208EPSS
Exploits0References11
CVE
CVE
added 4 days ago10 views

CVE-2026-55474

Snipe-IT (IT asset/license management) is affected by a directory-traversal in ActionlogController::displaySig prior to version 8.5.0. The route filename parameter is concatenated into a private upload-directory path without sanitization, enabling an authenticated attacker to read arbitrary files...

7.1CVSS6.2AI score0.00329EPSS
Exploits0References4Affected Software1
CVE
CVE
added 4 days ago15 views

CVE-2026-13247

CVE-2026-13247 affects the WordPress plugin Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase (versions up to 5.5). The vulnerability is a stored cross-site scripting via the lgx_tooltip_position parameter caused by insufficient input sanitization and output escaping. Exploitation ...

6.4CVSS6.2AI score0.00193EPSS
Exploits0References5
CVE
CVE
added 4 days ago10 views

CVE-2026-15300

CVE-2026-15300 affects the GEO my WP WordPress plugin up to version 4.5.4. An SQL injection exists via the distance, lat, and lng parameters. Values are read from $_SERVER['QUERY_STRING'] with parse_str(), then passed through bare esc_sql() and interpolated into unquoted numeric positions in the ...

9.1CVSS6AI score0.00349EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42780

A vulnerability was found in MyEMS up to 6.4.0. The affected element is the function onpost of the file myems-api/core/svg.py of the component Admin Backend. The manipulation of the argument newvalues'data' results in cross site scripting. The attack can be launched remotely. The exploit has been...

4.8CVSS4.3AI score0.0022EPSS
Exploits0References8
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-15321 MyEMS Admin Backend svg.py on_post cross site scripting

A vulnerability was found in MyEMS up to 6.4.0. The affected element is the function onpost of the file myems-api/core/svg.py of the component Admin Backend. The manipulation of the argument newvalues'data' results in cross site scripting. The attack can be launched remotely. The exploit has been...

4.8CVSS0.0022EPSS
Exploits0References8
CVE
CVE
added 5 days ago21 views

CVE-2026-14245

The CVE-2026-14245 entry concerns the miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress (versions up to and including 5.5.1). The root cause is that um_reset_password_process_hook() performs no server-side verification of OTP completion and relies on a public form_nonc...

9.8CVSS6AI score0.00586EPSS
Exploits0References10
Snyk
Snyk
added 6 days ago3 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of the Certificate Revocation List on the gRPC listener when separate listeners are configured for HTTP and gRPC client endpoints. An attacker can gain unauthorized access and...

8.5CVSS6.1AI score0.00364EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/07/06 2:10 p.m.6 views

WordPress RT-Theme 18 | Extensions plugin <= 2.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Plugin RT-Theme 18 | Extensions versions = 2.5...

8.1CVSS5.9AI score0.00557EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/06 1:55 p.m.6 views

WordPress RT-Theme 18 | Extensions plugin <= 2.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin RT-Theme 18 | Extensions versions = 2.5...

7.1CVSS5.9AI score0.00251EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/07/02 8:32 p.m.9 views

EUVD-2026-37821

Steeltoe: OAEP setting silently selects PKCS1 v1.5 padding...

1.9CVSS5.8AI score0.00046EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/07/02 3:24 p.m.7 views

WordPress Struktur Core plugin <= 2.5.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Struktur Core versions = 2.5.1...

7.5CVSS5.9AI score0.00496EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/07/02 12:17 p.m.4 views

CVE-2026-42382

Unauthenticated Local File Inclusion in Audrey = 1.5 versions...

8.1CVSS0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.36 views

CVE-2026-57343 WordPress Real Estate 7 theme <= 3.5.9 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Real Estate 7 = 3.5.9 versions...

7.1CVSS0.00191EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.34 views

CVE-2026-42382 WordPress Audrey theme <= 1.5 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Audrey = 1.5 versions...

8.1CVSS0.00303EPSS
Exploits0References1
Rows per page
Query Builder