Lucene search
K

54 matches found

Cvelist
Cvelist
added 9 hours ago6 views

CVE-2026-57669 WordPress Advanced Contact form 7 DB plugin <= 2.0.9 - Broken Access Control vulnerability

Subscriber Broken Access Control in Advanced Contact form 7 DB = 2.0.9 versions...

6.5CVSS
Exploits0References1
CVE
CVE
added 6 days ago10 views

CVE-2026-54839

The CVE concerns the WordPress Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups plugin, affected

7.5CVSS5.8AI score0.00278EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 8:16 p.m.13 views

CVE-2026-48774

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...

7.5CVSS0.00226EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 7:34 p.m.5 views

CVE-2026-48774

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...

7.5CVSS5.8AI score0.00226EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/06/12 7:6 p.m.5 views

WordPress Page Builder: Pagelayer – Drag and Drop website builder plugin <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin PageLayer versions = 2.0.9...

6.4CVSS5.2AI score0.00155EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/07 3:1 a.m.5 views

CVE-2026-42194

Admidio is an open-source user management solution. Prior to version 5.0.9, the incomplete SSRF fix in Admidio's fetchmetadata.php validates the resolved IP address but passes the original hostname-based URL to curlinit, leaving a DNS rebinding TOCTOU window that allows redirecting requests to...

6.8CVSS5.7AI score0.00236EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/07 2:58 a.m.6 views

CVE-2026-41658 Admidio: Missing Authorization on Inventory Module Destructive Endpoints Allows Any Authenticated User to Delete Items

Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio inventory module enforces authorization for destructive operations delete, retire, reinstate only in the UI layer by conditionally rendering buttons. The backend POST handlers at modules/inventory.php for...

6.5CVSS5.7AI score0.00227EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/07 2:58 a.m.15 views

EUVD-2026-28266

Admidio is an open-source user management solution. Prior to version 5.0.9, the contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring...

4.9CVSS5.8AI score0.00322EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/07 2:58 a.m.45 views

CVE-2026-41656 Admidio: Path Traversal via Unvalidated `name` Parameter in Document Add Mode Enables Arbitrary Server File Read

Admidio is an open-source user management solution. Prior to version 5.0.9, the add mode in modules/documents-files.php accepts a name parameter validated only as 'string' type HTML encoding, allowing path traversal characters ../ to pass through unfiltered. Combined with the absence of CSRF...

4.5CVSS0.00362EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/29 9:53 p.m.6 views

Improper Check for Unusual or Exceptional Conditions

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the stopMembership function. An attacker can cause a denial of administrative...

6.9CVSS5.8AI score0.00285EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/10 1:23 a.m.6 views

CVE-2026-39629

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes Uminex uminex allows Code Injection.This issue affects Uminex: from n/a through = 1.0.9...

5.3CVSS5.9AI score0.00236EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/09 9:45 p.m.5 views

WordPress Advanced CF7 DB plugin <= 2.0.9 - Cross-Site Request Forgery to Form Entry Deletion vulnerability

Cross-Site Request Forgery to Form Entry Deletion vulnerability discovered by Kai Aizen in WordPress Plugin Advanced Contact form 7 DB versions = 2.0.9...

5.4CVSS5.9AI score0.00136EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/24 3:18 p.m.4 views

CVE-2026-24544

Missing Authorization vulnerability in Harmonic Design HD Quiz hd-quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz: from n/a through = 2.0.9...

4.3CVSS5.4AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/10 5:41 a.m.4 views

CVE-2025-67933

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in taskbuilder Taskbuilder taskbuilder allows Reflected XSS.This issue affects Taskbuilder: from n/a through = 4.0.9...

7.1CVSS5.9AI score0.00146EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/08 9:17 a.m.24 views

CVE-2025-67922 WordPress Grand Restaurant theme < 7.0.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Reflected XSS.This issue affects Grand Restaurant: from n/a through 7.0.9...

7.1CVSS0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/06 6:32 p.m.3 views

EUVD-2025-38141

Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous: from n/a through 2.0.9...

6.5AI score0.00318EPSS
Exploits0References2
OSV
OSV
added 2025/11/02 7:50 p.m.4 views

MAL-2025-49318 Malicious code in stark-recurser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 54520ff73a8cd962cb9ab3db426b6c93987e6b616edf752e0e5f6f346293af1b The package stark-recurser was found to contain malicious code. Source: ossf-package-analysis...

7.2AI score
Exploits0
Cvelist
Cvelist
added 2025/10/22 2:32 p.m.10 views

CVE-2025-60208 WordPress Advanced Custom Fields : CPT Options Pages plugin <= 2.0.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Tusko Trush Advanced Custom Fields : CPT Options Pages acf-cpt-options-pages allows Object Injection.This issue affects Advanced Custom Fields : CPT Options Pages: from n/a through = 2.0.9...

8.8CVSS0.00186EPSS
Exploits0References1
CVE
CVE
added 2025/09/22 6:25 p.m.8 views

CVE-2025-53459

CVE-2025-53459 is rejected by the CVE Numbering Authority and does not represent an active vulnerability entry.

5.6AI score
Exploits0
Vulnrichment
Vulnrichment
added 2025/09/09 4:25 p.m.2 views

CVE-2025-39553 WordPress Church Admin plugin <= 5.0.9 - Sensitive Data Exposure vulnerability

Missing Authorization vulnerability in andymoyle Church Admin. This issue affects Church Admin: from n/a through 5.0.9...

4.3CVSS6.5AI score0.00234EPSS
Exploits0References1
Rows per page
Query Builder