Lucene search
+L

217 matches found

cve
cve
added last week5 views

CVE-2026-6802

The CVE-2026-6802 entry concerns the WordPress plugin Easy Upload Files During Checkout, affected up to version 3.0.1. The vulnerability stems from missing authorization checks in the ufdc_custom_init() function, which processes the eufdc-delete parameter without nonce verification, capability ch...

5.3CVSS6.2AI score0.00243EPSS
Exploits0References8
cve
cve
added 2026/07/01 4:32 a.m.26 views

CVE-2026-6070

The WP-BusinessDirectory WordPress plugin (versions up to and including 4.0.1) is vulnerable to unauthenticated arbitrary file deletion via path traversal. The issue stems from insufficient path validation in the remove() method of JBusinessDirectoryControllerUpload. The task=upload.remove endpoi...

9.1CVSS5.8AI score0.00409EPSS
Exploits0References5
euvd
euvd
added 2026/06/26 2:53 p.m.6 views

EUVD-2026-39747

Administrator SQL Injection in Popup box = 6.0.1 versions...

7.6CVSS5.8AI score0.00279EPSS
Exploits0References1
euvd
euvd
added 2026/06/26 2:53 p.m.4 views

EUVD-2026-39744

Administrator SQL Injection in WP All Import = 4.0.1 versions...

7.6CVSS5.8AI score0.00279EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/26 2:52 p.m.33 views

CVE-2026-56027 WordPress Booster for WooCommerce plugin <= 8.0.1 - Arbitrary File Upload vulnerability

Customer Arbitrary File Upload in Booster for WooCommerce = 8.0.1 versions...

9.9CVSS0.00328EPSS
Exploits0References1
euvd
euvd
added 2026/06/17 6:35 p.m.13 views

EUVD-2026-37647

Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...

7.5CVSS5.2AI score0.00467EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/11 2:59 a.m.12 views

CVE-2026-45328

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, the esptee component exposes secure-service wrappers in espsecureservices.c and espsecureservicesiram.c that bridge calls from the user application i.e. the REE to TEE-protected hardware peripherals...

9.3CVSS5.3AI score0.00126EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/09 12:0 a.m.20 views

PT-2026-47716

Name of the Vulnerable Software and Affected Versions Apache Answer versions prior to 2.0.1 Description The server fails to sufficiently validate user-supplied image URLs. This allows arbitrary external content to be embedded as profile images, potentially exposing users to unintended external...

6.5CVSS5.5AI score0.00403EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/04 12:0 a.m.20 views

PT-2026-46317

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...

7.6CVSS6AI score0.002EPSS
Exploits0References2
osv
osv
added 2026/06/01 7:0 a.m.4 views

CVE-2026-10234 Mettle sendportal Campaign webview cross site scripting

A vulnerability was detected in Mettle sendportal up to 3.0.1. This affects an unknown part of the file /webview/ of the component Campaign Handler. The manipulation of the argument content results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be...

5.1CVSS4.4AI score0.00203EPSS
Exploits0References9
euvd
euvd
added 2026/05/28 7:34 a.m.13 views

EUVD-2026-32742

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed a blocked Project Access Token to continue accessing private resources due to incorrect authorization...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References3
cvelist
cvelist
added 2026/05/22 3:39 a.m.48 views

CVE-2026-7509 KIA Subtitle <= 4.0.1 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')]

The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's the-subtitle shortcode before and after attributes in all versions up to, and including, 4.0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS0.00249EPSS
Exploits0References7
nvd
nvd
added 2026/05/12 8:16 p.m.11 views

CVE-2026-44217

sse-channel is an SSE-implementation which can be used to any node.js http request/response stream. Prior to 4.0.1, implementations that allow user-provided values to be passed to event, retry or id fields are susceptible to event spoofing, where an attacker could inject arbitrary messages into t...

8.7CVSS0.00478EPSS
Exploits0References2
osv
osv
added 2026/05/06 2:41 p.m.4 views

BIT-JAVA-MIN-2020-14562

Vulnerability in the Java SE product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of...

5.3CVSS6.8AI score0.05166EPSS
Exploits0References11
ptsecurity
ptsecurity
added 2026/04/21 12:0 a.m.14 views

PT-2026-46970

Name of the Vulnerable Software and Affected Versions 7-Zip versions 9.21 through 26.00 Description An uninitialized memory disclosure exists in the UEFI capsule .scap parser. The OpenCapsule function allocates a heap buffer based on an attacker-declared CapsuleImageSize up to 1 GiB without...

7.8CVSS5.6AI score0.00277EPSS
Exploits1References33
osv
osv
added 2026/04/13 3:17 p.m.5 views

DEBIAN-CVE-2026-30999

A heap buffer overflow in the avbprintfinalize function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service DoS via a crafted input...

7.5CVSS6AI score0.00452EPSS
Exploits1References1
nvd
nvd
added 2026/04/08 7:25 p.m.8 views

CVE-2026-34722

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the used endpoint for ticket creation was missing authorization if the related parameter for adding links is used. This vulnerability is fixed in 7.0.1 and 6.5.4...

6.9CVSS0.00167EPSS
Exploits0References1
cvelist
cvelist
added 2026/04/08 6:14 p.m.22 views

CVE-2026-34723 Zammad has incorrect access control in getting_started_controller

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, unauthenticated remote attackers were able to access the getting started endpoint to get access to sensitive internal entity data, even after the system setup was completed. This vulnerability is fixed i...

8.7CVSS0.00443EPSS
Exploits0References1
cvelist
cvelist
added 2026/04/08 6:0 p.m.18 views

CVE-2026-34248 Zammad has an information disclosure in ticket detail view of customers in shared organizations

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, customers in shared organizations means they can see each other's tickets could see fields which are not intended for customers - including fields not intended for them at all e.g. priority, custom ticket attribut...

2.1CVSS0.00193EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/04/08 12:0 a.m.3 views

PT-2026-31413

Name of the Vulnerable Software and Affected Versions Zammad versions prior to 7.0.1 Description Zammad is a web based open source helpdesk/customer support system. In shared organizations, customers could view fields not intended for customer access, including fields restricted to internal use...

2.1CVSS5.9AI score0.00193EPSS
Exploits0References4
Rows per page
Query Builder