Lucene search
K

6276 matches found

Circl
Circl
added 2026/01/02 6:0 a.m.6 views

CVE-2025-15428

creationtimestamp| type| source ---|---|--- 2026-01-02 06:00:26+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbg7qiihyt2p 2026-01-02 07:43:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbgfjlltmq2e 2026-01-02 18:53:57+00:00| seen|...

9CVSS8.1AI score0.00811EPSS
Exploits1References2
Circl
Circl
added 2026/01/02 3:43 a.m.12 views

CVE-2025-14998

creationtimestamp| type| source ---|---|--- 2026-01-02 03:43:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbfy42vpmw2u 2026-01-02 03:49:35+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbfygjrrqv2p 2026-01-02 07:47:35+00:00| seen|...

9.8CVSS5.7AI score0.00541EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.10 views

PT-2026-1107

Name of the Vulnerable Software and Affected Versions code-projects Content Management System version 1.0 Description A security issue exists in code-projects Content Management System. The manipulation of the image argument in a file, /admin/edit posts.php, allows for unrestricted file upload...

5.8CVSS6.2AI score0.00305EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.6 views

PT-2026-1117

Name of the Vulnerable Software and Affected Versions Emlog version 2.5.23 Description Emlog version 2.5.23’s article creation functionality is susceptible to cross-site request forgery CSRF. This allows an attacker to force a user to post an article containing arbitrary content. When combined wi...

8.3CVSS6.3AI score0.00151EPSS
Exploits1References6
Circl
Circl
added 2026/01/01 5:57 p.m.6 views

CVE-2025-68272

creationtimestamp| type| source ---|---|--- 2026-01-01 17:57:40+00:00| published-proof-of-concept| https://github.com/SignalK/signalk-server/security/advisories/GHSA-7rqc-ff8m-7j23 2026-01-01 18:22:04+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbeyppmdz32z 2026-01-01...

7.5CVSS5.7AI score0.00519EPSS
Exploits1References5
Circl
Circl
added 2026/01/01 5:54 p.m.4 views

CVE-2025-66398

creationtimestamp| type| source ---|---|--- 2026-01-01 17:54:57+00:00| published-proof-of-concept| https://github.com/SignalK/signalk-server/security/advisories/GHSA-w3x5-7c4c-66p9 2026-01-01 18:21:57+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbeypj7h5c2p 2026-01-01...

9.6CVSS6AI score0.17934EPSS
Exploits3References7
Circl
Circl
added 2026/01/01 5:54 p.m.8 views

CVE-2025-68620

creationtimestamp| type| source ---|---|--- 2026-01-01 17:54:21+00:00| published-proof-of-concept| https://github.com/SignalK/signalk-server/security/advisories/GHSA-fq56-hvg6-wvm5 2026-01-01 20:01:35+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbf6bouxuo2u 2026-01-01...

9.1CVSS5.7AI score0.00492EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/01 6:25 a.m.13 views

CVE-2025-14434

The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...

5.3CVSS6.9AI score0.00245EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/01 5:32 a.m.13 views

CVE-2025-49354

Cross-Site Request Forgery CSRF vulnerability in Mindstien Technologies Recent Posts From Each Category recent-posts-from-each-category allows Stored XSS.This issue affects Recent Posts From Each Category: from n/a through = 1.4...

7.1CVSS5.9AI score0.00096EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/01 3:20 a.m.6 views

WordPress User Submitted Posts plugin <= 20251121 - Open Redirection vulnerability

Open Redirection vulnerability discovered by benzdeus in WordPress Plugin User Submitted Posts versions = 20251121...

6.1CVSS6.7AI score0.00475EPSS
Exploits0Affected Software1
Circl
Circl
added 2025/12/31 8:56 p.m.5 views

CVE-2025-30628

creationtimestamp| type| source ---|---|--- 2025-12-31 20:56:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbcqvtpyen2y 2025-12-31 21:00:48+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbcr4nd4cw2u 2026-01-02 08:03:39+00:00| seen|...

8.5CVSS4.8AI score0.00215EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/31 1:7 p.m.14 views

CVE-2025-14426

The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'editrating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above t...

4.3CVSS5.1AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/31 11:5 a.m.4 views

CVE-2025-68996

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows PHP Local File Inclusion.This issue affects Responsive Posts Carousel Pro: from n/a through = 15...

7.5CVSS7.1AI score0.00378EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/31 6:30 a.m.4 views

EUVD-2025-205885

The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...

6.4AI score0.00245EPSS
Exploits0References3
NVD
NVD
added 2025/12/31 6:15 a.m.5 views

CVE-2025-49354

Cross-Site Request Forgery CSRF vulnerability in Mindstien Technologies Recent Posts From Each Category recent-posts-from-each-category allows Stored XSS.This issue affects Recent Posts From Each Category: from n/a through = 1.4...

7.1CVSS0.00096EPSS
Exploits0References1
NVD
NVD
added 2025/12/31 6:15 a.m.5 views

CVE-2025-14434

The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...

5.3CVSS0.00245EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/31 6:0 a.m.29 views

CVE-2025-14434 Ultimate Post Kit < 4.0.16 – Unauthenticated Arbitrary Post Content Disclosure

The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...

0.00245EPSS
Exploits0References1
CVE
CVE
added 2025/12/31 6:0 a.m.16 views

CVE-2025-14434

CVE-2025-14434 affects the WordPress plugin “Ultimate Post Kit Addons for Elementor” (versions prior to 4.0.16). The issue arises from multiple AJAX endpoints (e.g., loadmore posts) that do not verify whether targeted posts are published, enabling an unauthenticated attacker to query arbitrary po...

5.3CVSS6.5AI score0.00245EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/31 6:0 a.m.4 views

CVE-2025-14434 Ultimate Post Kit < 4.0.16 – Unauthenticated Arbitrary Post Content Disclosure

The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...

6.5AI score0.00245EPSS
Exploits0References1
CVE
CVE
added 2025/12/31 5:30 a.m.10 views

CVE-2025-49354

Technical details for CVE-2025-49354 are not provided in the supplied documents; no product, vendor, impact, or remediation specifics are disclosed here. Monitor for official updates.

7.1CVSS5.9AI score0.00096EPSS
Exploits0References1
Rows per page
Query Builder