Lucene search
+L

3005 matches found

Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.30 views

PT-2026-44218

The PDF Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.9.3 via the enqueue block assets. This makes it possible for authenticated attackers, with contributor-level access and above, to extract configuration data. License key...

4.3CVSS5.8AI score0.00376EPSS
Exploits0References7
NVD
NVD
added 2026/05/25 3:16 p.m.15 views

CVE-2018-25374

Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with encoded backslash sequences to traverse directories and acce...

8.7CVSS0.00785EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/25 2:15 p.m.13 views

CVE-2018-25372 MedDream PACS Server Premium 6.7.1.1 SQL Injection via email

MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Attackers can submit crafted POST requests to the userSignup.php endpoint with SQL payloads ...

8.8CVSS6.1AI score0.00305EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.12 views

Softneta MedDream PACS Server Premium SQL注入漏洞

Softneta MedDream PACS Server Premium is a medical image storage and reading platform from Softneta. A SQL injection vulnerability exists in Softneta MedDream PACS Server Premium version 6.7.1.1, which originates from malicious code injection via email parameters and could lead to execution of...

8.8CVSS6.2AI score0.00305EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.9 views

Softneta MedDream PACS Server Premium 路径遍历漏洞

Softneta MedDream PACS Server Premium is a medical image storage and reading platform from Softneta. A path traversal vulnerability exists in Softneta MedDream PACS Server Premium version 6.7.1.1, which originates from a directory traversal and could allow an unauthenticated attacker to read...

8.7CVSS5.9AI score0.00785EPSS
Exploits0References3
HackRead
HackRead
added 2026/05/21 11:41 a.m.26 views

Android Malware Spotted Subscribing Victims to Paid Services Without Consent

Cybersecurity researchers expose a 10-month global Android malware campaign using fake apps to secretly charge users through premium SMS bills...

5.8AI score
Exploits0
NVD
NVD
added 2026/05/20 5:16 a.m.18 views

CVE-2026-7522

The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .ph...

8.8CVSS0.00755EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/20 4:27 a.m.48 views

CVE-2026-7522 Advanced Database Cleaner – Premium <= 4.1.0 - Authenticated (Subscriber+) Local File Inclusion via 'template'

The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .ph...

8.8CVSS0.00755EPSS
Exploits0References3
CVE
CVE
added 2026/05/20 4:27 a.m.32 views

CVE-2026-7522

The CVE-2026-7522 issue affects the WordPress plugin The Advanced Database Cleaner – Premium, vulnerable in versions up to 4.1.0. The root cause is Local File Inclusion via the template parameter, allowing authenticated users with Subscriber-level access and above to include and execute arbitrary...

8.8CVSS6.4AI score0.00755EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/08 9:31 p.m.10 views

EUVD-2026-28827

MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the...

8.7CVSS5.8AI score0.0035EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/08 8:22 p.m.8 views

CVE-2026-44400 MailEnable Enterprise Premium < 10.55 Authorization Bypass via WebAdmin

MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the...

8.7CVSS5.8AI score0.0035EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/08 8:22 p.m.11 views

CVE-2026-44400

MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the...

8.7CVSS5.8AI score0.0035EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/08 8:22 p.m.50 views

CVE-2026-44400 MailEnable Enterprise Premium < 10.55 Authorization Bypass via WebAdmin

MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the...

8.7CVSS0.0035EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.12 views

MailEnable Enterprise Premium 安全漏洞

MailEnable Enterprise Premium is a suite of POP3 and SMTP email servers provided by the Australian company MailEnable. Versions of MailEnable Enterprise Premium 10.55 and earlier contained security vulnerabilities. These vulnerabilities stemmed from improper authorization in the WebAdmin mobile...

9.8CVSS5.8AI score0.0035EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/06 12:30 p.m.7 views

EUVD-2026-27548

The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...

7.5CVSS5.9AI score0.00336EPSS
Exploits0References3
CVE
CVE
added 2026/05/06 9:27 a.m.17 views

CVE-2026-1719

CVE-2026-1719 concerns the Gravity Bookings Premium WordPress plugin. Affected: Gravity Bookings Premium plugin for WordPress (versions up to and including 2.5.9). Issue: SQL Injection due to insufficient escaping of user-supplied input and inadequate preparation of the existing SQL query, enabli...

7.5CVSS5.9AI score0.00336EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/06 9:27 a.m.6 views

CVE-2026-1719 Gravity Bookings <= 2.5.9 - Unauthenticated SQL Injection via 'category_id' Parameter

The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...

7.5CVSS5.9AI score0.00336EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/06 9:27 a.m.7 views

CVE-2026-1719

The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...

7.5CVSS5.9AI score0.00336EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/06 9:27 a.m.34 views

CVE-2026-1719 Gravity Bookings <= 2.5.9 - Unauthenticated SQL Injection via 'category_id' Parameter

The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...

7.5CVSS0.00336EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.12 views

WordPress plugin Gravity Bookings Premium SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.5CVSS5.9AI score0.00336EPSS
Exploits0References1
Rows per page
Query Builder