Lucene search
K

2978 matches found

Vulnrichment
Vulnrichment
added 2026/05/15 7:46 a.m.7 views

CVE-2026-6403 Quick Playground <= 1.3.3 - Unauthenticated Path Traversal to Arbitrary File Read via 'stylesheet' Parameter

The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due to insufficient path validation in the qckplyziptheme function, which appends a user-controlled 'stylesheet' parameter directly to the theme root directory path without...

7.5CVSS5.9AI score0.00811EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/05/15 7:46 a.m.6 views

CVE-2026-6403

The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due to insufficient path validation in the qckplyziptheme function, which appends a user-controlled 'stylesheet' parameter directly to the theme root directory path without...

7.5CVSS5.9AI score0.00811EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/05/15 7:46 a.m.51 views

CVE-2026-6403 Quick Playground <= 1.3.3 - Unauthenticated Path Traversal to Arbitrary File Read via 'stylesheet' Parameter

The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due to insufficient path validation in the qckplyziptheme function, which appends a user-controlled 'stylesheet' parameter directly to the theme root directory path without...

7.5CVSS0.00811EPSS
Exploits0References11
EUVD
EUVD
added 2026/05/15 7:46 a.m.12 views

EUVD-2026-30517

The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due to insufficient path validation in the qckplyziptheme function, which appends a user-controlled 'stylesheet' parameter directly to the theme root directory path without...

7.5CVSS5.9AI score0.00811EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.9 views

WordPress plugin Quick Playground 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.5CVSS6AI score0.00811EPSS
Exploits0References1
Securelist
Securelist
added 2026/05/14 11:0 a.m.13 views

Kimsuky targets organizations with PebbleDash-based tools

Over the past few months, we have conducted an in-depth analysis of specific activity clusters of Kimsuky aka APT43, Ruby Sleet, Black Banshee, Sparkling Pisces, Velvet Chollima, and Springtail, a prolific Korean-speaking threat actor. Our research revealed notable tactical shifts throughout...

6.2AI score
Exploits0
EUVD
EUVD
added 2026/05/12 6:30 p.m.10 views

EUVD-2026-29546

Improper input validation for some IntelR QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege...

8.5CVSS5.7AI score0.0011EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 6:30 p.m.15 views

EUVD-2026-29526

Null pointer dereference for some IntelR QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result...

6.9CVSS5.7AI score0.00101EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 5:33 p.m.41 views

CVE-2026-20767

Improper input validation for some IntelR QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege...

8.5CVSS0.0011EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 5:16 p.m.33 views

CVE-2026-20771

Null pointer dereference for some IntelR QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result...

6.9CVSS0.00101EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 4:34 p.m.8 views

CVE-2026-20793

Unchecked return value for some IntelR QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result ma...

4.8CVSS5.7AI score0.00096EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 9:31 a.m.26 views

EUVD-2026-29401

The Quick Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' attribute of the 'qtbl' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6AI score0.00187EPSS
Exploits0References4
NVD
NVD
added 2026/05/12 9:16 a.m.48 views

CVE-2026-6237

The Quick Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' attribute of the 'qtbl' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00187EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/12 7:48 a.m.6 views

CVE-2026-6237 Quick Table <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'style' Shortcode Attribute

The Quick Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' attribute of the 'qtbl' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6AI score0.00187EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/12 7:48 a.m.5 views

CVE-2026-6237

The Quick Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' attribute of the 'qtbl' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6AI score0.00187EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Intel QAT software drivers for Windows 输入验证错误漏洞

Intel QAT software drivers for Windows are a set of encryption and compression hardware acceleration drivers for the Windows platform developed by Intel Corporation. Versions of Intel QAT software drivers for Windows prior to version 1.13 contain a vulnerability related to input validation. This...

6.9CVSS5.8AI score0.00099EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Intel QAT software drivers for Windows 代码问题漏洞

Intel QAT software drivers for Windows are a set of encryption and compression hardware acceleration drivers for the Windows platform developed by Intel Corporation. There are code-related vulnerabilities in Intel QAT software drivers for Windows versions prior to 2.6.0. These vulnerabilities ste...

6.8CVSS5.8AI score0.00098EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

WordPress plugin Quick Table 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.00187EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Intel QAT software drivers for Windows 输入验证错误漏洞

Intel QAT software drivers for Windows are a set of encryption and compression hardware acceleration drivers for the Windows platform developed by Intel Corporation. The version 2.6 of Intel QAT software drivers for Windows contained a vulnerability related to input validation errors. This...

6.9CVSS5.8AI score0.00099EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-40083

Improper input validation for some IntelR QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result...

6.9CVSS5.7AI score0.00099EPSS
Exploits0References2
Rows per page
Query Builder