Lucene search
K

590 matches found

NVD
NVD
added 2026/05/27 2:16 a.m.18 views

CVE-2026-7493

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to denial of service in all versions up to, and including, 1.6.11.5. This is due to a publicly accessible REST API endpoint /wp-json/ssa/v1/async that calls PHP's sleep function on a...

5.3CVSS0.0035EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 1:26 a.m.36 views

CVE-2026-7493 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.11.5 - Unauthenticated Denial of Service

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to denial of service in all versions up to, and including, 1.6.11.5. This is due to a publicly accessible REST API endpoint /wp-json/ssa/v1/async that calls PHP's sleep function on a...

5.3CVSS0.0035EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 1:26 a.m.33 views

CVE-2026-7493

The CVE concerns the WordPress plugin Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin . Affected versions are all up to and including 1.6.11.5 . The root cause is a publicly accessible REST API endpoint /wp-json/ssa/v1/async that calls PHP’s sleep() with a user-supplied...

5.3CVSS5.7AI score0.0035EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43478

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to denial of service in all versions up to, and including, 1.6.11.5. This is due to a publicly accessible REST API endpoint /wp-json/ssa/v1/async that calls PHP's sleep function on a...

5.3CVSS5.7AI score0.0035EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/26 2:45 a.m.9 views

CVE-2026-9524

A flaw has been found in xianrendzw EasyReport up to 2.0.17.0522Beta. Affected by this issue is the function execute of the component REST Endpoint. Executing a manipulation of the argument reportParams can lead to sql injection. The attack can be launched remotely. The vendor was contacted early...

6.5CVSS6.4AI score0.00246EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/26 2:45 a.m.11 views

CVE-2026-9524 xianrendzw EasyReport REST Endpoint execute sql injection

A flaw has been found in xianrendzw EasyReport up to 2.0.17.0522Beta. Affected by this issue is the function execute of the component REST Endpoint. Executing a manipulation of the argument reportParams can lead to sql injection. The attack can be launched remotely. The vendor was contacted early...

6.5CVSS6.4AI score0.00246EPSS
Exploits0References4
CVE
CVE
added 2026/05/26 2:45 a.m.21 views

CVE-2026-9524

The CVE-2026-9524 entry concerns xianrendzw EasyReport (up to 2.0.17.0522_Beta). The vulnerable component is the REST Endpoint’s execute function, where manipulating the argument reportParams can cause SQL injection. This vulnerability enables remote execution with LOW privileges required and no ...

6.5CVSS6.4AI score0.00246EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/26 2:45 a.m.12 views

EUVD-2026-31783

A flaw has been found in xianrendzw EasyReport up to 2.0.17.0522Beta. Affected by this issue is the function execute of the component REST Endpoint. Executing a manipulation of the argument reportParams can lead to sql injection. The attack can be launched remotely. The vendor was contacted early...

6.5CVSS6.4AI score0.00246EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

EasyReport SQL注入漏洞

EasyReport is a simple and easy-to-use web reporting tool developed by TomDeng. Versions of EasyReport 2.0.17.0522Beta and earlier have a SQL injection vulnerability. This vulnerability stems from improper handling of the reportParams parameter in the execute function of the REST Endpoint...

6.5CVSS6.8AI score0.00246EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/21 3:49 a.m.9 views

CVE-2026-2734

In mlflow/mlflow versions up to 3.9.0, the SearchModelVersions REST API endpoint and the mlflowSearchModelVersions GraphQL query lack proper per-model authorization checks when basic authentication is enabled. This allows any authenticated user to enumerate all model versions across all registere...

6.5CVSS6.5AI score0.00441EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/20 8:23 a.m.46 views

CVE-2026-9065 Surecart - SQL Injection

SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters 'modelname', 'modelid', 'integrationid', 'provider' on the REST API endpoint '/surecart/v1/integrations/id'. The root cause is a flawed escaping bypass in the query builder 'wp-query-builder'...

9.3CVSS0.00338EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/19 4:17 p.m.20 views

Server-side Request Forgery (SSRF)

Overview n8n-core is a Core functionality of n8n Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the POST /rest/dynamic-node-parameters/options endpoint. An attacker can redirect responses to a server under their control by sending a specially crafted...

7.4CVSS5.8AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/14 3:27 a.m.7 views

CVE-2026-7648 LearnPress – WordPress LMS Plugin for Create and Sell Online Courses <= 4.3.5 - Authenticated (Subscriber+) Payment Bypass to Free Course Enrollment via 'quantity' Parameter

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. This is due to improper handling of user-supplied request parameters in the REST API endpoint, whi...

4.3CVSS5.8AI score0.00423EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/14 3:27 a.m.13 views

EUVD-2026-30218

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. This is due to improper handling of user-supplied request parameters in the REST API endpoint, whi...

4.3CVSS5.8AI score0.00423EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/13 6:30 p.m.13 views

EUVD-2026-29958

When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint that may allow an authenticated attacker with administrator role privileges to cross a security boundary and delete files. Note: Software versions which have reached End of Technica...

6.9CVSS5.5AI score0.00886EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 4:16 p.m.11 views

CVE-2026-41954

Sensitive information disclosure vulnerability exists in the undisclosed iControl REST endpoint and TMOS Shell tmsh command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information. Note: Software versions which have reached End of...

6.9CVSS0.00294EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:12 p.m.7 views

CVE-2026-24464

When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint that may allow an authenticated attacker with administrator role privileges to cross a security boundary and delete files. Note: Software versions which have reached End of Technica...

6.9CVSS5.5AI score0.00886EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:12 p.m.9 views

CVE-2026-34176

When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support EoTS are not...

8.7CVSS5.5AI score0.00692EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.13 views

PT-2026-40632

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.2 F5 BIG-IP versions prior to 17.5.1.6 F5 BIG-IP versions prior to 21.0.0.2 Description When running in Appliance mode, a directory traversal issue exists in an undisclosed iControl REST endpoint. This allows...

6.9CVSS5.5AI score0.00886EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/12 9:31 a.m.11 views

EUVD-2026-29407

The HEL Online Classroom: AI-powered Online Classrooms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.3. This is due to a missing capability check on a REST API endpoint registered with a permissioncallback of 'returntrue', which bypasses all...

5.3CVSS5.8AI score0.0031EPSS
Exploits0References6
Rows per page
Query Builder