257216 matches found
CVE-2026-57810
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affects APIExperts Square for WooCommerce: from n/a through = 4.7.4...
CVE-2026-57400
Missing Authorization vulnerability in WP Swings Event Tickets Manager for WooCommerce event-tickets-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets Manager for WooCommerce: from n/a through = 1.5.5...
CVE-2026-10551
The Breeze Cache WordPress plugin before 2.5.6 is vulnerable to unauthenticated Stored XSS due to a predictable replacement hash used during HTML minification and an abused regular expression, enabling an attacker to inject arbitrary HTML attributes in the final HTML output by predicting the plac...
CVE-2026-15512
creationtimestamp| type| source ---|---|--- 2026-07-13 00:29:31+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqigrl4mk42f 2026-07-13 04:23:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqitumodw52l...
EUVD-2026-43256
A security vulnerability has been detected in Tencent PC Manager 18.1.30242.301. This issue affects some unknown processing in the library qmudisk64.sys of the component QMUDisk Driver. The manipulation leads to uncontrolled search path. The attack must be carried out locally. The attack is...
CVE-2026-10667
creationtimestamp| type| source ---|---|--- 2026-07-12 17:37:06+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqhpq4dedf2a 2026-07-12 18:00:21+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mqhqznqyim2i 2026-07-12 19:37:23+00:00| seen|...
CVE-2026-15501
creationtimestamp| type| source ---|---|--- 2026-07-12 13:27:01+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqhbqvz6lj2a 2026-07-12 13:33:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqhc3qfqzv24 2026-07-12 17:18:02+00:00| seen|...
CVE-2026-56271
creationtimestamp| type| source ---|---|--- 2026-07-12 12:33:19+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqh6qvmwwo2y 2026-07-12 12:46:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqh7hpkdws2f 2026-07-12 12:54:26+00:00| seen|...
EUVD-2026-43236
LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing adjacent network attackers to inject HTML markup. Attackers can send a DHCPv6 Client FQDN containing script tags that execute in the administrator's browser when viewing DHCP lease pages...
CVE-2026-15481
creationtimestamp| type| source ---|---|--- 2026-07-12 06:00:27+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mqgisf5b4s23 2026-07-12 06:00:28+00:00| seen| https://infosec.exchange/users/offseq/statuses/116905477743159401 2026-07-12 06:51:14+00:00| seen|...
CVE-2026-15476
creationtimestamp| type| source ---|---|--- 2026-07-12 04:36:44+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqge4okj462f 2026-07-12 07:39:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqgocvzdmy26...
CVE-2026-15475
creationtimestamp| type| source ---|---|--- 2026-07-12 03:31:43+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqgaihgpsb2y 2026-07-12 03:50:11+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mqgbjhcmyq2s 2026-07-12 03:57:37+00:00| seen|...
CVE-2026-15476
CVE-2026-15476 affects QILING Disk Master 6.0.0.0 and its Kernel Driver component diskbckp.sys, where an unknown function in that library enables local privilege escalation via improper access controls. The vulnerability is local, with low attack complexity and proof-of-concept exploit maturity r...
PHPJabbers Food Delivery Script - SQL Injection
PHPJabbers Food Delivery Script 3.0 has a SQL injection SQLi vulnerability in the "q" parameter of index.php. id: CVE-2023-40748 info: name: PHPJabbers Food Delivery Script - SQL Injection author: ritikchaddha severity: critical description: | PHPJabbers Food Delivery Script 3.0 has a SQL injecti...
Coming Soon & Maintenance < 4.1.7 - Unauthenticated Post/Page Access
The plugin does not restrict access to published and non protected posts/pages when the maintenance mode is enabled, allowing unauthenticated users to access them. id: CVE-2023-1263 info: name: Coming Soon & Maintenance 4.1.7 - Unauthenticated Post/Page Access author: r3Y3r53 severity: medium...
Apache NiFi - Information Disclosure
Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases wher...
Python Flask-Security-Too <=5.3.2 - Open Redirect
An open redirect vulnerability exists in the python package Flask-Security-Too prior to version 5.3.3. Attackers can abuse the 'next' parameter on the /login and /register routes to redirect unsuspecting users to malicious sites via crafted URLs, which could lead to phishing or other attacks NVD...
Xsuite <=2.4.4.5 - Open Redirect
Xsuite 2.4.4.5 and prior contains an open redirect vulnerability, which can allow a remote attacker to redirect users to arbitrary web sites and conduct phishing attacks via a malicious URL in the redirurl parameter. id: CVE-2015-4668 info: name: Xsuite =2.4.4.5 - Open Redirect author: 0xAkoko...
PyArrow Flight RPC - Remote Code Execution
PyArrow Flight RPC from v0.14.0 through v14.0.0 allows remote attackers to execute arbitrary code via a maliciously crafted Python-defined extension type. id: CVE-2023-47248 info: name: PyArrow Flight RPC - Remote Code Execution author: smolse severity: critical description: | PyArrow Flight RPC...
WordPress Front End Users - Reflected XSS
WordPress Front End Users plugin = 3.2.32 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...