Lucene search
K

257216 matches found

CVE
CVE
added 2 hours ago6 views

CVE-2026-57810

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affects APIExperts Square for WooCommerce: from n/a through = 4.7.4...

8.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added 2 hours ago3 views

CVE-2026-57400

Missing Authorization vulnerability in WP Swings Event Tickets Manager for WooCommerce event-tickets-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets Manager for WooCommerce: from n/a through = 1.5.5...

6.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added 4 hours ago5 views

CVE-2026-10551

The Breeze Cache WordPress plugin before 2.5.6 is vulnerable to unauthenticated Stored XSS due to a predictable replacement hash used during HTML minification and an abused regular expression, enabling an attacker to inject arbitrary HTML attributes in the final HTML output by predicting the plac...

6.2AI score
Exploits0References1
Circl
Circl
added 10 hours ago7 views

CVE-2026-15512

creationtimestamp| type| source ---|---|--- 2026-07-13 00:29:31+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqigrl4mk42f 2026-07-13 04:23:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqitumodw52l...

6.5CVSS6.6AI score
Exploits0References2
EUVD
EUVD
added 10 hours ago4 views

EUVD-2026-43256

A security vulnerability has been detected in Tencent PC Manager 18.1.30242.301. This issue affects some unknown processing in the library qmudisk64.sys of the component QMUDisk Driver. The manipulation leads to uncontrolled search path. The attack must be carried out locally. The attack is...

7.3CVSS6.3AI score
Exploits0References5
Circl
Circl
added yesterday8 views

CVE-2026-10667

creationtimestamp| type| source ---|---|--- 2026-07-12 17:37:06+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqhpq4dedf2a 2026-07-12 18:00:21+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mqhqznqyim2i 2026-07-12 19:37:23+00:00| seen|...

7.8CVSS6.1AI score
Exploits0References3
Circl
Circl
added yesterday8 views

CVE-2026-15501

creationtimestamp| type| source ---|---|--- 2026-07-12 13:27:01+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqhbqvz6lj2a 2026-07-12 13:33:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqhc3qfqzv24 2026-07-12 17:18:02+00:00| seen|...

6.5CVSS6.6AI score
Exploits0References3
Circl
Circl
added yesterday12 views

CVE-2026-56271

creationtimestamp| type| source ---|---|--- 2026-07-12 12:33:19+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqh6qvmwwo2y 2026-07-12 12:46:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqh7hpkdws2f 2026-07-12 12:54:26+00:00| seen|...

9.8CVSS6.1AI score
Exploits0References5
EUVD
EUVD
added yesterday7 views

EUVD-2026-43236

LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing adjacent network attackers to inject HTML markup. Attackers can send a DHCPv6 Client FQDN containing script tags that execute in the administrator's browser when viewing DHCP lease pages...

9.4CVSS6.2AI score
Exploits0References2
Circl
Circl
added yesterday8 views

CVE-2026-15481

creationtimestamp| type| source ---|---|--- 2026-07-12 06:00:27+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mqgisf5b4s23 2026-07-12 06:00:28+00:00| seen| https://infosec.exchange/users/offseq/statuses/116905477743159401 2026-07-12 06:51:14+00:00| seen|...

9CVSS7AI score0.00429EPSS
Exploits0References5
Circl
Circl
added yesterday8 views

CVE-2026-15476

creationtimestamp| type| source ---|---|--- 2026-07-12 04:36:44+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqge4okj462f 2026-07-12 07:39:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqgocvzdmy26...

5.3CVSS6.2AI score0.00103EPSS
Exploits0References2
Circl
Circl
added yesterday11 views

CVE-2026-15475

creationtimestamp| type| source ---|---|--- 2026-07-12 03:31:43+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqgaihgpsb2y 2026-07-12 03:50:11+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mqgbjhcmyq2s 2026-07-12 03:57:37+00:00| seen|...

5.3CVSS6.2AI score0.00105EPSS
Exploits0References3
CVE
CVE
added yesterday13 views

CVE-2026-15476

CVE-2026-15476 affects QILING Disk Master 6.0.0.0 and its Kernel Driver component diskbckp.sys, where an unknown function in that library enables local privilege escalation via improper access controls. The vulnerability is local, with low attack complexity and proof-of-concept exploit maturity r...

5.3CVSS5.8AI score0.00103EPSS
Exploits0References6
Nuclei
Nuclei
added yesterday34 views

PHPJabbers Food Delivery Script - SQL Injection

PHPJabbers Food Delivery Script 3.0 has a SQL injection SQLi vulnerability in the "q" parameter of index.php. id: CVE-2023-40748 info: name: PHPJabbers Food Delivery Script - SQL Injection author: ritikchaddha severity: critical description: | PHPJabbers Food Delivery Script 3.0 has a SQL injecti...

9.8CVSS7AI score0.02904EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday61 views

Coming Soon & Maintenance < 4.1.7 - Unauthenticated Post/Page Access

The plugin does not restrict access to published and non protected posts/pages when the maintenance mode is enabled, allowing unauthenticated users to access them. id: CVE-2023-1263 info: name: Coming Soon & Maintenance 4.1.7 - Unauthenticated Post/Page Access author: r3Y3r53 severity: medium...

5.3CVSS6.7AI score0.01414EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday32 views

Apache NiFi - Information Disclosure

Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases wher...

5.4CVSS6.2AI score0.03095EPSS
Exploits0
Nuclei
Nuclei
added yesterday8 views

Python Flask-Security-Too <=5.3.2 - Open Redirect

An open redirect vulnerability exists in the python package Flask-Security-Too prior to version 5.3.3. Attackers can abuse the 'next' parameter on the /login and /register routes to redirect unsuspecting users to malicious sites via crafted URLs, which could lead to phishing or other attacks NVD...

6.1CVSS6.4AI score0.01079EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday42 views

Xsuite <=2.4.4.5 - Open Redirect

Xsuite 2.4.4.5 and prior contains an open redirect vulnerability, which can allow a remote attacker to redirect users to arbitrary web sites and conduct phishing attacks via a malicious URL in the redirurl parameter. id: CVE-2015-4668 info: name: Xsuite =2.4.4.5 - Open Redirect author: 0xAkoko...

6.1CVSS6.8AI score0.06719EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday22 views

PyArrow Flight RPC - Remote Code Execution

PyArrow Flight RPC from v0.14.0 through v14.0.0 allows remote attackers to execute arbitrary code via a maliciously crafted Python-defined extension type. id: CVE-2023-47248 info: name: PyArrow Flight RPC - Remote Code Execution author: smolse severity: critical description: | PyArrow Flight RPC...

9.8CVSS7AI score0.14414EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday10 views

WordPress Front End Users - Reflected XSS

WordPress Front End Users plugin = 3.2.32 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

7.1CVSS7AI score0.00485EPSS
Exploits1References1
Rows per page
Query Builder