Lucene search
K

170 matches found

Vulnrichment
Vulnrichment
added 2026/03/04 6:0 a.m.2 views

CVE-2026-2025 Mail Mint < 1.19.5 - Unauthenticated Emails Disclosure

The Mail Mint WordPress plugin before 1.19.5 does not have authorization in one of its REST API endpoint, allowing unauthenticated users to call it and retrieve the email addresses of users on the blog...

6AI score0.01379EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.8 views

PT-2026-22868

Name of the Vulnerable Software and Affected Versions Mail Mint WordPress plugin versions prior to 1.19.5 Description The Mail Mint WordPress plugin does not have proper authorization for one of its REST API endpoints. This allows unauthenticated users to access and retrieve the email addresses o...

7.5CVSS6AI score0.01379EPSS
Exploits0References10
NVD
NVD
added 2026/03/03 5:16 p.m.18 views

CVE-2026-26885

Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /classes/Master.php?f=deleteservice...

2.7CVSS0.0022EPSS
Exploits1References1
OSV
OSV
added 2026/03/03 5:16 p.m.6 views

CVE-2026-26885

Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /classes/Master.php?f=deleteservice...

2.7CVSS5.9AI score0.0022EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/03 12:0 a.m.20 views

CVE-2025-57622

An issue in Step-Video-T2V allows a remote attacker to execute arbitrary code via the /vae-api , /caption-api , feature = pickle.loadsrequest.getdata component...

0.00497EPSS
Exploits0References2
CVE
CVE
added 2026/03/03 12:0 a.m.18 views

CVE-2026-26885

CVE-2026-26885 affects the Sourcecodester Online Men's Salon Management System v1.0. The vulnerability is an SQL Injection in the endpoint /classes/Master.php?f=delete_service, caused by unsafe SQL handling in the related function. The impact is described as low with no user interaction required,...

2.7CVSS6AI score0.0022EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/19 7:21 p.m.6 views

CVE-2026-20139

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform versions below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload into the...

4.3CVSS5.5AI score0.05145EPSS
Exploits0References1
OSV
OSV
added 2026/02/19 1:16 p.m.4 views

CVE-2019-25417

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the protocol parameter. Attackers can send POST requests to the QoS rules management endpoint with JavaScript payloads in the protoco...

5.1CVSS6AI score0.00399EPSS
Exploits1References4
NVD
NVD
added 2026/02/19 7:17 a.m.6 views

CVE-2025-13864

The Breeze - WordPress Cache Plugin plugin for WordPress is vulnerable to unauthorized cache clearing in all versions up to, and including, 2.2.21. This is due to the REST API endpoint /wp-json/breeze/v1/clear-all-cache being registered with permissioncallback = 'returntrue' and authentication...

5.3CVSS0.00353EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/19 4:36 a.m.35 views

CVE-2025-13864 Breeze – WordPress Cache Plugin <= 2.2.21 - Missing Authorization to Cache Deletion

The Breeze - WordPress Cache Plugin plugin for WordPress is vulnerable to unauthorized cache clearing in all versions up to, and including, 2.2.21. This is due to the REST API endpoint /wp-json/breeze/v1/clear-all-cache being registered with permissioncallback = 'returntrue' and authentication...

5.3CVSS0.00353EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/02/18 8:36 a.m.199 views

Exploit for CVE-2026-26221

📡 Hyland OnBase Timer Service Unauthenticated RCE Mohamm...

10CVSS7.1AI score0.01121EPSS
Exploits1
CVE
CVE
added 2026/02/11 12:0 a.m.12 views

CVE-2024-26477

CVE-2024-26477 affects Statping-ng v0.91.0. An issue allows an attacker to obtain sensitive information through crafted requests to the api parameter of the oauth, amazon_sns, and export endpoints, leading to information disclosure. This vulnerability is documented across multiple sources (Red Ha...

7.5CVSS5.5AI score0.00494EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/01/28 3:16 p.m.5 views

CVE-2026-1060

The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.7.7 via the /wp-json/adminify/v1/get-addons-list REST API endpoint. The endpoint is registered with permissioncallback set to returntrue, allowing unauthenticated attacke...

5.3CVSS0.00247EPSS
Exploits0References3
OSV
OSV
added 2026/01/23 9:15 p.m.3 views

CVE-2025-52025

An SQL Injection vulnerability exists in the GetServiceByRestaurantID endpoint of the Aptsys gemscms POS Platform backend thru 2025-05-28. The vulnerability arises because user input is directly inserted into a dynamic SQL query syntax without proper sanitization or parameterization. This allows ...

9.4CVSS6.2AI score0.00332EPSS
Exploits0References2
OSV
OSV
added 2026/01/17 6:30 p.m.3 views

GHSA-VHCX-7RPG-HP39 risesoft-y9 Digital-Infrastructure has a SQL injection vulnerability

A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be...

7.3CVSS5.7AI score0.00364EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/12/21 2:20 a.m.3 views

CVE-2025-12980 Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX <= 5.0.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the '/ultp/v2/getdynamiccontent/' REST API endpoint in all versions up to, and including, 5.0.3. This makes it possible...

7.5CVSS5.1AI score0.00277EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/20 3:20 a.m.3 views

CVE-2025-13329 File Uploader for WooCommerce <= 1.0.3 - Unauthenticated Arbitrary File Upload via add-image-data

The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the callback function for the 'add-image-data' REST API endpoint in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers ...

9.8CVSS7.2AI score0.00624EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.7 views

WordPress plugin Ninja Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

7.5CVSS6.7AI score0.00364EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/13 6:57 a.m.5 views

CVE-2025-12655

The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to arbitrary file write via a missing authorization check in all versions up to, and including, 1.7.1. This is due to the REST API endpoint /wp-json/hippoo/v1/wc/token/savecallback/tokenid being registered with...

5.3CVSS6AI score0.00244EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/12 10:17 a.m.6 views

EUVD-2025-203065

The Bookit WordPress plugin before 2.5.1 has a publicly accessible REST endpoint that allows unauthenticated update of the plugins Stripe payment options...

5.3CVSS6.5AI score0.00654EPSS
Exploits0References2
Rows per page
Query Builder