Lucene search
K

12749 matches found

EUVD
EUVD
added 15 hours ago4 views

EUVD-2026-41484

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.3.29. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to read all...

5.3CVSS5.8AI score
Exploits0References2
Nuclei
Nuclei
added 16 hours ago32 views

WordPress ARPrice <3.6.1 - SQL Injection

WordPress ARPrice plugin prior to 3.6.1 contains a SQL injection vulnerability. It fails to properly sanitize and escape user supplied POST data before being inserted in an SQL statement and executed via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or...

9.8CVSS7.3AI score0.12455EPSS
Exploits1References5
Nuclei
Nuclei
added 16 hours ago10 views

WP Pricing Table - Reflected XSS

WP Pricing Table WordPress plugin = 1.1 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute scripts in the context of high privilege users, exploit requires attacker to craft malicious URL. id: CVE-2024-13628 info: name: WP Pricing Table -...

6.1CVSS7.1AI score0.00641EPSS
Exploits1References1
Nuclei
Nuclei
added 16 hours ago20 views

Responsive Pricing Table <= 5.1.12 - Cross-Site Scripting

The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'planicons' parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...

6.4CVSS6.1AI score0.00598EPSS
Exploits0References3
NVD
NVD
added yesterday6 views

CVE-2026-9834

The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to OS Command Injection in all versions up to and including 7.11 via the wpdbexcludetable parameter. This is due to the direct concatenation of user-supplied $POST'wpdbexcludetable' valu...

7.2CVSS0.02651EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added yesterday6 views

CVE-2026-9834

The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to OS Command Injection in all versions up to and including 7.11 via the wpdbexcludetable parameter. This is due to the direct concatenation of user-supplied $POST'wpdbexcludetable' valu...

7.2CVSS6.3AI score0.02651EPSS
Exploits0References9
EUVD
EUVD
added yesterday3 views

EUVD-2026-41262

The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to OS Command Injection in all versions up to and including 7.11 via the wpdbexcludetable parameter. This is due to the direct concatenation of user-supplied $POST'wpdbexcludetable' valu...

7.2CVSS6.3AI score0.02651EPSS
Exploits0References8
CVE
CVE
added yesterday9 views

CVE-2026-9834

The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin (WordPress) is vulnerable to OS Command Injection in all versions up to 7.11 via the wp_db_exclude_table parameter. The root cause is direct concatenation of user-supplied $_POST['wp_db_exclude_table'] values into ...

7.2CVSS6.3AI score0.02651EPSS
Exploits0References8
Cvelist
Cvelist
added yesterday25 views

CVE-2026-9834 WP Database Backup <= 7.11 - Authenticated (Administrator+) OS Command Injection via 'wp_db_exclude_table' Parameter

The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to OS Command Injection in all versions up to and including 7.11 via the wpdbexcludetable parameter. This is due to the direct concatenation of user-supplied $POST'wpdbexcludetable' valu...

7.2CVSS0.02651EPSS
Exploits0References8
NVD
NVD
added 2 days ago3 views

CVE-2026-36912

A NULL pointer dereference in the AP4AtomSampleTable::GetSample function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

7.5CVSS0.00155EPSS
Exploits0References2
CVE
CVE
added 2 days ago7 views

CVE-2026-55793

Craft CMS versions 5.0.0-RC1–5.9.22 are affected by a stored XSS in a Structure entry title. An author-level control panel user can insert malicious JavaScript into an entry title. When a victim with saveEntries permission drags another entry under the poisoned one in table view, the payload exec...

5.9CVSS5.7AI score0.00412EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-55793 Craft CMS: Stored XSS via Structure entry title in table view

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or any control panel user with saveEntries for the same Structure section, drags another entry under th...

5.9CVSS0.00412EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2 days ago5 views

CVE-2026-53342

A flaw was found in the Linux kernel, specifically within the ARM64 architecture's memory management. This vulnerability occurs because the system fails to properly deallocate page tables that have been hot-removed, leading to memory leaks. This can result in incorrect memory usage statistics and...

5.8AI score0.00154EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-34101

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in textfile.php line 17: SELECT id, filename, extension, type, duration, owner, private FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-41056

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in jobinfo.php line 16: SELECT FROM jobs where id = '".$GET'id'."'. No authentication is required. An unauthenticated attacker can perform error-based SQL injection to extract the database version, current...

9.8CVSS5.8AI score0.00459EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-34099

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in jobinfo.php line 16: SELECT FROM jobs where id = '".$GET'id'."'. No authentication is required. An unauthenticated attacker can perform error-based SQL injection to extract the database version, current...

9.8CVSS5.8AI score0.00459EPSS
Exploits0References3
NVD
NVD
added 2 days ago5 views

CVE-2026-6684

FatFs prior to R0.16 that use GPT scanning with 'FFLBA64 = 1' contains an issue where an unbounded loop count derived from GPT header field GPTHPtNum, enabling extremely long or effectively infinite mount-time scans. This maps to CWE-835 Loop with Unreachable Exit Condition. Estimated CVSS v3.1...

4.6CVSS0.00185EPSS
Exploits2References4
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-40994

FatFs prior to R0.16 that use GPT scanning with 'FFLBA64 = 1' contains an issue where an unbounded loop count derived from GPT header field GPTHPtNum, enabling extremely long or effectively infinite mount-time scans. This maps to CWE-835 Loop with Unreachable Exit Condition. Estimated CVSS v3.1...

4.6CVSS5.8AI score0.00185EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-6684

FatFs prior to R0.16 that use GPT scanning with 'FFLBA64 = 1' contains an issue where an unbounded loop count derived from GPT header field GPTHPtNum, enabling extremely long or effectively infinite mount-time scans. This maps to CWE-835 Loop with Unreachable Exit Condition. Estimated CVSS v3.1...

4.6CVSS5.8AI score0.00185EPSS
Exploits2References5
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-40976

In the Linux kernel, the following vulnerability has been resolved: arm64: mm: call pagetable dtor when freeing hot-removed page tables Since 5e8eb9aeeda3 "arm64: mm: always call PTE/PMD ctor in createpgdmapping" page-table allocation on ARM64 always calls pagetablepte,pmd,pud,p4dctor. This sets...

5.8AI score0.00154EPSS
Exploits0References3
Rows per page
Query Builder