Lucene search
+L

15316 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-11563

The Word Count and Social Shares WordPress plugin through 1.0 does not validate a user-supplied file path before deletion, nor does it have proper authorization or CSRF checks, allowing any authenticated user, such as a Subscriber, to delete arbitrary files on the server, which can lead to a full...

9.6CVSS0.00165EPSS
Exploits0References1
CVE
CVE
added 4 days ago14 views

CVE-2026-12988

CVE-2026-12988 affects the WP 2FA WordPress plugin up to version 3.1.1.2. The root cause is that the plugin does not verify that the email address used during two-factor authentication setup belongs to the user, enabling an attacker who already has the user’s credentials to redirect the setup ver...

6.4CVSS6.1AI score0.00169EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago4 views

EUVD-2026-43628

The WP 2FA WordPress plugin before 3.1.1.2 does not verify that the email address supplied during two-factor authentication setup belongs to the user, allowing an attacker who has obtained a user's credentials to redirect the setup verification code to an attacker-controlled email address and tak...

6.4CVSS6.1AI score0.00169EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-12988

The WP 2FA WordPress plugin before 3.1.1.2 does not verify that the email address supplied during two-factor authentication setup belongs to the user, allowing an attacker who has obtained a user's credentials to redirect the setup verification code to an attacker-controlled email address and tak...

6.4CVSS6.1AI score0.00169EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago4 views

EUVD-2026-43624

The Word Count and Social Shares WordPress plugin through 1.0 does not validate a user-supplied file path before deletion, nor does it have proper authorization or CSRF checks, allowing any authenticated user, such as a Subscriber, to delete arbitrary files on the server, which can lead to a full...

9.6CVSS6.1AI score0.00165EPSS
Exploits0References1
CVE
CVE
added 4 days ago13 views

CVE-2026-11563

CVE-2026-11563 affects the Word Count and Social Shares WordPress plugin (version

9.6CVSS6.1AI score0.00165EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-12988 WP 2FA < 3.1.1.2 - Account Takeover via 2FA Setup Email Binding

The WP 2FA WordPress plugin before 3.1.1.2 does not verify that the email address supplied during two-factor authentication setup belongs to the user, allowing an attacker who has obtained a user's credentials to redirect the setup verification code to an attacker-controlled email address and tak...

0.00169EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 4 days ago8 views

Zoom Workplace < 7.0.0 Vulnerability (ZSB-26014)

The version of Zoom Workplace installed on the remote host is prior to 7.0.0. It is, therefore, affected by a vulnerability as referenced in the ZSB-26014 advisory. - Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may...

9.8CVSS5.7AI score0.00508EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 4 days ago7 views

Zoom Workplace VDI Client < 7.0.10 Vulnerability (ZSB-26014)

The version of Zoom Workplace VDI Client installed on the remote host is prior to 7.0.10. It is, therefore, affected by a vulnerability as referenced in the ZSB-26014 advisory. - Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for...

9.8CVSS5.7AI score0.00508EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago10 views

PT-2026-60395

Name of the Vulnerable Software and Affected Versions Zoom Clients for Windows affected versions not specified Description A time-of-check to time-of-use TOCTOU race condition occurs during the installation and uninstallation process. This flaw allows an authenticated local user to escalate...

7CVSS6.2AI score0.00093EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-60111

Name of the Vulnerable Software and Affected Versions Woodpecker CI versions v1.0.0 through v3.15.0 Description A privilege escalation issue exists in instances using the Kubernetes backend. The pipeline option backend options.kubernetes.serviceAccountName is passed directly to the pod spec witho...

8.2CVSS6.2AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago14 views

PT-2026-60293

Name of the Vulnerable Software and Affected Versions Zoom Workplace for Windows versions prior to 7.0.0 Zoom Workplace VDI Client for Windows versions prior to 7.0.10 Zoom Workplace VDI Client for Windows versions prior to 6.6.15 Zoom Workplace VDI Client for Windows versions prior to 6.5.18 Zoo...

9.8CVSS5.6AI score0.00508EPSS
Exploits0References24
NVD
NVD
added 5 days ago8 views

CVE-2026-49971

Laravel-Mediable before 7.0.0 contains a stored cross-site scripting vulnerability that allows authenticated or anonymous users to execute arbitrary JavaScript by uploading unsanitized SVG files containing embedded scripts in onload event handlers, script tags, or foreignObject elements. Attacker...

6.1CVSS0.00203EPSS
Exploits0References3
CVE
CVE
added 5 days ago12 views

CVE-2026-49971

Laravel-Mediable before 7.0.0 has a stored XSS in SVG file uploads. Both authenticated and anonymous users can upload unsanitized SVG files containing scripts (onload handlers, script tags, or foreignObject) which can store persistent XSS payloads. When victims view or preview the SVG, the payloa...

6.1CVSS6.3AI score0.00203EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-49971 Laravel-Mediable < 7.0.0 Stored XSS via SVG File Upload

Laravel-Mediable before 7.0.0 contains a stored cross-site scripting vulnerability that allows authenticated or anonymous users to execute arbitrary JavaScript by uploading unsanitized SVG files containing embedded scripts in onload event handlers, script tags, or foreignObject elements. Attacker...

6.1CVSS0.00203EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago8 views

EUVD-2024-24347

GeoNode: Stored XSS to full account takeover...

6.1CVSS6.4AI score0.00376EPSS
Exploits0References4
CVE
CVE
added 5 days ago42 views

CVE-2026-14934

CVE-2026-14934 affects Google Cloud BigQuery, Dataform and Colab Enterprise repository creation functionality. A Missing Authorization flaw in versions from October 2025 through May 10, 2026 allows an authenticated attacker to escalate privileges and perform cross-tenant repository takeover. The ...

9.4CVSS6.1AI score0.00226EPSS
Exploits0References1
CVE
CVE
added 5 days ago10 views

CVE-2026-12274

CVE-2026-12274 affects the Tutor LMS WordPress plugin prior to 3.9.13. The underlying issue is that content-builder save handlers do not verify that the requesting user is authorized to edit the target post, instead authenticating only against an unrelated identifier. This allows authenticated us...

6.5CVSS6.1AI score0.00184EPSS
Exploits0References1
CVE
CVE
added 6 days ago17 views

CVE-2026-56308

Capgo before 12.128.2 contains an insufficient authentication flaw in the email-change endpoint: an attacker with a valid session cookie or authenticated browser can change the account email without re-authenticating the current password or verifying the existing mailbox. This can enable control ...

8.4CVSS6.1AI score0.00244EPSS
Exploits0References2
OSV
OSV
added 6 days ago7 views

CVE-2026-56308 Capgo - Insufficient Authentication in Email Change Endpoint

Capgo before 12.128.2 allows email address changes without requiring current password re-authentication or verification of the existing email address. An attacker with access to a valid session cookie or authenticated browser can change the account email to gain control of account recovery and...

8.4CVSS6.1AI score0.00244EPSS
Exploits0References4
Rows per page
Query Builder