Lucene search
K

267 matches found

Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-57343 WordPress Real Estate 7 theme <= 3.5.9 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Real Estate 7 = 3.5.9 versions...

7.1CVSS0.00191EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:53 p.m.5 views

EUVD-2026-39756

Unauthenticated Cross Site Request Forgery CSRF in Real Estate 7 = 3.5.9 versions...

6.5CVSS5.8AI score0.00127EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.32 views

CVE-2026-57641 WordPress Real Estate 7 theme <= 3.5.9 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in Real Estate 7 = 3.5.9 versions...

6.5CVSS0.00127EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.4 views

EUVD-2026-39674

Unauthenticated SQL Injection in Real Estate 7 = 3.5.9 versions...

9.3CVSS5.8AI score0.00283EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:51 a.m.28 views

CVE-2026-49079 WordPress JetSearch plugin <= 3.5.17 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetSearch = 3.5.17 versions...

9.3CVSS0.00346EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/15 9:30 p.m.7 views

EUVD-2026-36972

Unauthenticated Cross Site Scripting XSS in Notification for Telegram = 3.5 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.7 views

CVE-2026-40732

Unauthenticated Cross Site Scripting XSS in Notification for Telegram = 3.5 versions...

7.1CVSS0.00175EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.8 views

PT-2026-49407

Unauthenticated Cross Site Scripting XSS in Notification for Telegram = 3.5 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.20 views

PT-2026-45502

A weakness has been identified in Enderfga claw-orchestrator up to 3.5.5. This affects the function EmbeddedServer of the file src/embedded-server.ts of the component API Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made...

7.5CVSS5.5AI score0.0041EPSS
Exploits0References9
Microsoft Security Update
Microsoft Security Update
added 2026/05/12 5:0 p.m.18 views

2026-05 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10 Version 1809 for ARM64 (KB5088864)

2026-05 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10 Version 1809 for ARM64 KB5088864...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/03 9:56 a.m.10 views

OESA-2026-2151 libXpm security update

X.Org X11 libXpm runtime library Security Fixes: A vulnerability was found in X.org libXpm up to 3.5.4. It has been classified as problematic.CWE is classifying the issue as CWE-125. The product reads data past the end, or before the beginning, of the intended buffer.This is going to have an impa...

5.5CVSS5.5AI score0.00129EPSS
Exploits0References2
NVD
NVD
added 2026/04/15 5:17 p.m.3 views

CVE-2025-15636

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in emarket-design YouTube Showcase youtube-showcase allows Stored XSS.This issue affects YouTube Showcase: from n/a through = 3.5.1...

6.5CVSS0.00156EPSS
Exploits0References1
Microsoft KB
Microsoft KB
added 2026/04/14 12:0 a.m.3 views

April 14, 2026-KB5084165 Cumulative Update for .NET Framework 3.5 for Windows 11, version 26H1 (build 28000) and later

April 14, 2026-KB5084165 Cumulative Update for .NET Framework 3.5 for Windows 11, version 26H1 build 28000 and later Revised May 13, 2026: Updated 'How to get this update' section. Release Date: April 14, 2026 Version: .NET Framework 3.5 The April 14, 2026 update installs the complete .NET...

7.5CVSS6.9AI score0.02279EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.11 views

SUSE CVE-2026-31807

SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements , , and removes on event handlers and javascript: in href attributes. However, it does NOT block SVG animation elements , which can dynamically set attributes to dangero...

6.4CVSS5.9AI score0.00445EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/19 8:27 a.m.30 views

CVE-2026-25372 WordPress Academy LMS plugin <= 3.5.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through = 3.5.3...

6.5CVSS0.00212EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/03 2:8 p.m.7 views

EUVD-2026-5189

Missing Authorization vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through = 3.5.34...

5.3CVSS5.3AI score0.00214EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/28 6:21 p.m.6 views

EUVD-2025-206450

Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have a content-security-policy-mitigated cross-site scriptinv vulnerability on the Discourse Math plugin when using its KaTeX variant. This issue is patched in versions 3.5.4, 2025.11.2,...

4.6CVSS5.8AI score0.00194EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.7 views

Discourse security vulnerabilities

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Vulnerabilities exist in versions of Discourse prior to 3.5.4, as well as versions prior to 2025.11.2, 2025.12.1, and 2026.1....

6.5CVSS5.8AI score0.00222EPSS
Exploits0References2
Broadcom
Broadcom
added 2026/01/27 12:0 a.m.18 views

The x509 application adds trusted use instead of rejected use

Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate. Impact summary: If a user intends to make a trusted certificate rejected for a particular use it will be instead marked as trusted for that use. A copy & paste...

6.5CVSS7.1AI score0.00292EPSS
Exploits0
NVD
NVD
added 2026/01/21 2:15 a.m.16 views

CVE-2025-15521

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating a user's identity prior to updating their password...

9.8CVSS0.00354EPSS
Exploits1References2
Rows per page
Query Builder