Lucene search
K

2762 matches found

Vulnrichment
Vulnrichment
added 2026/05/15 5:41 p.m.11 views

CVE-2026-46474 Trog::TOTP versions before 1.006 for Perl generate secrets using rand

Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

5.8AI score0.00316EPSS
Exploits0References2
NVD
NVD
added 2026/05/15 5:16 p.m.14 views

CVE-2026-42155

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, the XML-RPC / SOAP API session ID is generated using an outdated, time-based...

9.3CVSS0.00267EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 5:5 p.m.9 views

EUVD-2026-30565

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, the XML-RPC / SOAP API session ID is generated using an outdated, time-based...

9.3CVSS5.9AI score0.00267EPSS
Exploits0References1
CVE
CVE
added 2026/05/15 5:5 p.m.20 views

CVE-2026-42155

Summary of CVE-2026-42155 (Magento OpenMage LTS): The issue affects OpenMage/magento-lts OpenMage LTS releases via the legacy API session ID generation in Mage_Api_Model_Session::start(), where the session ID is md5(time() . uniqid('', true) . (possibly null sessionName)). This yields very low en...

9.3CVSS5.9AI score0.00267EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 5:5 p.m.7 views

CVE-2026-42155

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, the XML-RPC / SOAP API session ID is generated using an outdated, time-based...

9.3CVSS5.9AI score0.00267EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/15 9:16 a.m.28 views

CVE-2026-7046

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'table' parameter in all versions up to, and including, 9.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

4.9CVSS0.00355EPSS
Exploits0References11
EUVD
EUVD
added 2026/05/15 7:46 a.m.12 views

EUVD-2026-30518

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'table' parameter in all versions up to, and including, 9.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

4.9CVSS5.9AI score0.00355EPSS
Exploits0References11
CVE
CVE
added 2026/05/15 7:46 a.m.13 views

CVE-2026-7046

The CVE concerns the NEX-Forms – Ultimate Forms Plugin for WordPress. All versions up to 9.1.12 are affected by a time-based blind SQL Injection in the 'table' parameter due to insufficient escaping and inadequate query preparation. Authenticated attackers with administrator-level access can appe...

4.9CVSS5.9AI score0.00355EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/05/15 7:46 a.m.8 views

CVE-2026-7046

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'table' parameter in all versions up to, and including, 9.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

4.9CVSS5.9AI score0.00355EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.15 views

PT-2026-41338

Name of the Vulnerable Software and Affected Versions Trog::TOTP versions prior to 1.006 Description Secrets are generated using the built-in Perl rand function, which is predictable and unsuitable for security purposes. Recommendations Update to version 1.006 or later...

7.5CVSS5.8AI score0.00316EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

magento-lts 安全特征问题漏洞

Magento LTS is an open-source alternative to OpenMage, designed as a reliable substitute for the official Magento CE version. Versions of Magento LTS prior to 20.18.0 had security vulnerabilities. These vulnerabilities stemmed from the XML-RPC/SOAP API session IDs using time-based, outdated...

9.3CVSS5.8AI score0.00267EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.13 views

PT-2026-41345

PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in the login userid parameter of login.php that allows unauthenticated attackers to extract database contents. Attackers can submit crafted POST requests with SQL payloads using SLEEP functions or RLIKE...

8.8CVSS5.9AI score0.0027EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.15 views

PT-2026-41277

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'table' parameter in all versions up to, and including, 9.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

4.9CVSS5.9AI score0.00355EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.16 views

phpMyFAQ SQL注入漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 contained an SQL injection vulnerability. This vulnerability stemmed from the BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods, which inserted...

9.8CVSS5.9AI score0.01709EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/14 10:55 a.m.15 views

WordPress Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin <= 5.0.6 - Authenticated (Subscriber+) Time-Based Blind SQL Injection vulnerability

Authenticated Subscriber+ Time-Based Blind SQL Injection vulnerability discovered by Louis Deschanel JeanJeanLeHaxor - Patrowl in WordPress Plugin Taskbuilder versions = 5.0.6...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/14 7:16 a.m.40 views

CVE-2026-6225

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'projectsearch' parameter in all versions up to, and including, 5.0.6 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS0.00224EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/14 6:44 a.m.7 views

CVE-2026-6225

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'projectsearch' parameter in all versions up to, and including, 5.0.6 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/14 6:44 a.m.27 views

EUVD-2026-30251

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'projectsearch' parameter in all versions up to, and including, 5.0.6 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/14 6:44 a.m.6 views

CVE-2026-6225 Taskbuilder – Project Management & Task Management Tool With Kanban Board <= 5.0.6 - Authenticated (Subscriber+) Time-Based Blind SQL Injection via 'project_search' Parameter

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'projectsearch' parameter in all versions up to, and including, 5.0.6 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/14 2:10 a.m.71 views

Exploit for CVE-2026-4060

CVE-2026-4060 — Geo Mashup ≤ 1.13.18 Unauthenticated SQL Injec...

7.5CVSS6AI score0.00304EPSS
Exploits1
Rows per page
Query Builder