Lucene search
+L

760 matches found

NVD
NVD
added 2026/02/19 9:16 a.m.7 views

CVE-2026-25310

Server-Side Request Forgery SSRF vulnerability in Alobaidi Extend Link extend-link allows Server Side Request Forgery.This issue affects Extend Link: from n/a through = 2.0.0...

4.9CVSS0.00184EPSS
Exploits0References1
CVE
CVE
added 2026/02/19 8:27 a.m.26 views

CVE-2026-27055

CVE-2026-27055 affects the WordPress plugin Penci AI SmartContent Creator (versions

4.3CVSS5.4AI score0.002EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/19 8:26 a.m.35 views

CVE-2026-25310 WordPress Extend Link plugin <= 2.0.0 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Alobaidi Extend Link extend-link allows Server Side Request Forgery.This issue affects Extend Link: from n/a through = 2.0.0...

4.9CVSS0.00184EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/19 7:21 a.m.8 views

WordPress WP AUDIO GALLERY plugin <= 2.0 - Authenticated (Subscriber+) Arbitrary File Read via .htaccess Manipulation vulnerability

Authenticated Subscriber+ Arbitrary File Read via .htaccess Manipulation vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP AUDIO GALLERY versions = 2.0...

8.8CVSS5.5AI score0.00372EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 7:3 a.m.7 views

WordPress Clasifico Listing plugin <= 2.0 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Alyudin Nafiie in WordPress Plugin Clasifico Listing versions = 2.0...

9.8CVSS5.5AI score0.00413EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/19 3:25 a.m.4 views

CVE-2025-12882 Clasifico Listing <= 2.0 - Unauthenticated Privilege Escalation

The Clasifico Listing plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0. This is due to the plugin allowing users who are registering new accounts to set their own role by supplying the 'listinguserrole' parameter. This makes it possible for...

9.8CVSS5.5AI score0.00413EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/14 12:0 a.m.16 views

WordPress plugin Magic Login Mail or QR Code 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.8AI score0.00466EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/11 8:26 a.m.8 views

CVE-2026-1833

The WaMate Confirm – Order Confirmation plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

5.3CVSS5.5AI score0.00285EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.8 views

PT-2026-7675

BOOTP Turbo 2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Structured Exception Handler SEH. Attackers can generate a malicious payload of 2196 bytes with specific byte patterns to trigger an application crash and corrupt the SEH...

7.5CVSS5.5AI score0.00304EPSS
Exploits0References4
OSV
OSV
added 2026/02/09 11:36 a.m.10 views

BIT-CHECKOV-2021-3040 Bridgecrew Checkov: Unsafe deserialization of Terraform files allows code execution

An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.139. Checkov 1.0 versions are not impacted...

7.2CVSS6.4AI score0.01295EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.14 views

PT-2026-6039

Name of the Vulnerable Software and Affected Versions Robin Image Optimizer – Unlimited Image Optimization & WebP Converter plugin for WordPress versions up to and including 2.0.2 Description The Robin Image Optimizer plugin for WordPress is susceptible to Stored Cross-Site Scripting. This occurs...

6.4CVSS5.7AI score0.00205EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/02/04 12:31 p.m.9 views

Apache Answer Exposure of Private Personal Information to an Unauthorized Actor vulnerability

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized users to retrieve restricted o...

7.5CVSS5.3AI score0.00619EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.13 views

PT-2026-6373

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized users to retrieve restricted o...

7.5CVSS5.5AI score0.00619EPSS
Exploits0References5
NVD
NVD
added 2026/02/03 7:16 p.m.10 views

CVE-2025-52633

HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0...

5.3CVSS0.00179EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 6:0 p.m.14 views

CVE-2025-52633

HCL AION 2.0 is affected by a vulnerability where sensitive session data is stored in persistent cookies, leading to potential information disclosure. Root cause cited by CNVD/Red Hat sources is lack of content security policy. Practical impact is information exposure if cookies are intercepted o...

5.3CVSS5.3AI score0.00179EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/03 5:54 p.m.3 views

CVE-2025-52629 HCL AION is susceptible to Missing Content-Security-Policy

HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0...

3.7CVSS5.1AI score0.0012EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/02/03 5:42 p.m.8 views

binarium (=2.1.3), hunter-open-sdk (>=0.0.20 <=2.0.0-beta.19) potentially affected by CVE-2026-24884 via compressing (=2.0.0)

compressing NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on compressing and may be impacted: - binarium =2.1.3 - hunter-open-sdk =0.0.20, =2.0.0-beta.19 Source cves: CVE-2026-24884 Source advisory: SNYK:JS-COMPRESSING-15202444...

8.4CVSS5.7AI score0.00334EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.14 views

PT-2026-5902

Name of the Vulnerable Software and Affected Versions HCL AION version 2.0 Description A potential command injection issue exists in HCL AION. This could allow unintended command execution, potentially leading to unauthorized actions on the underlying system. Recommendations At the moment, there ...

9.8CVSS5.5AI score0.00583EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.6 views

PT-2026-5907

Name of the Vulnerable Software and Affected Versions HCL AION version 2.0 Description HCL AION is susceptible to a security issue involving the storage of sensitive session data in persistent cookies. This practice can elevate the risk of unauthorized access if these cookies are intercepted or...

3.1CVSS5.4AI score0.00179EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.11 views

PT-2026-5729

Name of the Vulnerable Software and Affected Versions PolarLearn versions 0-PRERELEASE-15 and earlier Description The OAuth 2.0 implementation for GitHub and Google login providers is susceptible to Login Cross-Site Request Forgery CSRF. The application does not implement and verify the state...

8.1CVSS6AI score0.00203EPSS
Exploits1References8
Rows per page
Query Builder