Lucene search
K

144 matches found

Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.10 views

PT-2026-49480

Unauthenticated Sensitive Data Exposure in EmbedPress = 4.5.2 versions...

7.5CVSS5.2AI score0.00278EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.8 views

PT-2026-49363

Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce = 2.2.5 versions...

7.5CVSS5.2AI score0.00303EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/22 7:4 a.m.15 views

WordPress Ditty – Responsive News Tickers, Sliders, and Lists plugin <= 3.1.65 - Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Ditty versions = 3.1.65...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.9 views

PT-2026-42102

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'current url' and 'user name' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes...

7.5CVSS5.9AI score0.00366EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/05/13 7:51 p.m.7 views

WordPress MW WP Form plugin <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure vulnerability

Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure vulnerability discovered by Kirasec in WordPress Plugin MW WP Form versions = 5.1.2...

5.3CVSS5.8AI score0.00351EPSS
Exploits0References1Affected Software1
NCSC
NCSC
added 2026/04/22 11:33 a.m.6 views

Vulnerabilities in Oracle Identity Manager Connector

Oracle has identified several vulnerabilities in the Oracle Identity Manager Connector version 12.2.1.4.0. These vulnerabilities allow an attacker without authentication to perform unauthorized actions through network access via HTTPS or HTTP, such as creating, deleting, or modifying critical dat...

9.1CVSS7.1AI score0.00413EPSS
Exploits0References2
NVD
NVD
added 2026/04/21 9:16 p.m.5 views

CVE-2026-34285

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware component: Core. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager...

9.1CVSS0.00413EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.8 views

Oracle HTTP Server 安全漏洞

Oracle HTTP Server is a web server component of Oracle’s Fusion Middleware, developed by Oracle Corporation in the United States. Versions 12.2.1.4.0 and 14.1.2.0.0.0 of Oracle HTTP Server contain security vulnerabilities. These vulnerabilities stem from issues with Core components, which may all...

8.7CVSS7.2AI score0.00261EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.8 views

Oracle多款产品 安全漏洞

Oracle Java SE, among others, are products of Oracle Corporation in the United States. Oracle Java SE is a tool used for developing and deploying Java applications for desktop, server, embedded devices, and real-time environments. Oracle GraalVM is a just-in-time compiler written in the Java...

5.3CVSS7.2AI score0.0028EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.8 views

Oracle Database Server 安全漏洞

Oracle Database Server is a relational database management system developed by Oracle Corporation in the United States. This database management system provides features such as data management and distributed processing. Versions of Oracle Database Server from 23.4.0 to 23.26.1 have security...

5.3CVSS7.3AI score0.00227EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.9 views

Oracle多款产品 安全漏洞

Oracle Java SE, among others, are products of Oracle Corporation in the United States. Oracle Java SE is used for developing and deploying Java applications for desktops, servers, embedded devices, and real-time environments. Oracle GraalVM for JDK is a high-performance, multi-language runtime an...

7.5CVSS7.2AI score0.00702EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/04/17 2:7 a.m.9 views

WordPress LatePoint plugin <= 5.3.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID vulnerability

Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID vulnerability discovered by darkmode in WordPress Plugin LatePoint versions = 5.3.2...

5.3CVSS5.8AI score0.00689EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/02 12:35 a.m.6 views

WordPress Export All URLs plugin < 5.1 - Unauthenticated Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure vulnerability discovered by Mohammad Aghdasi in WordPress Plugin Export All URLs versions 5.1...

5.3CVSS5.9AI score0.00301EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 2:58 p.m.4 views

CVE-2026-4306

The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS5.9AI score0.00409EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/23 8:14 p.m.6 views

WordPress ReviewX - WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin <= 2.2.12 - Unauthenticated Sensitive Information Exposure to Data Export vulnerability

WordPress ReviewX - WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin = 2.2.12 - Unauthenticated Sensitive Information Exposure to Data Export vulnerability discovered by abrahack in WordPress Plugin ReviewX versions = 2.2.12...

5.3CVSS5.8AI score0.00312EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.8 views

glances 安全漏洞

Glances is a system monitoring tool developed by Nicolas Hennion. Versions of Glances prior to 4.5.2 contained security vulnerabilities. These vulnerabilities stemmed from the Central Browser mode, where the/api/4/serverslist endpoint returned server objects without authentication, containing...

9.1CVSS5.8AI score0.00472EPSS
Exploits1References4
Patchstack
Patchstack
added 2026/03/03 11:45 p.m.6 views

WordPress WPBookit plugin <= 1.0.8 - Missing Authorization to Unauthenticated Sensitive Customer Data Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Customer Data Exposure vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin WPBookit versions = 1.0.8...

5.3CVSS5.9AI score0.00375EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/23 1:31 p.m.6 views

CVE-2026-2385

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6.4.7. This is due to the plugin decrypting and trusting...

5.3CVSS5.3AI score0.00148EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/22 2:12 p.m.0 views

CVE-2019-25455 Web Ofisi E-Ticaret v3 SQL Injection via ara.html

Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send GET requests to with malicious 'a' parameter values to extract sensitive database information...

8.8CVSS5.8AI score0.00397EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/22 12:0 a.m.8 views

PT-2026-21439

XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the gerar pdf.php endpoint with malicious cid values to extract sensitive database...

8.8CVSS5.9AI score0.00262EPSS
Exploits0References4
Rows per page
Query Builder