Lucene search
K

72 matches found

NVD
NVD
added 3 days ago8 views

CVE-2026-57328

Subscriber Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

6.5CVSS0.00211EPSS
Exploits0References1
NVD
NVD
added 6 days ago8 views

CVE-2026-57631

Administrator SQL Injection in Popup box = 6.0.1 versions...

7.6CVSS0.00279EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.21 views

PT-2026-49077

Name of the Vulnerable Software and Affected Versions WP Ticket versions prior to 6.0.5 Description The WP Ticket plugin for WordPress allows unauthenticated attackers to extract sensitive information from the database. The issue occurs during unauthenticated front-end searches when the plugin...

7.5CVSS5.5AI score0.0051EPSS
Exploits0References10
Patchstack
Patchstack
added 2026/06/08 2:0 p.m.7 views

WordPress Conekta Payment Gateway plugin <= 6.0.0 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by dodoh4t in WordPress Plugin Conekta Payment Gateway versions = 6.0.0...

7.5CVSS5.5AI score0.00294EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-10197

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library...

4.8CVSS5.1AI score0.00115EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/05/29 9:24 a.m.15 views

WordPress WP Maps Pro plugin <= 6.0.4 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by David Brown in WordPress Plugin Advanced Google Maps versions = 6.0.4...

9.8CVSS5.8AI score0.09461EPSS
Exploits7References1Affected Software1
Cvelist
Cvelist
added 2026/05/25 9:31 p.m.21 views

CVE-2026-24592 WordPress Auto Affiliate Links plugin <= 6.8.8.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Lucian Apostol Auto Affiliate Links allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Auto Affiliate Links: from n/a through 6.8.8.3...

5.3CVSS0.00231EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.15 views

PT-2026-41651

Mattermost Desktop App versions =6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up window in the Mattermost Desktop App which allows a malicious server owner to repeated crash the application via calling window.open'javascript:alert';. Mattermost Advisory ID: MMSA-2026-00...

6.5CVSS5.8AI score0.00184EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/20 10:15 a.m.35 views

CVE-2026-6629 Metasoft 美特软件 MetaCRM Interface sql.jsp Statement.executeUpdate sql injection

A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.0. This vulnerability affects the function Statement.executeUpdate of the file sql.jsp of the component Interface. Such manipulation of the argument sql leads to sql injection. The attack can be launched remotely. The exploit has...

7.5CVSS0.00259EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/13 7:24 p.m.2 views

CVE-2026-39535

Missing Authorization vulnerability in fullworks Display Eventbrite Events widget-for-eventbrite-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display Eventbrite Events: from n/a through = 6.5.6...

5.3CVSS5.8AI score0.0019EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.25 views

CVE-2026-39697 WordPress MAIO – The new AI GEO / SEO tool plugin <= 6.2.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in HBSS Technologies MAIO – The new AI GEO / SEO tool maio-the-new-ai-geo-seo-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAIO – The new AI GEO / SEO tool: from n/a through = 6.2.8...

5.3CVSS0.00176EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.3 views

CVE-2026-39697

Missing Authorization vulnerability in HBSS Technologies MAIO – The new AI GEO / SEO tool maio-the-new-ai-geo-seo-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAIO – The new AI GEO / SEO tool: from n/a through = 6.2.8...

5.3CVSS5.1AI score0.00176EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.4 views

PT-2026-31276

Name of the Vulnerable Software and Affected Versions G5Theme G5Plus April versions through 6.8 Description A missing authorization issue exists in G5Theme G5Plus April, allowing exploitation of incorrectly configured access control security levels. Recommendations Update G5Plus April to a versio...

5.3CVSS5.8AI score0.00191EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/25 4:15 p.m.3 views

CVE-2026-32513 WordPress JS Archive List plugin <= 6.1.7 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through = 6.1.7...

8.8CVSS5.8AI score0.00279EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.24 views

CVE-2026-32498 WordPress RegistrationMagic plugin <= 6.0.7.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through = 6.0.7.6...

7.5CVSS0.00287EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.26 views

CVE-2026-24373 WordPress RegistrationMagic plugin <= 6.0.7.1 - Account Takeover vulnerability

Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Privilege Escalation.This issue affects RegistrationMagic: from n/a through = 6.0.7.1...

8.1CVSS0.00376EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/21 3:26 a.m.6 views

CVE-2026-2279 myLinksDump <= 1.6 - Authenticated (Administrator+) SQL Injection via 'sort_by' and 'sort_order' Parameters

The myLinksDump plugin for WordPress is vulnerable to SQL Injection via the 'sortby' and 'sortorder' parameters in all versions up to, and including, 1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

7.2CVSS5.9AI score0.00354EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/13 11:42 a.m.1 views

CVE-2026-32360

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in richplugins Rich Showcase for Google Reviews widget-google-reviews allows Stored XSS.This issue affects Rich Showcase for Google Reviews: from n/a through = 6.9.4.3...

5.8AI score0.00183EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.8 views

PT-2026-23415

The Page and Post Clone plugin for WordPress is vulnerable to SQL Injection via the 'meta key' parameter in the content clone function in all versions up to, and including, 6.3. This is due to insufficient escaping on the user-supplied meta key value and insufficient preparation on the existing S...

6.5CVSS6AI score0.00249EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/02 7:44 a.m.5 views

CVE-2026-3382

A security flaw has been discovered in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::BoxedNumber::getas of the file include/chaiscript/dispatchkit/boxednumber.hpp. Performing a manipulation results in memory corruption. The attack requires a local approach. The exploit...

5.5CVSS5.6AI score0.00169EPSS
Exploits0References1
Rows per page
Query Builder