Lucene search
K

11301 matches found

ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-13704

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sequoiaintroductionimage' parameter in all versions up to, and including, 4.16.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.9AI score0.00235EPSS
Exploits0References10
NVD
NVD
added 2026/07/01 5:16 a.m.7 views

CVE-2026-12133

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Group Deletion in versions up to, and including, 5.7.8. This is due to a missing capability check in the joomsportseasongroupdel AJAX handler, which only...

4.3CVSS0.0025EPSS
Exploits0References10
Patchstack
Patchstack
added 2026/06/30 6:55 p.m.5 views

WordPress Download Manager plugin <= 3.3.60 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by PRISM in WordPress Plugin Download Manager versions = 3.3.60...

6.4CVSS5.8AI score0.00206EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/30 4:30 a.m.15 views

CVE-2026-12560

The Editorial Rating – Product Review & Rating System plugin for WordPress (versions up to 4.0.5) is vulnerable to Stored Cross-Site Scripting via the Link URL field due to insufficient input sanitization and output escaping. Authenticated attackers with administrator-level access can store a pay...

4.4CVSS5.9AI score0.0024EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.14 views

PT-2026-53811

Name of the Vulnerable Software and Affected Versions Editorial Rating – Product Review & Rating System versions prior to 4.0.6 Description Insufficient input sanitization and output escaping allow authenticated attackers with administrator-level access and above to perform Stored Cross-Site...

4.4CVSS6.1AI score0.0024EPSS
Exploits0References15
NVD
NVD
added 2026/06/29 6:16 p.m.8 views

CVE-2026-57949

ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GET /admin-api/crm/follow-up-record/get endpoint that allows authenticated users to read any follow-up record by iterating sequential numeric IDs. Attackers can exploit this ...

7.1CVSS0.00231EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/29 5:19 p.m.8 views

CVE-2026-57949

ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GET /admin-api/crm/follow-up-record/get endpoint that allows authenticated users to read any follow-up record by iterating sequential numeric IDs. Attackers can exploit this ...

7.1CVSS5.9AI score0.00231EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/29 5:19 p.m.8 views

CVE-2026-57949 ruoyi-vue-pro - Missing Authorization in CRM Follow-up Record GET Endpoint

ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GET /admin-api/crm/follow-up-record/get endpoint that allows authenticated users to read any follow-up record by iterating sequential numeric IDs. Attackers can exploit this ...

7.1CVSS5.9AI score0.00231EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/29 5:19 p.m.8 views

EUVD-2026-40166

ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GET /admin-api/crm/follow-up-record/get endpoint that allows authenticated users to read any follow-up record by iterating sequential numeric IDs. Attackers can exploit this ...

7.1CVSS5.9AI score0.00231EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 5:19 p.m.12 views

CVE-2026-57949

ruoyi-vue-pro (through 2026.05) contains a missing authorization vulnerability in the CRM module’s GET /admin-api/crm/follow-up-record/get endpoint. The issue allows an authenticated user to read any follow-up record by iterating sequential numeric IDs, exfiltrating follow-up notes, file attachme...

7.1CVSS5.9AI score0.00231EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/29 5:19 p.m.31 views

CVE-2026-57949 ruoyi-vue-pro - Missing Authorization in CRM Follow-up Record GET Endpoint

ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GET /admin-api/crm/follow-up-record/get endpoint that allows authenticated users to read any follow-up record by iterating sequential numeric IDs. Attackers can exploit this ...

7.1CVSS0.00231EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 3:50 p.m.2 views

SUSE-SU-2026:22509-1 Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.30.1 fixes various security issues The following security issues were fixed: - CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache bsc1261640. - CVE-2026-31504: net: fix fanout UAF in packetrelease via NETDEVUP race...

9.8CVSS6.7AI score0.0049EPSS
Exploits8References14
NVD
NVD
added 2026/06/29 3:16 p.m.8 views

CVE-2026-57328

Subscriber Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

6.5CVSS0.00211EPSS
Exploits0References1
NVD
NVD
added 2026/06/29 3:16 p.m.8 views

CVE-2026-57329

Subscriber Cross Site Scripting XSS in WooCommerce Designer Pro = 1.9.34 versions...

6.5CVSS0.00211EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 1:36 p.m.12 views

CVE-2026-57340

CVE-2026-57340 describes an Unauthenticated Broken Access Control vulnerability in the WordPress plugin Japanized For WooCommerce versions up to 2.9.12 . The metric indicates a CVSS v3.1 base score of 6.5 (Medium) with attack vector Network , attack complexity Low , privileges required None , use...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/29 1:36 p.m.7 views

EUVD-2026-40104

Unauthenticated Cross Site Scripting XSS in Link Whisper Free = 0.9.4 versions...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/29 1:36 p.m.27 views

CVE-2026-57333 WordPress Link Whisper Free plugin <= 0.9.4 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Link Whisper Free = 0.9.4 versions...

7.1CVSS0.00146EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 1:36 p.m.6 views

CVE-2026-57334

Unauthenticated Broken Access Control in WP User Frontend = 4.3.7 versions...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References2
CVE
CVE
added 2026/06/29 1:36 p.m.14 views

CVE-2026-57332

The CVE affects the WordPress Wallet System for WooCommerce plugin, specifically versions

7.1CVSS5.8AI score0.00256EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/29 1:36 p.m.31 views

CVE-2026-57331 WordPress Paid Videochat Turnkey Site plugin <= 7.4.8 - Arbitrary File Deletion vulnerability

Performer Arbitrary File Deletion in Paid Videochat Turnkey Site = 7.4.8 versions...

9.9CVSS0.00344EPSS
Exploits0References1
Rows per page
Query Builder