Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

44 matches found

RedhatCVE
RedhatCVEadded yesterday3 views

CVE-2026-7525

The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers,...

4.3CVSS5.5AI score0.00017EPSS
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2026/05/19 12:0 a.m.8 views

Debian dsa-6281 : gnutls-bin - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6281 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6281-1 [email protected]...

9.8CVSS6.1AI score0.00486EPSS
Exploits2References29
EUVD
EUVDadded 2026/05/14 3:27 a.m.4 views

EUVD-2026-30217

The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers,...

4.3CVSS5.8AI score0.00017EPSS
Exploits0References12
CVE
CVEadded 2026/05/14 3:27 a.m.10 views

CVE-2026-7525

The CVE pertains to WordPress plugin My Calendar – Accessible Event Manager (versions ≤ 3.7.9). It describes an authorization bypass: authenticated users with custom-level access can tamper with the POST body (e.g., event_approved) to publish events or set statuses (cancelled, private) beyond the...

4.3CVSS5.8AI score0.00017EPSS
Exploits0References12
Vulnrichment
Vulnrichmentadded 2026/05/14 3:27 a.m.4 views

CVE-2026-7525 My Calendar <= 3.7.9 - Authenticated (Custom+) Missing Authorization to Unauthorized Event Publication via 'event_approved' Parameter

The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers,...

4.3CVSS5.8AI score0.00017EPSS
Exploits0References12
Patchstack
Patchstackadded 2026/05/13 12:0 a.m.8 views

WordPress My Calendar – Accessible Event Manager plugin <= 3.7.9 - Authenticated (Custom+) Missing Authorization to Unauthorized Event Publication vulnerability

Authenticated Custom+ Missing Authorization to Unauthorized Event Publication vulnerability discovered by type5afe in WordPress Plugin My Calendar versions = 3.7.9...

4.3CVSS5.8AI score0.00017EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/08 2:55 a.m.5 views

CVE-2026-43943 electerm: RCE via malicious SSH server filename in openFileWithEditor

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution RCE vulnerability exists in electerm's SFTP open with system editor or "Edit with custom editor" feature. When a user opts to edit a file using open with system edito...

7.8CVSS6.3AI score0.00032EPSS
Exploits0References3
CVE
CVEadded 2026/05/08 2:55 a.m.10 views

CVE-2026-43943

The CVE applies to electerm prior to version 3.7.9, where the SFTP open with system editor or Edit with custom editor feature passes the filename directly into a shell command without sanitization. A malicious SSH server or compromised OS can craft a filename containing shell metacharacters; when...

7.8CVSS6.3AI score0.00032EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2026/05/08 2:55 a.m.24 views

CVE-2026-43943 electerm: RCE via malicious SSH server filename in openFileWithEditor

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution RCE vulnerability exists in electerm's SFTP open with system editor or "Edit with custom editor" feature. When a user opts to edit a file using open with system edito...

7.8CVSS0.00032EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/08 12:0 a.m.6 views

PT-2026-38649

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution RCE vulnerability exists in electerm's SFTP open with system editor or "Edit with custom editor" feature. When a user opts to edit a file using open with system edito...

7.8CVSS6.3AI score0.00032EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/04/05 10:55 a.m.1 views

CVE-2026-2600

The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ekittabtitle' parameter in the Simple Tab widget in all versions up to, and including, 3.7.9 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS6.1AI score0.00012EPSS
Exploits1References1
EUVD
EUVDadded 2026/04/04 12:31 p.m.1 views

EUVD-2026-18991

The WPFunnels – Easy Funnel Builder To Optimize Buyer Journeys And Get More Leads & Sales plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpfoptinform' shortcode in all versions up to, and including, 3.7.9 due to insufficient input sanitization and output escaping of th...

6.4CVSS6.1AI score0.00012EPSS
Exploits0References3
NVD
NVDadded 2026/04/04 12:16 p.m.1 views

CVE-2026-0626

The WPFunnels – Easy Funnel Builder To Optimize Buyer Journeys And Get More Leads & Sales plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpfoptinform' shortcode in all versions up to, and including, 3.7.9 due to insufficient input sanitization and output escaping of th...

6.4CVSS0.00012EPSS
Exploits0References2
CVE
CVEadded 2026/04/04 11:16 a.m.9 views

CVE-2026-0626

CVE-2026-0626 affects the WordPress plugin WPFunnels – Easy Funnel Builder (all versions up to and including 3.7.9). The vulnerability is in the wpf_optin_form shortcode, where insufficient input sanitization and output escaping of the button_icon parameter allows an authenticated attacker with c...

6.4CVSS6.1AI score0.00012EPSS
Exploits0References2
EUVD
EUVDadded 2026/04/04 9:30 a.m.2 views

EUVD-2026-18979

The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ekittabtitle' parameter in the Simple Tab widget in all versions up to, and including, 3.7.9 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS6.1AI score0.00012EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/04/04 7:41 a.m.20 views

CVE-2026-2600 ElementsKit Elementor Addons and Templates <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Simple Tab Widget

The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ekittabtitle' parameter in the Simple Tab widget in all versions up to, and including, 3.7.9 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS0.00012EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/04/04 7:41 a.m.2 views

CVE-2026-2600 ElementsKit Elementor Addons and Templates <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Simple Tab Widget

The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ekittabtitle' parameter in the Simple Tab widget in all versions up to, and including, 3.7.9 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS6.1AI score0.00012EPSS
Exploits1References2
Patchstack
Patchstackadded 2026/04/04 12:5 a.m.2 views

WordPress ElementsKit Elementor Addons and Templates plugin <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Simple Tab Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Simple Tab Widget vulnerability discovered by knani alaaeddine iwd in WordPress Plugin ElementsKit Elementor addons Lite versions = 3.7.9...

6.4CVSS5.9AI score0.00012EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologiesadded 2026/04/04 12:0 a.m.4 views

PT-2026-30343

The WPFunnels – Easy Funnel Builder To Optimize Buyer Journeys And Get More Leads & Sales plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpf optin form' shortcode in all versions up to, and including, 3.7.9 due to insufficient input sanitization and output escaping of...

6.4CVSS6.1AI score0.00012EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/03/26 5:3 p.m.1 views

CVE-2026-32501

Missing Authorization vulnerability in wp-configurator WP Configurator Pro wp-configurator-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Configurator Pro: from n/a through = 3.7.9...

7.1CVSS5.8AI score0.00043EPSS
Exploits0References1
Rows per page
Query Builder