Lucene search
K

20 matches found

Cvelist
Cvelist
added 2026/07/02 11:14 a.m.31 views

CVE-2025-69153 WordPress Trendy Travel theme <= 6.7 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Trendy Travel = 6.7 versions...

7.1CVSS0.0018EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.10 views

WordPress plugin WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The WordPres...

8.1CVSS5.8AI score0.00328EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/15 1:25 a.m.6 views

CVE-2026-4812 Advanced Custom Fields (ACF®) <= 6.7.0 - Unauthenticated Missing Authorization to Arbitrary Post/Page Disclosure via AJAX Field Query Parameters

The Advanced Custom Fields ACF plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Post/Page Disclosure in versions up to and including 6.7.0. This is due to AJAX field query endpoints accepting user-supplied filter parameters that override field-configured restrictions witho...

5.3CVSS5.7AI score0.00625EPSS
Exploits0References17
SUSE CVE
SUSE CVE
added 2026/03/28 12:27 a.m.7 views

SUSE CVE-2026-32301

Centrifugo is an open-source scalable real-time messaging server. Prior to 6.7.0, Centrifugo is vulnerable to Server-Side Request Forgery SSRF when configured with a dynamic JWKS endpoint URL using template variables e.g. tenant. An unauthenticated attacker can craft a JWT with a malicious iss or...

9.3CVSS5.9AI score0.00258EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/13 8:3 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchKey function. An attacker can cause the server to make arbitrary HTTP requests to attacker-controlled destinations by crafting a JWT with malicious claim values that are interpolated into th...

9.3CVSS5.9AI score0.00258EPSS
Exploits1References2
OSV
OSV
added 2026/02/26 12:42 a.m.8 views

CVE-2026-27888 pypdf: Manipulated FlateDecode XFA streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...

8.7CVSS5.5AI score0.00348EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2026/02/20 9:10 p.m.6 views

CVE-2026-27024

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the children of a TreeObject, for example as part of outlines. This vulnerability is fixed in 6.7.1...

6.9CVSS5.3AI score0.00168EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/06 1:30 p.m.25 views

CVE-2026-23797

In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7...

6.9CVSS5.4AI score0.00245EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/05 11:7 a.m.6 views

CVE-2026-23797 Plaintext password display in Quick.Cart

In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7...

6.9CVSS5.4AI score0.00268EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/22 11:57 a.m.4 views

CVE-2025-67684

Quick.Cart is vulnerable to Local File Inclusion and Path Traversal issues in the theme selection mechanism. Quick.Cart allows a privileged user to upload arbitrary file contents while only validating the filename extension. This allows an attacker to include and execute uploaded PHP code,...

9.4CVSS5.8AI score0.00731EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/01/22 11:57 a.m.6 views

EUVD-2026-4160

Quick.Cart is vulnerable to reflected XSS via the sSort parameter. An attacker can craft a malicious URL which, when opened, results in arbitrary JavaScript execution in the victim’s browser. The vendor was notified early about this vulnerability, but didn't respond with the details of...

5.1CVSS5.8AI score0.00253EPSS
Exploits0References3
CVE
CVE
added 2025/12/06 6:39 a.m.29 views

CVE-2025-13748

CVE-2025-13748: Fluent Forms for WordPress (

5.3CVSS5.6AI score0.0026EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/07/13 4:59 a.m.11 views

WordPress Ultra Portfolio - WordPress Plugin <= 6.7 - Cross Site Scripting (XSS) Vulnerability

WordPress Ultra Portfolio - WordPress Plugin = 6.7 - Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Ultra Portfolio versions = 6.7...

6.5CVSS6.2AI score0.00219EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/14 1:37 p.m.11 views

CVE-2024-56938

LearnDash v6.7.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the materials-content class...

5.4CVSS5.9AI score0.00321EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/14 1:36 p.m.16 views

CVE-2024-56939

LearnDash v6.7.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the ld-comment-body class...

5.4CVSS5.9AI score0.00321EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.5 views

TCPDF 安全漏洞

TCPDF is an open source library from Tecnick. It is used to generate PDF documents and barcodes. A security vulnerability exists in TCPDF versions prior to 6.7.4, which stems from incorrectly handling calls that use HTML syntax...

6.1CVSS6.1AI score0.00582EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/02/10 12:0 a.m.6 views

WordPress Plugin Awesome Support Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plug-in. A security vulnerability exists in WordPre...

5.3CVSS6.5AI score0.004EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/01/09 12:0 a.m.6 views

WordPress Plugin Formidable Forms Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.5CVSS8.8AI score0.00393EPSS
Exploits0References3
NCSC
NCSC
added 2021/11/24 12:0 a.m.7 views

Vulnerabilities fixed in VMware vCenter

VMware has fixed vulnerabilities in vCenter server. A malicious party on the local network, with access to port 443 could exploit the vulnerabilities to gain access to sensitive data. VMware did not release further details. VMWare has released updates to fix the vulnerabilities in vCenter server...

9.8CVSS7AI score0.04601EPSS
Exploits2
CNVD
CNVD
added 2020/05/06 12:0 a.m.6 views

Dell EMC RSA Archer Input Validation Error Vulnerability

Dell EMC RSA Archer is an enterprise IT governance and compliance governance product from Dell USA. The product enables the development of eGRC programs for managing enterprise risk, automating business processes, and more. An input validation error vulnerability exists in versions prior to Dell...

6.1CVSS6.7AI score0.00754EPSS
Exploits0References1
Rows per page
Query Builder