Lucene search
K

119 matches found

Cvelist
Cvelist
added 2 days ago26 views

CVE-2026-57790 WordPress Billey theme <= 2.1.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Billey billey allows PHP Local File Inclusion.This issue affects Billey: from n/a through = 2.1.8...

7.5CVSS0.00496EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:15 a.m.16 views

CVE-2026-57753

The CVE-2026-57753 entry concerns the WordPress Kit (formerly ConvertKit) for WooCommerce plugin, affected versions 2.1.5 and earlier. Description indicates an unauthenticated sensitive data exposure vulnerability in these versions. The provided documents do not specify the exact root cause, vuln...

5.3CVSS5.8AI score0.00206EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-57431

Author Cross Site Scripting XSS in Featured Image = 2.1 versions...

6.5CVSS0.00161EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 9:36 p.m.3 views

CVE-2026-55455 Appsmith: SSRF in REST API / GraphQL datasource plugins via insufficient host denylist

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the outbound HTTP host filter applied by WebClientUtils used by the REST API and GraphQL datasource plugins validates hosts against an exact-match string denylist. The comprehensive address-class check...

5.3CVSS6AI score0.0022EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 9:35 p.m.4 views

CVE-2026-50189 Appsmith: RCE via Supervisord XML-RPC Admin Interface Exposed via /supervisor Caddy Route

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled supervisord exposes an XML-RPC interface on port 9001, reachable from outside the container via a Caddy reverse-proxy route at /supervisor/ on the public ingress. Combined with the...

8.9CVSS6.1AI score0.00271EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37592

Subscriber Broken Access Control in Bricks Builder = 2.1.4 versions...

4.3CVSS5.2AI score0.00243EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.11 views

CVE-2026-40939

The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access token expired. This...

6.8CVSS5.5AI score0.00154EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.9 views

CVE-2026-34896

Cross-Site Request Forgery CSRF vulnerability in Analytify Under Construction, Coming Soon & Maintenance Mode allows Cross Site Request Forgery.This issue affects Under Construction, Coming Soon & Maintenance Mode: from n/a through 2.1.1...

7.5CVSS5.4AI score0.00122EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/05 12:0 a.m.14 views

WordPress Event Monster – Event Manager, Ticket Booking & Registration plugin <= 2.1.0 - Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass vulnerability

Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass vulnerability discovered by NAKLEH ZEIDAN in WordPress Plugin Event Management Tickets Booking versions = 2.1.0...

5.3CVSS5.5AI score0.00165EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/01 7:12 a.m.3 views

CVE-2026-35563 Apache Directory LDAP API: LDAP client implementation does not verify if the server certificate matches the intended LDAP hostname

It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the underlying code validates the certificate chain against a trusted authority, the absence of endpoint identification allows a valid...

8.8CVSS5.9AI score0.00182EPSS
Exploits0References5
NVD
NVD
added 2026/05/29 7:16 a.m.21 views

CVE-2026-6275

The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.1 This is due to insufficient output escaping on the post author's nickname in the statcounteraddToTags function. The function is hooked to wphead...

6.4CVSS0.00305EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/29 5:32 a.m.11 views

EUVD-2026-33250

The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.1 This is due to insufficient output escaping on the post author's nickname in the statcounteraddToTags function. The function is hooked to wphead...

6.4CVSS6AI score0.00305EPSS
Exploits0References6
NVD
NVD
added 2026/05/26 5:16 p.m.27 views

CVE-2026-44502

Bugsink is a self-hosted error tracking tool. Prior to 2.1.3, Bugsink’s webhook URL validation could be partially bypassed because of a mismatch in URL parsing. The original validation logic parsed webhook URLs with Python’s urllib.parse.urlparse, then sent the request with requests.post. For...

4.3CVSS0.00286EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/14 8:24 a.m.9 views

CVE-2026-6174

The CC Child Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'more' parameter in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access a...

6.4CVSS6AI score0.00156EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/05/13 7:50 p.m.11 views

WordPress CC Child Pages plugin <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin CC Child Pages versions = 2.1.1...

6.4CVSS5.8AI score0.00156EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/08 10:56 p.m.11 views

EUVD-2026-28864

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, all Docker container management endpoints in Termix interpolate the containerId URL path parameter and WebSocket message field directly into shell commands execute...

9.9CVSS6AI score0.00652EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/05 2:26 a.m.39 views

CVE-2026-6255 Simple Owl Shortcodes <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'num' Shortcode Attribute

The Simple Owl Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'num' attribute of the 'owlswrapper' shortcode in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00181EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/01 12:0 a.m.4 views

Fedora 43 : glow (2026-6d67b00ef1)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-6d67b00ef1 advisory. Update to version 2.1.2. This also updates some of the vendored dependencies to fix CVEs, as well as building with the latest golang to fix even mor...

7.5CVSS5.8AI score0.00626EPSS
Exploits0References5
CVE
CVE
added 2026/04/14 3:37 a.m.10 views

CVE-2026-1607

CVE-2026-1607 affects the Surbma | Booking.com Shortcode plugin for WordPress, up to version 2.1. The flaw arises from insufficient input sanitization and output escaping on user-supplied attributes of the surbma-bookingcom shortcode, enabling an authenticated attacker with contributor-level acce...

6.4CVSS5.9AI score0.00152EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.7 views

PT-2026-32591

The Surbma | Booking.com Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's surbma-bookingcom shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

6.4CVSS5.9AI score0.00152EPSS
Exploits0References6
Rows per page
Query Builder