Lucene search
+L

945 matches found

vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-57833 Joomla Extension - weeblr.com - Unauthenticated stored XSS in 4Analytics < 5.0.2

The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS in relation to the AI analysis feature...

8.6CVSS6.1AI score0.00418EPSS
Exploits0References1
nessus
nessus
added 2 days ago4 views

Microsoft PC Manager < 3.22.1.0 Elevation of Privilege (CVE-2026-50438) (July 2026)

The Windows 'Microsoft PC Manager' app installed on the remote host is prior to 3.22.1.0. It is, therefore, affected by an elevation of privilege vulnerability: - A local privilege escalation vulnerability allows an authenticated attacker to escalate privileges beyond the vulnerable component's...

8.8CVSS6.1AI score0.00278EPSS
Exploits0References2
cvelist
cvelist
added 3 days ago30 views

CVE-2026-49971 Laravel-Mediable < 7.0.0 Stored XSS via SVG File Upload

Laravel-Mediable before 7.0.0 contains a stored cross-site scripting vulnerability that allows authenticated or anonymous users to execute arbitrary JavaScript by uploading unsanitized SVG files containing embedded scripts in onload event handlers, script tags, or foreignObject elements. Attacker...

6.1CVSS0.00203EPSS
Exploits0References3
vulnrichment
vulnrichment
added 5 days ago4 views

CVE-2026-57828 Joomla Extension - phoca.cz - Authenticated file upload in RSFiles component < 6.1.3

The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE...

9CVSS6.1AI score0.00305EPSS
Exploits1References2
cvelist
cvelist
added 2026/07/09 1:49 p.m.35 views

CVE-2026-56292 Joomla Extension - acymailing.com - SQL Injection in AcyMailing extension < 10.11.1

A SQLi vulnerability in AcyMailing component 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage...

9.2CVSS0.00263EPSS
Exploits1References2
cbl_mariner
cbl_mariner
added 2026/07/08 4:2 p.m.5 views

CVE-2026-53001 affecting package kernel for versions less than 6.6.143.1-1

CVE-2026-53001 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS6.1AI score0.00122EPSS
Exploits0
cbl_mariner
cbl_mariner
added 2026/07/08 4:2 p.m.5 views

CVE-2026-53037 affecting package kernel for versions less than 6.6.143.1-1

CVE-2026-53037 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS6.1AI score0.00095EPSS
Exploits0
euvd
euvd
added 2026/07/03 10:19 a.m.8 views

EUVD-2026-41530

A vulnerability exists in the Kong Konnect Model Context Protocol MCP server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests...

7.4CVSS6.1AI score0.00258EPSS
Exploits0References1
nessus
nessus
added 2026/07/01 12:0 a.m.6 views

Mozilla Thunderbird < 152.0.1

The version of Thunderbird installed on the remote Windows host is prior to 152.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-63 advisory. - An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content, phishing...

6.5CVSS6.2AI score0.00203EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/28 6:37 p.m.11 views

CVE-2026-49048 Joomla Extension - joomcoder.com - Unauthenticated SQL Injection in JoomCCK extension for Joomla < 6.4.1

The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation...

8.7CVSS5.8AI score0.00505EPSS
Exploits1References1
cve
cve
added 2026/06/26 2:52 p.m.11 views

CVE-2026-56045

The CVE-2026-56045 entry applies to the WordPress Automatic plugin versions earlier than 3.135.1, with an unauthenticated Cross Site Scripting (XSS) vulnerability. Affected software: WordPress Automatic plugin (

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
cve
cve
added 2026/06/26 2:52 p.m.21 views

CVE-2025-68064

CVE-2025-68064 concerns a Local File Inclusion vulnerability in the WordPress Goya Core plugin, versions earlier than 1.0.9.4. The issue arises from a faulty file path handling in the plugin, enabling an attacker to access sensitive files. The CVSS 3.1 vector indicates remote access with high imp...

7.5CVSS5.8AI score0.0032EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/24 6:0 a.m.38 views

CVE-2026-9709 Themeco Cornerstone < 7.8.9 (Premium, bundled with X Theme) - Subscriber+ Arbitrary User Meta Disclosure

The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST API routes, allowing any authenticated user to disclose the metadata of any other user, including roles, session token previews and stored billing/shipping fields. This affects the premium co...

0.00219EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/24 5:33 a.m.42 views

CVE-2026-8705 ClearSale Total <= 3.4.2 - Unauthenticated SQL Injection

The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the pagsegurometodo POST parameter of the clearsaletotalpush AJAX action in all versions up to, and including, 3.4.2. The handler is registered for unauthenticated users wpajaxnoprivclearsaletotalpush, and although a...

7.5CVSS0.00505EPSS
Exploits0References6
cbl_mariner
cbl_mariner
added 2026/06/24 1:46 a.m.6 views

CVE-2026-39821 affecting package golang for versions less than 1.25.11-2

CVE-2026-39821 affecting package golang for versions less than 1.25.11-2. A patched version of the package is available...

9.6CVSS5.8AI score0.00478EPSS
Exploits0
cbl_mariner
cbl_mariner
added 2026/06/22 9:21 p.m.4 views

CVE-2026-46286 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-46286 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS5.8AI score0.00122EPSS
Exploits0
cbl_mariner
cbl_mariner
added 2026/06/22 9:21 p.m.10 views

CVE-2026-46108 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-46108 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS5.8AI score0.00123EPSS
Exploits0
cbl_mariner
cbl_mariner
added 2026/06/22 9:21 p.m.7 views

CVE-2026-45839 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-45839 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

7.8CVSS5.8AI score0.0012EPSS
Exploits0
cbl_mariner
cbl_mariner
added 2026/06/22 9:21 p.m.10 views

CVE-2026-46075 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-46075 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

7.8CVSS5.8AI score0.00129EPSS
Exploits0
cbl_mariner
cbl_mariner
added 2026/06/22 9:21 p.m.11 views

CVE-2026-46064 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-46064 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

7.1CVSS5.8AI score0.00126EPSS
Exploits0
Rows per page
Query Builder