Lucene search
K

136 matches found

NVD
NVD
added 5 days ago10 views

CVE-2026-61343

LibreBooking's email template editor save action passes the submitted template name directly into the destination file path, allowing a remote attacker with administrator credentials to write an arbitrary file outside the template directory and execute code. Fixed in 5.1.0...

8.6CVSS0.0084EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 5 days ago10 views

CVE-2026-5523

The Divi Form Builder plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 5.1.8. This is due to the updateuser function accepting a user ID parameter from form submissions without verifying that the authenticated user has permission to edit that specific...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/07/07 2:31 p.m.6 views

WordPress Extensions for Leaflet Map plugin <= 5.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by manop55555 in WordPress Plugin Extensions for Leaflet Map versions = 5.1...

7.1CVSS5.9AI score0.00251EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/24 3:16 p.m.9 views

CVE-2026-11878

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in OpenText Access Manager allows Cross-Site Scripting XSS. This issue affects Access Manager: from 5.1 through 5.1.2...

8.2CVSS0.0013EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.20 views

PT-2026-48393

The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above,...

4.4CVSS5.7AI score0.00201EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/09 4:22 p.m.29 views

CVE-2026-42567 Svelte: ReDoS in `<svelte:element>` Tag Validation

Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time to test in . This issue has been patched in version 5.55.7...

5.9CVSS0.00421EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/31 1:40 p.m.16 views

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by multiple vulnerabilities in minimatch (CVE-2026-26996, CVE-2026-27903, CVE-2026-27904)

Summary Multiple vulnerabilities in the minimatch matching utility CVE-2026-26996, CVE-2026-27903, CVE-2026-27904 used by IBM InfoSphere Optim Archive Viewer have been addressed by upgrading the component to version 5.1.8. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a...

8.7CVSS5.7AI score0.00519EPSS
Exploits3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/14 8:24 a.m.11 views

CVE-2026-6512 InfusedWoo Pro <= 5.1.2 - Unauthenticated Missing Authorization to Arbitrary Post Deletion via Multiple Parameters

The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to permanently delete...

9.1CVSS5.9AI score0.00264EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/14 8:24 a.m.9 views

CVE-2026-6206

The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.1.2 via the getpostpropertyfromquerystring function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract da...

5.3CVSS5.8AI score0.00351EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.14 views

WordPress plugin MW WP Form 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00351EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/13 7:51 p.m.9 views

WordPress MW WP Form plugin <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure vulnerability

Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure vulnerability discovered by Kirasec in WordPress Plugin MW WP Form versions = 5.1.2...

5.3CVSS5.8AI score0.00351EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/11 5:42 p.m.11 views

CVE-2026-42856

CVE-2026-42856 (Network-AI) affects the Network-AI TypeScript/Node.js multi-agent orchestrator. Before 5.1.3, the MCP HTTP transport accepts JSON-RPC requests to tools/call with no authentication, session, origin, or token checks and dispatches them to the tool registry. The service binds by defa...

8.7CVSS5.8AI score0.00471EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/09 12:0 a.m.7 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-016807)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016807 advisory. An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class...

9.1CVSS5.9AI score0.19396EPSS
Exploits10References4
ATTACKERKB
ATTACKERKB
added 2026/05/05 8:27 a.m.7 views

CVE-2026-3601

The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the embedformaction function in all versions up to, and including, 5.1.4. This makes it possible for authenticated attackers, with Contributor-level acce...

4.3CVSS5.9AI score0.003EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/04 11:53 a.m.10 views

CVE-2026-3120

Improper Control of Generation of Code 'Code Injection' vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This issue affects SambaBox: from 5.1 before 5.3...

7.2CVSS5.8AI score0.01182EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/04 11:53 a.m.6 views

CVE-2026-3120 RCE in Profelis Informatics' SambaBox

Improper Control of Generation of Code 'Code Injection' vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This issue affects SambaBox: from 5.1 before 5.3...

7.2CVSS5.8AI score0.01182EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.10 views

IBM Guardium Key Lifecycle Manager 安全漏洞

IBM Guardium Key Lifecycle Manager is a key management system provided by IBM that offers capabilities for generating, distributing, and managing encrypted keys. There is a security vulnerability in IBM Guardium Key Lifecycle Manager, which stems from improper permission management. This...

4.8CVSS5.8AI score0.00194EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/04/09 8:54 p.m.8 views

WordPress User Registration plugin <= 5.1.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by raihan adi arba in WordPress Plugin User Registration versions = 5.1.5...

7.1CVSS5.1AI score0.00149EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.7 views

PT-2026-31125

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Chill Download Monitor download-monitor allows Blind SQL Injection.This issue affects Download Monitor: from n/a through = 5.1.8...

5.9AI score0.00256EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:17 p.m.6 views

CVE-2026-32356

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in robosoft Robo Gallery robo-gallery allows DOM-Based XSS.This issue affects Robo Gallery: from n/a through = 5.1.2...

6.5CVSS5.8AI score0.00171EPSS
Exploits0References1
Rows per page
Query Builder