Lucene search
K

7 matches found

Cvelist
Cvelist
added 2026/06/30 9:31 a.m.35 views

CVE-2026-9711 EventON - WordPress Virtual Event Calendar Plugin <= 5.0.11 - Unauthenticated Blind SQL Injection via Search Parameter

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress full is vulnerable to SQL Injection via the WordPress 'search' parameter in versions up to, and including, 5.0.11 due to insufficient escaping on the user supplied parameter and lack of preparation on the existing SQL quer...

9.8CVSS0.00438EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 5:33 a.m.8 views

CVE-2026-9620

CVE-2026-9620 concerns the WordPress plugin WP Latest Posts (≤ 5.0.11). It enables a Stored Cross-Site Scripting (XSS) via crafted image src attributes in post content. The root cause is insufficient output escaping in the plugin’s field() and loop() functions, which extract the raw src from img ...

6.4CVSS6AI score0.00207EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/06/23 4:46 p.m.5 views

WordPress WP Latest Posts plugin <= 5.0.11 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Latest Posts versions = 5.0.11...

6.4CVSS5.8AI score0.00207EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/08 9:16 a.m.6 views

CVE-2026-39647

Server-Side Request Forgery SSRF vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through = 5.11...

5.4CVSS0.00168EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/09 7:34 a.m.7 views

WordPress RSS Aggregator - RSS Import, News Feeds, Feed to Post, and Autoblogging plugin <= 5.0.11 - Unauthenticated DOM-Based Reflected Cross-Site Scripting via postMessage vulnerability

WordPress RSS Aggregator - RSS Import, News Feeds, Feed to Post, and Autoblogging plugin = 5.0.11 - Unauthenticated DOM-Based Reflected Cross-Site Scripting via postMessage vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - cyberdogzmarketing.com | krei.dev | ogbuilders.io in WordPress...

6.1CVSS5.8AI score0.00209EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/04/15 8:39 p.m.8 views

CVE-2025-32021 Weblate VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext

Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code...

2.2CVSS6.8AI score0.00332EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2021/03/10 12:0 a.m.12 views

PT-2021-2432 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.11.6 Description: The issue is related to the rtw wx set scan function in the Linux kernel, which allows writing beyond the end of the -ssid array. This can lead to a buffer overflow in memory. The exploitation...

9.8CVSS7.6AI score0.88106EPSS
Exploits212References1210
Rows per page
Query Builder