Lucene search
K

55 matches found

NVD
NVD
added 5 hours ago6 views

CVE-2026-59892

OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx- HTTP header values with decodeURIComponent without handling decode errors, allowing an unauthenticated remote attacker to send a malformed...

7.5CVSS
Exploits0References3
Snyk
Snyk
added 2026/06/03 6:2 p.m.20 views

Arbitrary Command Injection

Overview launch-editor is a launch editor from node.js Affected versions of this package are vulnerable to Arbitrary Command Injection due to improper sanitization of the file argument on Windows systems. An attacker can execute arbitrary commands by supplying a specially crafted filename as the...

8.8CVSS5.9AI score0.00521EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/08 12:30 a.m.3 views

EUVD-2026-19990

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Credit Card field's 'Card Type' sub-field input.4 in all versions up to, and including, 2.9.30. This is due to the getvalueentrydetail method in the GFFieldCreditCard class outputting the card type value...

6.1CVSS6.1AI score0.00291EPSS
Exploits0References7
CVE
CVE
added 2026/04/02 7:39 a.m.20 views

CVE-2026-5032

CVE-2026-5032 affects the WordPress plugin W3 Total Cache (versions

7.5CVSS6.4AI score0.00956EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/25 6:31 p.m.4 views

EUVD-2026-15742

Missing Authorization vulnerability in LiquidThemes Ave Core ave-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ave Core: from n/a through = 2.9.1...

5.8AI score0.00189EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/03/10 10:44 a.m.5 views

WordPress Darna Framework plugin <= 2.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Darna Framework versions = 2.9...

7.1CVSS5.8AI score0.00175EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/06 7:54 a.m.3 views

CVE-2026-28117

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes smart SEO smartSEO allows PHP Local File Inclusion.This issue affects smart SEO: from n/a through = 2.9...

8.1CVSS5.8AI score0.00327EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.6 views

PT-2026-21154

Name of the Vulnerable Software and Affected Versions beeteam368 VidoRev versions through 2.9.9.9.9.9.7 Description The software contains an Improper Control of Filename for Include/Require Statement, also known as a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion...

5.4AI score0.00397EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/15 1:28 p.m.7 views

CVE-2026-0550

The myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mycredloadcoupon' shortcode in all versions up to, and including, 2.9.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.7AI score0.00152EPSS
Exploits0References1
CVE
CVE
added 2026/02/09 7:16 p.m.29 views

CVE-2026-25057

CVE-2026-25057 affects MarkUs prior to version 2.9.1. Instructors can upload a zip file to create an assignment from an exported configuration, and the zip entry names are used to construct paths for writing files to disk without validating those paths. This can allow arbitrary path usage during ...

9.1CVSS5.6AI score0.00469EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.12 views

OpenSTAManager 安全漏洞

OpenSTAManager is an open-source management software for technical assistance and billing developed by Devcode. Versions of OpenSTAManager prior to v2.9.8 contained security vulnerabilities. These vulnerabilities stemmed from insufficient validation of the iddocumenti GET parameters in the Prima...

8.7CVSS5.9AI score0.00344EPSS
Exploits3References1
OSV
OSV
added 2026/02/04 5:42 p.m.7 views

CVE-2025-69215 OpenSTAManager has an SQL Injection in the Stampe Module

OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, there is a SQL Injection vulnerability in the Stampe Module. At time of publication, no known patch exists...

8.7CVSS5.7AI score0.00374EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.6 views

PT-2026-4388

Name of the Vulnerable Software and Affected Versions Download After Email versions through 2.1.9 Description A missing authorization issue exists in the Download After Email software. This flaw stems from incorrectly configured access control security levels, potentially allowing unauthorized...

5.2AI score0.00197EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/01/07 12:57 p.m.5 views

WordPress Brook - Agency Business Creative theme <= 2.9.0 - Local File Inclusion vulnerability

WordPress Brook - Agency Business Creative theme = 2.9.0 - Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Brook versions = 2.9.0...

9.8CVSS7AI score0.00403EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/01/06 12:0 a.m.4 views

WordPress plugin Team Showcase 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS5.7AI score0.0013EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Total Contest Lite plugin < 2.9.0 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin TotalContest Lite versions 2.9.0...

6.1CVSS8.3AI score0.00315EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/30 9:45 a.m.5 views

WordPress Team Showcase plugin <= 2.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Team Showcase versions = 2.9...

5.4CVSS6.1AI score0.0013EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/20 12:0 a.m.6 views

PT-2025-54458

Name of the Vulnerable Software and Affected Versions Cowrie versions prior to 2.9.0 Description Cowrie versions before 2.9.0 have a server-side request forgery SSRF issue in the emulated shell implementations of wget and curl. The default configuration allows these commands to make real outbound...

8.3CVSS7.5AI score0.00616EPSS
Exploits1References16
Cvelist
Cvelist
added 2025/11/06 3:55 p.m.10 views

CVE-2025-60245 WordPress WP User Manager plugin <= 2.9.12 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user-manager allows Object Injection.This issue affects WP User Manager: from n/a through = 2.9.12...

9.8CVSS0.00476EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/23 3:30 p.m.6 views

EUVD-2025-35678

The Beaver Builder Plugin Starter Version plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘autoplay’ parameter in all versions up to, and including, 2.9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

6.4CVSS4.7AI score0.0016EPSS
Exploits0References3
Rows per page
Query Builder