Lucene search
K

1776 matches found

ATTACKERKB
ATTACKERKB
added 9 hours ago2 views

CVE-2026-13347

The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the hewrapperjs and hewrappercss query parameters processed by the elementorassetsfilter function. This is due to the function concatenating user-supplied input directly onto...

7.5CVSS6.1AI score
Exploits0References4
EUVD
EUVD
added 6 days ago9 views

EUVD-2026-41656

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

10CVSS7.8AI score0.00809EPSS
Exploits4References1
Cvelist
Cvelist
added last week47 views

CVE-2026-22874 Gitea webhook and migration allow-list filtering permits SSRF

Gitea versions up to and including 1.26.2 have incomplete SSRF protection in webhook and migration allow-list filtering...

9.6CVSS0.00464EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/07/02 11:16 a.m.40 views

CVE-2026-57765 WordPress WP EasyCart plugin <= 5.9.0 - SQL Injection vulnerability

Contributor SQL Injection in WP EasyCart = 5.9.0 versions...

8.5CVSS0.0022EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:16 a.m.9 views

CVE-2026-57762

Author Cross Site Scripting XSS in Simple URLs = 151 versions...

5.9CVSS5.8AI score0.00148EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 11:15 a.m.14 views

CVE-2026-57687

CVE-2026-57687 concerns a SQL Injection vulnerability in the WordPress plugin Custom Field Template (versions

8.5CVSS5.8AI score0.0022EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:14 a.m.7 views

CVE-2025-69153

Unauthenticated Cross Site Scripting XSS in Trendy Travel = 6.7 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/07/02 9:27 a.m.6 views

WordPress WP EasyCart plugin <= 5.9.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by HaiND in WordPress Plugin WP EasyCart versions = 5.9.1...

8.5CVSS6AI score0.0022EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.14 views

PT-2026-54965

Unauthenticated Cross Site Scripting XSS in Artale | Wedding Photography WordPress = 2.2.2 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.22 views

PT-2026-55034

Name of the Vulnerable Software and Affected Versions Booked versions prior to 3.0.1 Description Broken access control allows users with subscriber privileges to perform unauthorized actions. Recommendations Update to a version newer than 3.0.0...

7.1CVSS5.9AI score0.00235EPSS
Exploits0References4
NVD
NVD
added 2026/07/01 5:16 a.m.7 views

CVE-2026-12133

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Group Deletion in versions up to, and including, 5.7.8. This is due to a missing capability check in the joomsportseasongroupdel AJAX handler, which only...

4.3CVSS0.0025EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.15 views

PT-2026-53811

Name of the Vulnerable Software and Affected Versions Editorial Rating – Product Review & Rating System versions prior to 4.0.6 Description Insufficient input sanitization and output escaping allow authenticated attackers with administrator-level access and above to perform Stored Cross-Site...

4.4CVSS6.1AI score0.0024EPSS
Exploits0References16
NVD
NVD
added 2026/06/29 3:16 p.m.8 views

CVE-2026-57328

Subscriber Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

6.5CVSS0.00211EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/29 1:25 p.m.6 views

WordPress Tourmaster plugin <= 5.4.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Tourmaster versions = 5.4.5...

7.5CVSS5.8AI score0.004EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/29 9:43 a.m.5 views

WordPress Ads by WPQuads plugin <= 3.0.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Ads by WPQuads versions = 3.0.3...

6.5CVSS5.8AI score0.00229EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/27 8:16 a.m.16 views

CVE-2026-11987

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.4 via the 'id' parameter due to missing validation on a user controlled key. This...

4.3CVSS0.00271EPSS
Exploits0References14
NVD
NVD
added 2026/06/26 3:16 p.m.8 views

CVE-2026-57631

Administrator SQL Injection in Popup box = 6.0.1 versions...

7.6CVSS0.00279EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.5 views

CVE-2026-52701

Unauthenticated Broken Access Control in User Registration = 5.2.2 versions...

6.5CVSS0.00194EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:53 p.m.5 views

EUVD-2026-39763

Contributor Broken Access Control in Nelio Content = 4.3.4 versions...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:53 p.m.5 views

EUVD-2026-39757

Contributor SQL Injection in Gallery = 4.7.8 versions...

8.5CVSS5.8AI score0.00211EPSS
Exploits0References1
Rows per page
Query Builder