Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

563563 matches found

SUSE CVE
SUSE CVEadded 2026/06/06 2:48 a.m.4 views

SUSE CVE-2026-41567

Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via PUT /containers/id/archive or piped through docker cp -, the daemon resolves decompression binaries such as xz or unpigz fr...

7.2CVSS6.2AI score0.00005EPSS
Exploits0References3
EUVD
EUVDadded 2026/06/06 2:28 a.m.10 views

EUVD-2026-34955

The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

4.9CVSS5.7AI score0.00033EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/06/06 2:28 a.m.8 views

CVE-2026-2500

The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the qckplydata function passing the user-supplied filename POST parameter directly to filegetcontents without any validation, sanitization, or path restriction. Th...

4.4CVSS5.4AI score0.0006EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/06/06 2:28 a.m.38 views

CVE-2026-2500 Quick Playground <= 1.3.4 - Authenticated (Administrator+) Arbitrary File Read via 'filename' Parameter

The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the qckplydata function passing the user-supplied filename POST parameter directly to filegetcontents without any validation, sanitization, or path restriction. Th...

4.4CVSS0.0006EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/06/06 2:28 a.m.7 views

CVE-2026-2500 Quick Playground <= 1.3.4 - Authenticated (Administrator+) Arbitrary File Read via 'filename' Parameter

The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the qckplydata function passing the user-supplied filename POST parameter directly to filegetcontents without any validation, sanitization, or path restriction. Th...

4.4CVSS5.4AI score0.0006EPSS
Exploits0References4
EUVD
EUVDadded 2026/06/06 2:28 a.m.8 views

EUVD-2026-34951

The EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block 'url' attribute in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping...

6.4CVSS5.7AI score0.00063EPSS
Exploits0References11
Vulnrichment
Vulnrichmentadded 2026/06/06 2:28 a.m.7 views

CVE-2026-8502 LearnPress <= 4.3.6 - Unauthenticated Sensitive Information Exposure via 'c_status' and 'return_type' Parameters

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the 'returntype' parameter. This makes it possible for unauthenticated attackers to extract sensitive data...

5.3CVSS5.5AI score0.00094EPSS
Exploits0References14
ATTACKERKB
ATTACKERKBadded 2026/06/06 2:28 a.m.6 views

CVE-2026-7796

The EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block 'url' attribute in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping...

6.4CVSS5.7AI score0.00063EPSS
Exploits0References12
EUVD
EUVDadded 2026/06/06 2:28 a.m.9 views

EUVD-2026-34950

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.6.4 via the ajaxloadmore function due to insufficient restrictions on which posts can be included. This makes it possible f...

5.3CVSS5.5AI score0.00072EPSS
Exploits1References14
CVE
CVEadded 2026/06/06 2:28 a.m.23 views

CVE-2026-8502

Technical details for CVE-2026-8502 are not provided in the connected documents; the available description notes exposure via c_status and return_type in LearnPress

5.3CVSS5.5AI score0.00094EPSS
Exploits0References14
EUVD
EUVDadded 2026/06/06 2:28 a.m.9 views

EUVD-2026-34952

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the 'returntype' parameter. This makes it possible for unauthenticated attackers to extract sensitive data...

5.3CVSS5.5AI score0.00094EPSS
Exploits0References14
Vulnrichment
Vulnrichmentadded 2026/06/06 2:28 a.m.6 views

CVE-2026-7665 Essential Addons for Elementor <= 6.6.4 - Missing Authorization to Unauthenticated Information Exposure via 'load_more' AJAX Handler

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.6.4 via the ajaxloadmore function due to insufficient restrictions on which posts can be included. This makes it possible f...

5.3CVSS5.5AI score0.00072EPSS
Exploits1References14
Vulnrichment
Vulnrichmentadded 2026/06/06 2:28 a.m.8 views

CVE-2026-7796 EmbedPress <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block 'url' Attribute

The EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block 'url' attribute in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping...

6.4CVSS5.7AI score0.00063EPSS
Exploits0References11
ATTACKERKB
ATTACKERKBadded 2026/06/06 2:28 a.m.6 views

CVE-2026-7665

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.6.4 via the ajaxloadmore function due to insufficient restrictions on which posts can be included. This makes it possible f...

5.3CVSS5.5AI score0.00072EPSS
Exploits1References15
EUVD
EUVDadded 2026/06/06 2:28 a.m.11 views

EUVD-2026-34949

The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat shortcode 'num' parameter in all versions up to, and including, 4.38. This is due to insufficient escaping when embedding user-supplied shortcode attribute values inside JavaScript string...

6.4CVSS5.8AI score0.00044EPSS
Exploits0References11
ATTACKERKB
ATTACKERKBadded 2026/06/06 2:28 a.m.5 views

CVE-2026-7795

The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat shortcode 'num' parameter in all versions up to, and including, 4.38. This is due to insufficient escaping when embedding user-supplied shortcode attribute values inside JavaScript string...

6.4CVSS5.8AI score0.00044EPSS
Exploits0References12
ATTACKERKB
ATTACKERKBadded 2026/06/06 2:28 a.m.6 views

CVE-2026-7566

The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP...

6.6CVSS5.9AI score0.00197EPSS
Exploits0References9
EUVD
EUVDadded 2026/06/06 2:28 a.m.8 views

EUVD-2026-34946

The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to Arbitrary File Read via Directory Traversal in all versions up to, and including, 4.1.4 via the 'import-user-file' parameter parameter. This makes it possible for authenticated attackers, with administrator-level acces...

4.9CVSS5.6AI score0.00279EPSS
Exploits0References8
Cvelist
Cvelistadded 2026/06/06 2:28 a.m.38 views

CVE-2026-7566 LearnPress – Backup & Migration Tool <= 4.1.4 - Authenticated (Administrator+) PHP Object Injection via WXR XML File Upload

The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP...

6.6CVSS0.00197EPSS
Exploits0References8
Vulnrichment
Vulnrichmentadded 2026/06/06 2:28 a.m.8 views

CVE-2026-7566 LearnPress – Backup & Migration Tool <= 4.1.4 - Authenticated (Administrator+) PHP Object Injection via WXR XML File Upload

The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP...

6.6CVSS5.9AI score0.00197EPSS
Exploits0References8
Rows per page
Query Builder