Lucene search
K

245 matches found

Positive Technologies
Positive Technologies
•added 2026/04/22 12:0 a.m.•6 views

PT-2026-34292

Name of the Vulnerable Software and Affected Versions WP Responsive Popup + Optin versions prior to 1.5 Description The WP Responsive Popup + Optin plugin for WordPress is susceptible to Cross-Site Request Forgery. The settings form on the admin page 'wpo admin page.php' fails to implement nonce...

6.1CVSS5.7AI score0.00181EPSS
Exploits0References14
Vulnrichment
Vulnrichment
•added 2026/04/21 6:43 a.m.•5 views

CVE-2026-6711 Website LLMs.txt <= 8.2.6 - Reflected Cross-Site Scripting

The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.6. This is due to the use of filterinput without a sanitization filter and insufficient output escaping. This makes it possible for...

6.1CVSS5.9AI score0.00215EPSS
Exploits0References2
NVD
NVD
•added 2026/03/31 5:16 a.m.•3 views

CVE-2026-5181

A vulnerability has been found in SourceCodester Simple Doctors Appointment System up to 1.0. This issue affects some unknown processing of the file /doctorsappointment/admin/ajax.php?action=savecategory. Such manipulation of the argument img leads to unrestricted upload. The attack may be...

6.5CVSS0.00206EPSS
Exploits0References5
OSV
OSV
•added 2026/03/27 9:16 a.m.•6 views

ALPINE-CVE-2026-24031

Dovecot SQL based authentication can be bypassed when authusernamechars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear authusernamechars. If this is not possible, install latest fixed version. No publicly available exploits...

8.2CVSS5.9AI score0.00395EPSS
Exploits0References1
OSV
OSV
•added 2026/03/27 12:0 a.m.•6 views

UBUNTU-CVE-2026-24031

Dovecot SQL based authentication can be bypassed when authusernamechars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear authusernamechars. If this is not possible, install latest fixed version. No publicly available exploits...

8.2CVSS5.9AI score0.00395EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2026/03/26 3:15 p.m.•9 views

CVE-2026-4473

A vulnerability was detected in itsourcecode Online Doctor Appointment System 1.0. This issue affects some unknown processing of the file /admin/appointmentaction.php. The manipulation of the argument appointmentid results in sql injection. The attack can be launched remotely. The exploit is now...

9.8CVSS5.8AI score0.00321EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/03/26 3:12 p.m.•3 views

CVE-2026-3981

A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctoraction.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made publ...

9.8CVSS6.8AI score0.00379EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/03/26 3:12 p.m.•4 views

CVE-2026-3980

A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patientaction.php. Such manipulation of the argument patientid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to th...

9.8CVSS6.9AI score0.00379EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/03/26 3:10 p.m.•4 views

CVE-2026-1935

The Company Posts for LinkedIn plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.0. This is due to a missing capability check on the linkedincompanypostresethandler function hooked to adminpostresetlinkedincompanypost. This makes it possible for...

4.3CVSS5.8AI score0.00238EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/03/26 3:8 p.m.•4 views

CVE-2026-2917

The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the haduplicatething admin action handler. This is due to the canclone method only checking currentusercan'editposts' a general capability without...

5.4CVSS5.8AI score0.00193EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/03/20 11:25 p.m.•35 views

CVE-2026-3572 iTracker360 <= 2.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'itracker_license' Settings Field

The iTracker360 plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Stored Cross-Site Scripting in all versions up to and including 2.2.0. This is due to missing nonce verification on the settings form submission and insufficient input sanitization combined with missing...

6.1CVSS0.00269EPSS
Exploits0References7
NVD
NVD
•added 2026/03/20 6:16 a.m.•6 views

CVE-2026-4473

A vulnerability was detected in itsourcecode Online Doctor Appointment System 1.0. This issue affects some unknown processing of the file /admin/appointmentaction.php. The manipulation of the argument appointmentid results in sql injection. The attack can be launched remotely. The exploit is now...

9.8CVSS0.00321EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
•added 2026/03/20 5:32 a.m.•3 views

CVE-2026-4473

A vulnerability was detected in itsourcecode Online Doctor Appointment System 1.0. This issue affects some unknown processing of the file /admin/appointmentaction.php. The manipulation of the argument appointmentid results in sql injection. The attack can be launched remotely. The exploit is now...

5.8CVSS5.8AI score0.00321EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
•added 2026/03/20 12:0 a.m.•18 views

PT-2026-26566

A vulnerability was detected in itsourcecode Online Doctor Appointment System 1.0. This issue affects some unknown processing of the file /admin/appointment action.php. The manipulation of the argument appointment id results in sql injection. The attack can be launched remotely. The exploit is no...

5.8CVSS5.8AI score0.00321EPSS
Exploits1References6
CVE
CVE
•added 2026/03/12 12:58 p.m.•9 views

CVE-2026-2513

Progress Flowmon ADS vulnerable in versions prior to 12.5.5 and 13.0.3. An administrator who clicks a malicious link within an authenticated web session may trigger unintended actions, exposing high-severity risk (CVSS 8.6; Network vector, user interaction required). The advisory does not include...

8.6CVSS5.8AI score0.00286EPSS
Exploits0References1
NVD
NVD
•added 2026/03/12 5:16 a.m.•4 views

CVE-2026-3981

A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctoraction.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made publ...

9.8CVSS0.00379EPSS
Exploits1References5
NVD
NVD
•added 2026/03/12 5:16 a.m.•5 views

CVE-2026-3980

A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patientaction.php. Such manipulation of the argument patientid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to th...

9.8CVSS0.00379EPSS
Exploits1References5
Positive Technologies
Positive Technologies
•added 2026/03/12 12:0 a.m.•8 views

PT-2026-24920

🚨 CVE-2026-3981 A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctor action.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit h...

9.8CVSS6.9AI score0.00379EPSS
Exploits1References12
Cvelist
Cvelist
•added 2026/03/11 7:36 a.m.•36 views

CVE-2026-2917 Happy Addons for Elementor <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Duplication via 'post_id' Parameter

The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the haduplicatething admin action handler. This is due to the canclone method only checking currentusercan'editposts' a general capability without...

5.4CVSS0.00193EPSS
Exploits0References6
CVE
CVE
•added 2026/03/11 7:36 a.m.•17 views

CVE-2026-2917

CVE-2026-2917 (Happy Addons for Elementor, WordPress) is an Insecure Direct Object Reference vulnerability affecting all versions up to 3.21.0. The root cause is the can_clone() check only enforcing a general capability (current_user_can('edit_posts')) and an action nonce bound to the generic ha_...

5.4CVSS5.8AI score0.00193EPSS
Exploits0References6
Rows per page
Query Builder