Lucene search
K

6207 matches found

Positive Technologies
Positive Technologies
added 2026/02/15 12:0 a.m.7 views

PT-2026-8250

Name of the Vulnerable Software and Affected Versions eNet SMART HOME server versions 2.2.1 and 2.3.1 Description The eNet SMART HOME server is affected by a default credentials issue. The server ships with default credentials 'user:user', 'admin:admin' that remain active after installation and...

9.8CVSS5.4AI score0.00652EPSS
Exploits2References11
ATTACKERKB
ATTACKERKB
added 2026/02/14 8:26 a.m.6 views

CVE-2026-1258

The Mail Mint plugin for WordPress is vulnerable to blind SQL Injection via the 'forms', 'automation', 'email/templates', and 'contacts/import/tutorlms/map' API endpoints in all versions up to, and including, 1.19.2 . This is due to insufficient escaping on the user supplied 'order-by',...

4.9CVSS5.9AI score0.00351EPSS
Exploits0References6
NVD
NVD
added 2026/02/14 7:16 a.m.35 views

CVE-2026-0693

The Allow HTML in Category Descriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via category descriptions in all versions up to, and including, 1.2.4. This is due to the plugin unconditionally removing the wpksesdata output filter for termdescription, linkdescription,...

4.4CVSS0.00237EPSS
Exploits0References3
NVD
NVD
added 2026/02/14 7:16 a.m.18 views

CVE-2026-0735

The User Language Switch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tabcolorpickerlanguageswitch' parameter in all versions up to, and including, 1.6.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS0.00237EPSS
Exploits0References3
NVD
NVD
added 2026/02/14 7:16 a.m.13 views

CVE-2025-15483

The Link Hopper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hopname’ parameter in all versions up to, and including, 2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, ...

4.4CVSS0.00206EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/14 6:42 a.m.36 views

CVE-2026-0735 User Language Switch <= 1.6.10 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'tab_color_picker_language_switch' Parameter

The User Language Switch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tabcolorpickerlanguageswitch' parameter in all versions up to, and including, 1.6.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS0.00237EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/14 6:42 a.m.4 views

CVE-2026-0693

The Allow HTML in Category Descriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via category descriptions in all versions up to, and including, 1.2.4. This is due to the plugin unconditionally removing the wpksesdata output filter for termdescription, linkdescription,...

4.4CVSS5.7AI score0.00237EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.9 views

PT-2026-8054

The AMP Enhancer – Compatibility Layer for Official AMP Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AMP Custom CSS setting in all versions up to, and including, 1.0.49 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

4.4CVSS5.7AI score0.00202EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.10 views

PT-2026-8099

The Mail Mint plugin for WordPress is vulnerable to blind SQL Injection via the 'forms', 'automation', 'email/templates', and 'contacts/import/tutorlms/map' API endpoints in all versions up to, and including, 1.19.2 . This is due to insufficient escaping on the user supplied 'order-by',...

4.9CVSS5.9AI score0.00351EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.8 views

PT-2026-8060

The Link Hopper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hop name’ parameter in all versions up to, and including, 2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access,...

4.4CVSS5.7AI score0.00206EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/14 12:0 a.m.9 views

WordPress plugin BFG Tools – Extension Zipper 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.9CVSS5.8AI score0.0035EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.9 views

PT-2026-8065

The User Language Switch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tab color picker language switch' parameter in all versions up to, and including, 1.6.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS5.6AI score0.00237EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/13 7:22 a.m.10 views

CVE-2025-14892

The Prime Listing Manager WordPress plugin through 1.1 allows an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions due to a hardcoded secret...

9.8CVSS5.4AI score0.00366EPSS
Exploits0References1
CVE
CVE
added 2026/02/12 7:2 p.m.12 views

CVE-2019-25344

Wondershare MobileGo 8.5.0 is affected by an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace MobileGo.exe with a malicious executable to create a new user account and add it to the Administrators group,...

8.5CVSS5.5AI score0.00162EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/02/12 7:2 p.m.28 views

CVE-2019-25344 MobileGo 8.5.0 - Insecure File Permissions

Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace the original MobileGo.exe with a malicious executable to create a new user account and add it to the Administrators...

8.5CVSS0.00162EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/02/12 1:43 p.m.8 views

CVE-2025-58466

A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to denial of service conditions, or modify control flow in unexpected ways. We have alread...

5.1CVSS5.7AI score0.00503EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/12 1:43 p.m.6 views

CVE-2025-58471

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of...

5.1CVSS5.6AI score0.00469EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/12 1:43 p.m.6 views

CVE-2025-57710

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of...

6.9CVSS5.6AI score0.00469EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/12 1:43 p.m.7 views

CVE-2025-47205

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

5.1CVSS5.6AI score0.0041EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/02/12 12:40 p.m.217 views

Exploit for CVE-2026-1729

CVE-2026-1729 - AdForest WordPress Authentication Bypass PoC...

9.8CVSS5.4AI score0.00581EPSS
Exploits1
Rows per page
Query Builder