Lucene search
K

419 matches found

NVD
NVD
added 2026/02/18 7:16 a.m.11 views

CVE-2026-2019

The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page' field which is passed directly to the eval function. This makes it possible for authenticated...

7.2CVSS0.00481EPSS
Exploits0References4
CVE
CVE
added 2026/02/18 6:42 a.m.28 views

CVE-2026-2019

CVE-2026-2019 concerns the Cart All In One For WooCommerce WordPress plugin (versions

7.2CVSS6.2AI score0.00481EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/18 6:42 a.m.12 views

CVE-2026-2019

The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page' field which is passed directly to the eval function. This makes it possible for authenticated...

7.2CVSS6.2AI score0.00481EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/18 6:42 a.m.4 views

CVE-2026-2019 Cart All In One For WooCommerce <= 1.1.21 - Authenticated (Administrator+) Code Injection via 'sc_assign_page' Setting

The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page' field which is passed directly to the eval function. This makes it possible for authenticated...

7.2CVSS6.2AI score0.00481EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.14 views

PT-2026-20296

Name of the Vulnerable Software and Affected Versions Cart All In One For WooCommerce versions prior to 1.1.22 Description The Cart All In One For WooCommerce plugin for WordPress is susceptible to code execution. This occurs because of inadequate input validation on the 'Assign page' field, whic...

7.2CVSS6AI score0.00481EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.11 views

WordPress plugin Cart All In One For WooCommerce 注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension that can ...

7.2CVSS5.9AI score0.00481EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/29 9:33 p.m.5 views

CVE-2026-25040 Budibase Vulnerable to Privilege Escalation via API Abuse – Creator Can Invite Users with Admin/Any Role

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions up to and including 3.26.3, a Creator-level user, who normally has no UI permission to invite users, can manipulate API requests to invite new users with any role, including Admin, Creator, or Ap...

7.1CVSS5.5AI score0.00523EPSS
Exploits1References3
Microsoft CVE
Microsoft CVE
added 2026/01/16 9:2 a.m.5 views

clk: samsung: exynos-clkout: Assign .num before accessing .hws

...

7.8CVSS5.4AI score0.00122EPSS
Exploits0
OSV
OSV
added 2026/01/14 5:54 p.m.6 views

DRUPAL-CONTRIB-2026-002

This module allows site administrators to grant specific roles the authority to assign selected roles to users, without them needing the "administer permissions" permission. The module contains an access bypass vulnerability when used in combination with the Views Bulk Operations module. A user...

8.8CVSS6.6AI score0.00221EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:48 a.m.8 views

CVE-2025-23582

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Haider Ali Bulk Categories Assign bulk-categories-assign allows Reflected XSS.This issue affects Bulk Categories Assign: from n/a through = 1.0...

7.1CVSS7.2AI score0.00303EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/04 3:31 p.m.5 views

EUVD-2025-201228

In the Linux kernel, the following vulnerability has been resolved: vsock: fix lock inversion in vsockassigntransport Syzbot reported a potential lock inversion deadlock between vsockregistermutex and sklock-AFVSOCK when vsocklinger is called. The issue was introduced by commit 687aa0c5581b "vsoc...

5.9AI score0.00179EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a lock reversal issue in vsockassigntransport, which could lead to a deadlock...

6AI score0.00179EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2025/11/14 11:34 p.m.3 views

CVE-2025-64307

The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes...

7.1CVSS5.8AI score0.00233EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/11/11 8:21 a.m.6 views

kernel: wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev()

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix read pointer after free in ath12kmacassignviftovdev In ath12kmacassignviftovdev, if arvif is created on a different radio, it gets deleted from that radio through a call to ath12kmacunassignlinkvif. This action...

7.8CVSS6.8AI score0.0022EPSS
Exploits0References5
Veracode
Veracode
added 2025/11/10 5:14 a.m.8 views

Prototype Pollution

ts-fns is vulnerable to Prototype Pollution. The vulnerability is due to insufficient validation of user-supplied keys in the assign function, which allows an attacker to modify the Object.prototype chain and inject arbitrary properties, potentially leading to application crashes, unexpected...

6.5CVSS6.8AI score0.004EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/21 12:0 a.m.5 views

PT-2025-49058

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to a lock inversion deadlock between vsock register mutex and sk lock-AF VSOCK when the vsock linger function is called. This issue stemmed from ...

4.4CVSS7.4AI score0.00179EPSS
Exploits0
OSV
OSV
added 2025/10/13 9:15 p.m.10 views

CVE-2025-62252

Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote authenticated users in o...

4.3CVSS6.7AI score0.00248EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/10/08 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2023-53585

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bpf: reject unhashed sockets in bpfskassign The semantics for bpfskassign are as follows: sk...

5.5CVSS6.1AI score0.00147EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-23122

Malware in sbrugna...

7.5CVSS7.4AI score0.02696EPSS
Exploits4References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.17 views

EUVD-2019-0624

Malware in sbrugna...

7.5CVSS7.5AI score0.01142EPSS
Exploits1References7
Rows per page
Query Builder