Lucene search
K

2529 matches found

Nuclei
Nuclei
added yesterday20 views

Formidable Form Builder < 2.05.03 - Unauthenticated Information Disclosure

The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frmformspreview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form. id: CVE-2017-20194 info...

5.3CVSS6.1AI score0.01098EPSS
Exploits1References3
NVD
NVD
added 3 days ago7 views

CVE-2026-12103

The Wallet for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.6.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.00286EPSS
Exploits0References10
CVE
CVE
added 3 days ago11 views

CVE-2026-12103

CVE-2026-12103 affects the Wallet for WooCommerce WordPress plugin (

4.3CVSS6.2AI score0.00286EPSS
Exploits0References10
NVD
NVD
added 3 days ago7 views

CVE-2026-3552

The SurfLink - Ultimate Link Manager plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the ajaximport410 function in all versions up to 2.6.0. This is due to a missing capability check currentusercan and missing nonce verification...

4.3CVSS0.00213EPSS
Exploits0References8
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43134

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.4.12. This is due to missing capability checks and nonce verification on AJAX actions registered under both wpajax and wpajaxnopriv hooks, as the base...

5.3CVSS6.1AI score0.00297EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 3 days ago11 views

PT-2026-57398

Name of the Vulnerable Software and Affected Versions AI Chatbot & Workflow Automation by AIWU versions prior to 1.4.13 Description The plugin contains a missing authorization flaw resulting from the absence of capability checks and nonce verification on AJAX actions registered under wp ajax and ...

5.3CVSS6.1AI score0.00297EPSS
Exploits0References15
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-9857 Invoice123 <= 1.7.0 - Missing Authorization to Authenticated (Subscriber+) Setting Modification via s123_submit_api_key & s123_submit_invoice_settings AJAX actions

The Invoice123 plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access...

4.3CVSS0.00288EPSS
Exploits0References12
NVD
NVD
added 4 days ago7 views

CVE-2026-1946

The GW AI Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gwaiwebugravitywritedisconnecthandler function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with...

4.3CVSS0.00222EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-9838 ICS Calendar <= 12.0.9 - Reflected Cross-Site Scripting via 'htmltagtitle' Parameter

The ICS Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'htmltagtitle' parameter in all versions up to, and including, 12.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS0.00296EPSS
Exploits0References10
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-12276 LA-Studio Element Kit for Elementor < 1.6.1 - Unauthenticated Open Registration

The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has...

0.00182EPSS
Exploits0References1
Fedora
Fedora
added 4 days ago7 views

[SECURITY] Fedora 44 Update: c-ares-1.34.7-1.fc44

c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...

5.9AI score
Exploits0
EUVD
EUVD
added 6 days ago10 views

EUVD-2026-42161

The Widget Logic Visual plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.52 via the widgetlogicvisualcheckvisibility function. This is due to missing capability check and nonce verification on the widget-logic-update-conditional-tags AJAX action...

8.8CVSS6.3AI score0.00516EPSS
Exploits0References4
NVD
NVD
added 2026/07/06 9:16 p.m.7 views

CVE-2026-25271

Memory Corruption when processing asynchronous input parameters due to improper handling of modified values between check and use...

7.8CVSS0.00052EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 8:9 p.m.4 views

EUVD-2026-41933

Memory Corruption when processing asynchronous input parameters due to improper handling of modified values between check and use...

7.8CVSS6AI score0.00052EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 8:9 p.m.34 views

CVE-2026-25271 Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Service

Memory Corruption when processing asynchronous input parameters due to improper handling of modified values between check and use...

7.8CVSS0.00052EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 8:9 p.m.12 views

CVE-2026-25271

The CVE describes a TOCTOU race condition in Qualcomm DSP Service causing memory corruption when processing asynchronous input parameters due to improper handling of modified values between check and use. Affected component: DSP Service (Qualcomm). Root cause: TOCTOU under asynchronous input para...

7.8CVSS6AI score0.00052EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-55995

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description Memory corruption occurs when processing asynchronous input parameters. This is caused by a Time-of-Check to Time-of-Use TOCTOU race condition, where values are...

7.8CVSS6.1AI score0.00052EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/02 7:49 p.m.16 views

EUVD-2026-33280

Mautic has Stored Cross-Site Scripting XSS in Project Option Selector...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/02 7:17 p.m.6 views

CVE-2026-53358

A flaw was found in the Linux kernel's Bluetooth L2CAP Logical Link Control and Adaptation Protocol implementation. This vulnerability arises from an incorrect order of acquiring locks during channel cleanup, which could lead to a race condition. This issue could potentially cause instability or...

5.5CVSS5.8AI score0.00165EPSS
Exploits0References4
OSV
OSV
added 2026/07/02 3:17 p.m.4 views

UBUNTU-CVE-2026-53358

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: use chan timer to close channels in cleanuplisten l2capchanclose removes the channel from conn-chanl, which must be done under conn-lock. cleanuplisten runs under the parent sklock, so acquiring conn-lock would...

5.8AI score0.00165EPSS
Exploits0References11
Rows per page
Query Builder