Lucene search
+L

10198 matches found

CVE
CVE
added 2 days ago6 views

CVE-2026-13754

The affected product is the Tickera – Sell Tickets & Manage Events plugin for WordPress. Affected component: the plugin’s SQL handling exposed by the parameter s, enabling a generic SQL Injection in all versions up to and including 3.6.0.0 due to insufficient escaping of user input and inadequate...

6.5CVSS6.1AI score0.00249EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-15022 Tutor LMS <= 4.0.0 - Authenticated (Subscriber+) SQL Injection via Stored Quiz Answer Array

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to generic SQL Injection via Stored Quiz Answer Array in all versions up to, and including, 4.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

6.5CVSS0.00341EPSS
Exploits0References13
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-13754 Tickera <= 3.6.0.0 - Authenticated (Staff+) SQL Injection via 's' Parameter

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 3.6.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

6.5CVSS0.00249EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago37 views

CVE-2026-13767 Quiz and Survey Master (QSM) <= 11.2.0 - Authenticated (Custom+) SQL Injection via 'pages' Parameter

The Quiz Master Next plugin for WordPress is vulnerable to SQL Injection via stored quiz page data in versions up to, and including, 11.2.0. This is due to insufficient escaping on the user-supplied 'pages' parameter persisted by the qsmajaxsavepages AJAX handler sanitizetextfield only and lack o...

6.5CVSS0.00249EPSS
Exploits0References5
CVE
CVE
added 2 days ago11 views

CVE-2026-15099

The CVE-2026-15099 instance concerns the Delicious Recipes WordPress plugin (

6.4CVSS6.2AI score0.00193EPSS
Exploits0References5
ICS
ICS
added 2 days ago5 views

SALTO ProAccess Space

ADVISORY SUMMARY Successful exploitation of this vulnerability allows an authenticated attacker to escalate privileges and access spaces outside their assigned partition, within the same Salto ProAccess Space installation or system. Exploitation requires valid authenticated operator credentials...

7.1CVSS6AI score0.00192EPSS
Exploits0References11
NVD
NVD
added 2 days ago9 views

CVE-2026-14987

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'twittermessage' Sequoia Template Setting in all versions up to, and including, 4.16.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00206EPSS
Exploits0References8
NVD
NVD
added 3 days ago9 views

CVE-2026-62312

9Router is an AI router & token saver. Prior to 0.5.2, 9Router allows a remote authenticated attacker to achieve arbitrary code execution on the host operating system by combining a Host header bypass of localhost-only routes with unvalidated MCP plugin args passed to childprocess.spawn, allowing...

8.8CVSS0.00719EPSS
Exploits0References3
CVE
CVE
added 3 days ago9 views

CVE-2026-62312

CVE-2026-62312 affects 9Router, an AI router & token saver. Before v0.5.2, an authenticated remote attacker can achieve arbitrary code execution on the host by abusing a Host header bypass of localhost-only routes in combination with unvalidated MCP plugin arguments passed to child_process.spawn(...

8.8CVSS6.5AI score0.00719EPSS
Exploits0References3
CVE
CVE
added 3 days ago8 views

CVE-2026-49867

DataEase (open source data visualization tool) contains an authenticated stored XSS in template static resources prior to version 2.10.23. The flaw occurs when authenticated users submit TemplateManageRequest.staticResource via POST /de2api/templateManage/save or via DataVisualizationServer.decom...

6.3CVSS6.1AI score0.00269EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-49867 DataEase: Authenticated Stored XSS in DataEase Template Static Resources

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase template static resources let authenticated users submit TemplateManageRequest.staticResource through POST /de2api/templateManage/save or DataVisualizationServer.decompression, after which...

6.3CVSS0.00269EPSS
Exploits0References3
CVE
CVE
added 3 days ago10 views

CVE-2026-45320

DataEase (open source data visualization/analysis tool) is affected by an SQL injection in dashboard variables. Prior to version 2.10.23, dashboard SQL variables (e.g., ${deptId}) are processed by SqlparserUtils.transFilter(), whose final branch returns raw user input for non-in and non-between o...

8.7CVSS6.1AI score0.00269EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago37 views

CVE-2026-20146 Cisco Identity Services Engine Path Traversal Vulnerability

A vulnerability in Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system to either read or delete arbitrary files. To exploit this vulnerability, the...

5.5CVSS0.0034EPSS
Exploits0References1
CVE
CVE
added 3 days ago7 views

CVE-2026-45806

Penpot before 2.15.0 vulnerable to authenticated SSRF in remote image import. The flow passes a user-controlled URL from frontend to the backend RPC method create-file-media-object-from-url, where media/download-image uses a shared HTTP client without destination filtering, allowing an authentica...

7.7CVSS6.2AI score0.00354EPSS
Exploits1References2
Cvelist
Cvelist
added 3 days ago39 views

CVE-2026-55723 NGINX Ingress Controller vulnerability

When NGINX Ingress Controller is configured with Custom Resource Definitions CRDs or Ingress annotations, an injection vulnerability exists in the configuration generator of NGINX Ingress Controller. Multiple user-controllable fields are written into the generated NGINX configuration without...

8.7CVSS0.00293EPSS
Exploits0References1
CVE
CVE
added 3 days ago41 views

CVE-2026-55723

CVE-2026-55723 betreft een injection kwetsbaarheid in de configuratie generator van de NGINX Ingress Controller. Bij configuratie via CRDs of Ingress-annotaties worden meerdere door de gebruiker beheerde velden in de gegenereerde NGINX-configuratie geschreven zonder sanering. Een geautoriseerde b...

8.7CVSS6.2AI score0.00293EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-15804 MetaGuru|HCM - SQL Injection

The HCM developed by MetaGuru has a SQL Injection vulnerability. Authenticated remote attackers can inject SQL commands via specific parameters, thereby compromising the confidentiality, integrity, and availability of database data...

8.8CVSS0.00302EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 3 days ago8 views

PT-2026-60323

Name of the Vulnerable Software and Affected Versions Wekan versions prior to 9.35 Description The cloneBoard Meteor method in models/import.js fails to invoke the canExport function or verify membership of the source board when using the sourceBoardId variable. This allows an authenticated user...

6.5CVSS6.1AI score0.00231EPSS
Exploits0References5
CVE
CVE
added 4 days ago7 views

CVE-2026-61520

The CVE-2026-61520 entry documents a server-side request forgery in Simple Machines Forum (SMF) image proxy. Affected versions are SMF 2.1 prior to commit 4bf35cf and SMF 3.0 prior to commit b4d23df. The vulnerability allows authenticated attackers to trigger internal HTTP requests by embedding a...

7.7CVSS6.1AI score0.00251EPSS
Exploits0References3
CVE
CVE
added 4 days ago7 views

CVE-2026-62659

CVE-2026-62659 affects the NETGEAR WAX333 Access Point. The issue enables someone who is already logged in and on the same local network to make unauthorized changes to the device’s settings. The CVSS details show an adjacent attack vector, low attack complexity, high privileges required, and no ...

6.8CVSS6.1AI score0.00195EPSS
Exploits0References2
Rows per page
Query Builder