Lucene search
K

377 matches found

Nuclei
Nuclei
added 11 hours ago51 views

Download Monitor < 4.4.5 - SQL Injection

The Download Monitor plugin for WordPress is vulnerable to SQL injection via the 'orderby' parameter in versions before 4.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attacker...

7.2CVSS7AI score0.17484EPSS
Exploits5References3
NVD
NVD
added 3 days ago6 views

CVE-2026-12918

The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to generic SQL Injection via the 'recipients' parameter in all versions up to, and including, 1.24.1 due to insufficient escaping on the user supplied parameter and lack of...

4.9CVSS0.00319EPSS
Exploits0References6
CVE
CVE
added 4 days ago7 views

CVE-2026-13080

The CVE concerns the WordPress plugin WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell . It is vulnerable to Local File Inclusion (LFI) in all versions up to and including 3.12.7 via the logKey parameter. The issue can be exploited by an attacker with at least administr...

6.6CVSS6.5AI score0.0071EPSS
Exploits0References10
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42076

NocoBase through 2.1.20 contains a server-side request forgery vulnerability in the serverRequest wrapper that allows authenticated administrators to issue arbitrary outbound HTTP requests by supplying malicious URLs to workflow request nodes, custom request action buttons, or the AI plugin...

5.5CVSS6.1AI score0.002EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/01 12:34 a.m.9 views

EUVD-2026-40441

Capgo before 12.128.2 contains a server-side validation bypass vulnerability in organization security settings that allows authenticated org admins to persist invalid security policy state. Attackers can bypass backend validation by directly updating the public.orgs table from the browser,...

5.3CVSS5.8AI score0.00234EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.25 views

CVE-2026-56333 Capgo - Server-Side Validation Bypass via Direct Browser-Side Organization Security Settings Updates

Capgo before 12.128.2 contains a server-side validation bypass vulnerability in organization security settings that allows authenticated org admins to persist invalid security policy state. Attackers can bypass backend validation by directly updating the public.orgs table from the browser,...

5.3CVSS0.00234EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:19 p.m.9 views

CVE-2026-11975

Stored cross-site scripting XSS in NewsItemApiController In SimplCommerce prior to commit 6142d3b5 allows an authenticated administrator to execute arbitrary JavaScript via the ShortContent and FullContent fields, which are stored without HTML sanitization and rendered unencoded via @Html.Raw...

6.2CVSS0.00256EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 12:0 p.m.9 views

EUVD-2016-10880

WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in...

5.3CVSS5.2AI score0.00116EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

Palo Alto Networks PAN-OS 跨站脚本漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. Palo Alto Networks PAN-OS has a cross-site scripting vulnerability. This vulnerability stems from cross-site scripting, and it could allow malicious authenticated administrators to use the w...

4.8CVSS5AI score0.00213EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Palo Alto Networks PAN-OS 操作系统命令注入漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. Palo Alto Networks PAN-OS has a vulnerability related to command injection. This vulnerability arises from command injections, which may allow authenticated administrators to bypass system...

8.6CVSS5.8AI score0.01187EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:16 p.m.12 views

CVE-2026-0417

Insufficient input validation vulnerability in the listed NETGEAR devices allows authenticated administrators connected to the local network to tamper with the router's integrity...

6.8CVSS0.00229EPSS
Exploits0References28
NVD
NVD
added 2026/06/09 5:16 p.m.11 views

CVE-2026-0418

Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper with the system...

6.8CVSS0.00245EPSS
Exploits0References36
CVE
CVE
added 2026/06/09 3:41 p.m.23 views

CVE-2026-0410

CVE-2026-0410 affects certain NETGEAR routers. The issue is insufficient input validation that allows authenticated administrators on the local network to gain elevated access and make unauthorized changes to router software and functionality. The provided documents describe the affected conditio...

5.7CVSS5.5AI score0.00219EPSS
Exploits0References20Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-47818

Name of the Vulnerable Software and Affected Versions NETGEAR affected versions not specified Description A buffer overflow occurs due to insufficient input validation of buffers. This allows authenticated administrators connected to the local network to make unauthorized modifications to the...

6.8CVSS5.5AI score0.00323EPSS
Exploits0References19
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

NETGEAR Routers 输入验证错误漏洞

NETGEAR Routers are a series of routers produced by NETGEAR, a company in the United States. NETGEAR Routers have a vulnerability related to input validation. This vulnerability stems from insufficient input validation, which may allow administrators who have passed authentication to make...

7.1CVSS5.4AI score0.00216EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

TP-Link Archer MR600 操作系统命令注入漏洞

The TP-Link Archer MR600 is a wireless router produced by TP-Link Corporation. The TP-Link Archer MR600 v5 version has a vulnerability related to operating system command injection. This vulnerability stems from improper handling of user-controlled inputs in the web management interface, leading ...

8.5CVSS5.9AI score0.00907EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.16 views

PT-2026-47296

QloApps through 1.7.0 contains a stored cross-site scripting vulnerability in the admin file manager that allows authenticated administrators to inject malicious JavaScript by uploading crafted SVG files. Attackers can embed JavaScript event handlers such as onload within SVG files uploaded throu...

4.8CVSS5.5AI score0.0023EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/07 8:59 a.m.17 views

CVE-2026-7566

The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP...

6.6CVSS5.9AI score0.0045EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/06 2:28 a.m.13 views

CVE-2026-8978

The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

4.9CVSS5.8AI score0.00259EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/05 11:28 p.m.10 views

CVE-2026-6448 Quiz and Survey Master (QSM) <= 11.1.2 - Authenticated (Admin+) SQL Injection via 'order' and 'limit' Parameters

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' parameter in all versions up to, and including, 11.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

4.9CVSS5.7AI score0.00352EPSS
Exploits0References12
Rows per page
Query Builder