Lucene search
K

24152 matches found

NVD
NVD
added 6 hours ago2 views

CVE-2026-27412

Unauthenticated Local File Inclusion in Pearl - Corporate Business = 3.4.10 versions...

8.1CVSS
Exploits0References1
CVE
CVE
added 7 hours ago6 views

CVE-2026-27436

The CVE covers WordPress plugin Five Star Business Profile and Schema (versions

9.1CVSS5.9AI score
Exploits0References1
CVE
CVE
added 7 hours ago4 views

CVE-2026-27412

Affected software: WordPress Pearl – Corporate Business theme (versions <= 3.4.10). Vulnerability: Local File Inclusion (LFI) that is unauthenticated. Root cause/tech details: Unauthenticated LFI present in Pearl – Corporate Business

8.1CVSS5.8AI score
Exploits0References1
Nuclei
Nuclei
added 8 hours ago140 views

Oracle Business Intelligence Publisher - XML External Entity Injection

Oracle Business Intelligence Publisher is vulnerable to an XML external entity injection attack. The supported versions affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise BI Publishe...

7.2CVSS7.1AI score0.05238EPSS
Exploits0References5
Nuclei
Nuclei
added 8 hours ago280 views

Oracle E-Business Suite <=12.2 - Authentication Bypass

Oracle E-Business Suite component: Manage Proxies 12.1 and 12.2 are susceptible to an easily exploitable vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise it by self-registering for an account. Successful attacks of this vulnerability can result in...

7.5CVSS7.1AI score0.70589EPSS
Exploits1References5
Nuclei
Nuclei
added 8 hours ago8 views

Dyn Business Panel Plugin <= 1.0.0 - Cross-Site Scripting

Dyn Business Panel WordPress plugin = 1.0.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter in output, letting attackers execute scripts in the context of high privilege users, exploit requires victim to click a malicious link. id: CVE-2024-130...

7.1CVSS7.2AI score0.00522EPSS
Exploits1References2
Nuclei
Nuclei
added 8 hours ago51 views

Oracle Business Intelligence - Path Traversal

Oracle Business Intelligence versions 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0 are vulnerable to path traversal in the BI Publisher formerly XML Publisher component of Oracle Fusion Middleware subcomponent: BI Publisher Security. id: CVE-2019-2588 info: name: Oracle Business Intelligence - Path...

4.9CVSS6.1AI score0.37099EPSS
Exploits4References5
Nuclei
Nuclei
added 8 hours ago52 views

Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect

The Oracle Applications Framework component of Oracle E-Business Suite subcomponent: Popup windows lists of values, datepicker, etc. is impacted by open redirect issues in versions 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. These easily exploitable vulnerabilities allow unauthenticated attackers...

5.8CVSS6.3AI score0.14558EPSS
Exploits4References5
Nuclei
Nuclei
added 8 hours ago48 views

Business Directory Plugin <= 6.4.2 - SQL Injection

The Business Directory Plugin Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

9.8CVSS5.8AI score0.10272EPSS
Exploits1References4
Nuclei
Nuclei
added 8 hours ago128 views

SAP Web Application Server 6.x/7.0 - Open Redirect

frameset.htm in the BSP runtime in SAP Web Application Server WAS 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter. id: CVE-2005-3634 info: name: SAP Web...

5CVSS6AI score0.19378EPSS
Exploits1References6
Nuclei
Nuclei
added 8 hours ago28 views

PHPJabbers Cleaning Business 1.0 - Cross-Site Scripting

The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials. id: CVE-2023-4115 info: name: PHPJabbers Cleaning Business 1.0 - Cross-Site Scripting author:...

6.1CVSS5.9AI score0.05177EPSS
Exploits4References5
Patchstack
Patchstack
added yesterday8 views

WordPress WP-BusinessDirectory – Business directory plugin for WordPress plugin <= 4.0.1 - Unauthenticated Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin WP-BusinessDirectory versions = 4.0.1...

9.1CVSS5.8AI score0.00409EPSS
Exploits0References1Affected Software1
NVD
NVD
added yesterday8 views

CVE-2026-6070

The WP-BusinessDirectory plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Deletion in versions up to and including 4.0.1. This is due to insufficient path validation in the remove method of the JBusinessDirectoryControllerUpload class. The task=upload.remove endpoint is...

9.1CVSS0.00409EPSS
Exploits0References5
CVE
CVE
added yesterday10 views

CVE-2026-6070

The WP-BusinessDirectory WordPress plugin (versions up to and including 4.0.1) is vulnerable to unauthenticated arbitrary file deletion via path traversal. The issue stems from insufficient path validation in the remove() method of JBusinessDirectoryControllerUpload. The task=upload.remove endpoi...

9.1CVSS5.8AI score0.00409EPSS
Exploits0References5
NVD
NVD
added 2 days ago5 views

CVE-2026-13449

IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

7.6CVSS0.00387EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-13449 XXE attack in IBM Business Automation Manager Open Editions

IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

7.6CVSS0.00387EPSS
Exploits0References1
Patchstack
Patchstack
added 2 days ago2 views

WordPress Five Star Business Profile and Schema plugin <= 2.3.19 - Arbitrary Code Execution vulnerability

Arbitrary Code Execution vulnerability discovered by daroo in WordPress Plugin Five Star Business Profile and Schema versions = 2.3.19...

9.1CVSS5.9AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2 days ago3 views

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed in IBM Business Automation Manager Open Editions 9.5.0 Vulnerability Details CVEID:CVE-2026-13449 DESCRIPTION: IBM Business Automation Manager Open Editions is vulnerable t...

7.6CVSS5.8AI score0.00387EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2 days ago6 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager and IBM Tivoli Netcool Impact

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager and IBM Tivoli Netcool Impact. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details...

9.8CVSS7.1AI score0.00864EPSS
Exploits1Affected Software1
The Hacker News
The Hacker News
added 2 days ago9 views

Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild

A critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber. The vulnerability, tracked as CVE-2026-46817 CVSS score: 9.8, refers to an improper privilege management and authentication flaw in Oracle Payments that could be...

9.8CVSS6AI score0.00677EPSS
Exploits2
Rows per page
Query Builder