Lucene search
K

707 matches found

CVE
CVE
added 2026/07/03 4:30 a.m.18 views

CVE-2026-8892

CVE-2026-8892 affects the CM Business Directory plugin for WordPress (versions up to and including 1.5.7). The vulnerability is a Stored Cross-Site Scripting (XSS) via the Business Address Meta Fields, caused by insufficient input sanitization and output escaping. Authenticated attackers with con...

6.4CVSS5.9AI score0.00212EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/03 4:30 a.m.41 views

CVE-2026-8892 CM Business Directory <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Business Address Meta Fields

The CM Business Directory – Optimise and showcase local business plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Business Address Meta Fields in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00212EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/03 4:30 a.m.9 views

CVE-2026-8892

The CM Business Directory – Optimise and showcase local business plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Business Address Meta Fields in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.9AI score0.00212EPSS
Exploits0References8
The Hacker News
The Hacker News
added 2026/06/24 6:50 a.m.10 views

Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root

Threat actors have begun to exploit a recently disclosed critical security flaw impacting Cisco Unified Communications Manager Unified CM and Unified Communications Manager Session Management Edition Unified CM SME. The vulnerability, tracked as CVE-2026-20230 CVSS score: 8.6, is a case of improp...

8.6CVSS7.7AI score0.41694EPSS
Exploits3
GithubExploit
GithubExploit
added 2026/06/12 7:47 p.m.164 views

Exploit for CVE-2026-20230

CVE-2026-20230 Scanner A Python-based scanner and validation...

8.6CVSS5.9AI score0.41694EPSS
Exploits3
OSV
OSV
added 2026/06/06 4:6 a.m.5 views

MINI-J7R8-65CM-RJ3F

Bulletin has no description...

6.1CVSS5.2AI score0.00188EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.12 views

CVE-2026-9236

The CM Ad Changer – A simple tool to control and optimize your site's banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the cmaccampaignsaction function. This makes it...

4.3CVSS5.5AI score0.00128EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 4:28 a.m.12 views

CVE-2026-9236 CM Ad Changer <= 2.0.7 - Cross-Site Request Forgery to Campaign Deletion via Campaign Management

The CM Ad Changer – A simple tool to control and optimize your site's banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the cmaccampaignsaction function. This makes it...

4.3CVSS5.9AI score0.00128EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/27 4:28 a.m.12 views

EUVD-2026-32051

The CM Ad Changer – A simple tool to control and optimize your site's banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the cmaccampaignsaction function. This makes it...

4.3CVSS5.9AI score0.00128EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/05/27 12:0 a.m.16 views

CVE-2026-45925

thermal/of: Fix reference leak in thermalofcmlookup...

5.8AI score0.00155EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.20 views

WordPress plugin CM Ad Changer 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00128EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.17 views

PT-2026-43495

The CM Ad Changer – A simple tool to control and optimize your site's banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the cmac campaigns action function. This makes it...

4.3CVSS5.9AI score0.00128EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.28 views

PT-2026-43792

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A reference leak occurs in the thermal of cm lookup function. The tr np variable is obtained through of parse phandle but is not released, leading to a memory leak. Recommendations At th...

5.5CVSS5.4AI score0.00155EPSS
Exploits0References14
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: Destroy the cmid before destroying the qp to avoid using it after freeing it. We should always destroy the cmid before destroying the qp to prevent accessing the cma after the qp is destroyed. This can lead to incorrec...

9.8CVSS5.7AI score0.01166EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: ACPI: custommethod – fixed a potential use-after-free issue. In the cmwrite function, the buffer is always freed when it reaches the end of the function. If the requested count is less than table.length, the allocated buffer will...

7.8CVSS5.7AI score0.0023EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.7 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010725)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010725 advisory. A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when...

2.3CVSS6.7AI score0.00199EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/13 1:40 p.m.6 views

CVE-2026-31425

In the Linux kernel, the following vulnerability has been resolved: rds: ib: reject FRMR registration before IB connection is established rdsibgetmr extracts the rdsibconnection from conn-ctransportdata and passes it to rdsibregfrmr for FRWR memory registration. On a fresh outgoing connection, ic...

5.5AI score0.00114EPSS
Exploits0References9Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.4 views

CVE-2026-2432

The CM Custom Reports – Flexible reporting to track what matters most plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

4.4CVSS5.9AI score0.00244EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/20 9:32 a.m.5 views

EUVD-2026-13637

The CM Custom Reports – Flexible reporting to track what matters most plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

4.4CVSS5.9AI score0.00244EPSS
Exploits0References5
NVD
NVD
added 2026/03/20 9:16 a.m.4 views

CVE-2026-2432

The CM Custom Reports – Flexible reporting to track what matters most plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

4.4CVSS0.00244EPSS
Exploits0References4
Rows per page
Query Builder