Lucene search
+L

1254 matches found

Nuclei
Nuclei
added yesterday9 views

Cost Calculator Builder <= 3.2.15 - SQL Injection

The Cost Calculator Builder plugin for WordPress is vulnerable to SQL Injection via discount codes in versions up to, and including, 3.2.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

9.8CVSS5.7AI score0.02002EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday83 views

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS5.2AI score0.01331EPSS
Exploits1References2
NVD
NVD
added 2 days ago8 views

CVE-2026-59694

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to inflate the fee-payer's gas cost per payment by a large multiplier, degrading the sponsor's operating margin. When the mpp Elixir library is configured as fee payer feepayer: true,...

8.3CVSS0.00301EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-45159

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to inflate the fee-payer's gas cost per payment by a large multiplier, degrading the sponsor's operating margin. When the mpp Elixir library is configured as fee payer feepayer: true,...

8.3CVSS5.5AI score0.00301EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago38 views

CVE-2026-59694 Unbounded access list in mpp Tempo fee-payer inflates gas cost per payment

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to inflate the fee-payer's gas cost per payment by a large multiplier, degrading the sponsor's operating margin. When the mpp Elixir library is configured as fee payer feepayer: true,...

8.3CVSS0.00301EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2 days ago7 views

CVE-2026-59694 Unbounded access list in mpp Tempo fee-payer inflates gas cost per payment

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to inflate the fee-payer's gas cost per payment by a large multiplier, degrading the sponsor's operating margin. When the mpp Elixir library is configured as fee payer feepayer: true,...

8.3CVSS5.5AI score0.00301EPSS
Exploits0References4
OSV
OSV
added 2 days ago7 views

EEF-CVE-2026-59694 Unbounded access list in mpp Tempo fee-payer inflates gas cost per payment

Summary Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to inflate the fee-payer's gas cost per payment by a large multiplier, degrading the sponsor's operating margin. When the mpp Elixir library is configured as fee payer fee\payer: true...

8.3CVSS5.7AI score0.00301EPSS
Exploits0References4
OSV
OSV
added 2 days ago2 views

CVE-2026-59694 Unbounded access list in mpp Tempo fee-payer inflates gas cost per payment

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to inflate the fee-payer's gas cost per payment by a large multiplier, degrading the sponsor's operating margin. When the mpp Elixir library is configured as fee payer feepayer: true,...

8.3CVSS5.5AI score0.00301EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 4 days ago6 views

Important: Red Hat Security Advisory: Cost Management Metrics Operator Update

Cost Management Metrics Operator version 4.4.2 release. The Cost Management Metrics Operator is a component of the Red Hat Cost Managment service for Openshift. The operator runs on the latest supported versions of Openshift. This operator obtains OpenShift usage data by querying Prometheus every...

9.8CVSS7.1AI score0.02719EPSS
Exploits2References13
NVD
NVD
added 5 days ago6 views

CVE-2026-59884

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER decoder shared by the CER and DER codecs parses long-form tags by accumulating continuation octets without an upper bound on the tag ID size, allowing a crafted input to force construction of an arbitrarily large integer with C...

7.5CVSS0.00354EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/11 5:35 a.m.10 views

EUVD-2026-43152

The Cost Calculator Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.11 via the template body. This makes it possible for unauthenticated attackers to extract the plaintext Stripe secret key, Razorpay secret key, and PayPal...

5.3CVSS6.1AI score0.0037EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/07/11 5:35 a.m.36 views

CVE-2026-10865 Cost Calculator Builder <= 4.0.11 - Unauthenticated Sensitive Information Exposure of Payment Gateway Secret Keys

The Cost Calculator Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.11 via the template body. This makes it possible for unauthenticated attackers to extract the plaintext Stripe secret key, Razorpay secret key, and PayPal...

5.3CVSS0.0037EPSS
Exploits0References10
CVE
CVE
added 2026/07/11 5:35 a.m.20 views

CVE-2026-10865

CVE-2026-10865 affects the Cost Calculator Builder plugin for WordPress. The vulnerability exists in all versions up to 4.0.11 and arises from exposure in the template body, allowing unauthenticated attackers to read plaintext payment gateway secrets (Stripe secret key, Razorpay secret key, and P...

5.3CVSS6.1AI score0.0037EPSS
Exploits0References10
NVD
NVD
added 2026/07/10 8:16 p.m.9 views

CVE-2026-55462

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UsersController::show and printInventory authorize only user viewing before loading and rendering assigned license, accessory, and consumable relationships, allowing an authenticated user with only users.view to see inventory and...

4.3CVSS0.0026EPSS
Exploits1References3
CVE
CVE
added 2026/07/10 7:35 p.m.8 views

CVE-2026-55462

Snipe-IT (IT asset/license management) is affected in versions prior to 8.6.2. The vulnerability in UsersController::show() and printInventory() allows an authenticated user with only the users.view permission to access inventory and cost/order metadata from modules that would normally be restric...

4.3CVSS6.1AI score0.0026EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/07/10 7:35 p.m.2 views

CVE-2026-55462 Snipe-IT: Authorization bypass on print inventory page

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UsersController::show and printInventory authorize only user viewing before loading and rendering assigned license, accessory, and consumable relationships, allowing an authenticated user with only users.view to see inventory and...

4.3CVSS6.1AI score0.0026EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/07/09 9:2 p.m.37 views

CVE-2026-33794 Junos OS Evolved: PTX Series: Receipt of repeated ECMP routing updates results in PFE crash

An Improper Check for Unusual or Exceptional Conditions vulnerability in the advanced forwarding toolkit evo-aftmand of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated network-based attacker generating continuous routing updates, resulting in unilist ECMP routes, to cras...

8.2CVSS0.00405EPSS
Exploits0References1
CVE
CVE
added 2026/07/09 9:2 p.m.25 views

CVE-2026-33794

CVE-2026-33794 affects Juniper Networks Junos OS Evolved on PTX Series. An improper check in evo-aftmand can be triggered by an unauthenticated network-based attacker sending continuous routing updates with unilist ECMP routes, causing internal state corruption and a crash of the evo-aftmand proc...

8.2CVSS6AI score0.00405EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/09 5:40 p.m.15 views

CVE-2026-59817

Ghost is a Node.js content management system. Affects versions from 6.27.0 up to but not including 6.44.0; the public donation checkout flow allowed an unauthenticated attacker to control donation checkout metadata and obtain full paid gift memberships for a minimal payment, without exposing cust...

5.3CVSS5.8AI score0.00257EPSS
Exploits0References5
NVD
NVD
added 2026/07/09 12:16 p.m.6 views

CVE-2026-9253

The WP Cost Estimation & Payment Forms Builder E&P Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customerInfos' parameter in all versions up to, and including, 10.5.97 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS0.00204EPSS
Exploits0References2
Rows per page
Query Builder