Lucene search
K

1412 matches found

Nuclei
Nuclei
added 7 hours ago33 views

CP Image Store with Slideshow <= 1.0.67 - SQL Injection

The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the orderingby query parameter before using it in a SQL statement in pages where the codepeople-image-store is embed, allowing unauthenticated users to perform an SQL injection attack. id: CVE-2022-1692...

9.8CVSS7.1AI score0.1036EPSS
Exploits2References3
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-42645

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 allows an unauthenticated remote attacker to cause a denial of service via a crafted SETUP request. The RTSP service's second-stage URL routing parser fails to validate the length of the URL fiel...

7.5CVSS6.4AI score0.00402EPSS
Exploits0References2
CVE
CVE
added 5 days ago7 views

CVE-2026-51602

CVE-2026-51602 describes a stack-based buffer overflow in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91). An unauthenticated remote attacker can cause a denial of service by sending a crafted SETUP request. The root cause is the second-stage URL routing parser failing to validate the le...

7.5CVSS6.4AI score0.00402EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:15 a.m.12 views

CVE-2026-57670

Technical details (affected plugin version specifics, root cause, exploit steps, and remediation) are not publicly available in the provided documents. Monitor for updates.

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: media: adv7842: Avoid possible out-of-bounds array accesses in adv7842cplogstatus It is possible for cpread and hdmiread to return -EIO. These values are further used as indexes to access arrays. The issue was fixed by checking t...

7.1CVSS5.9AI score0.00117EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:31 p.m.5 views

CVE-2017-20274

Joomla LMS King Professional 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cpid parameter. Attackers can send GET requests to index.php with the option=comlmsking, view=lmsking,...

8.8CVSS6AI score0.00237EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/19 4:31 p.m.29 views

CVE-2017-20274 Joomla LMS King Professional 3.2.4.0 SQL Injection via learningpath

Joomla LMS King Professional 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cpid parameter. Attackers can send GET requests to index.php with the option=comlmsking, view=lmsking,...

8.8CVSS0.00237EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/19 3:46 p.m.10 views

CVE-2026-41568

A flaw was found in the Moby container framework. A race condition during the docker cp mount setup allows a malicious container to create empty files or directories at arbitrary locations on the host filesystem. This vulnerability can lead to a denial of service by filling up disk space or...

6.1CVSS5.9AI score0.00108EPSS
Exploits0References4
NVD
NVD
added 2026/06/15 2:16 p.m.14 views

CVE-2016-20067

WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in...

5.3CVSS0.00116EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 2:16 p.m.11 views

CVE-2016-20066

WordPress CP Polls 1.0.8 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unsanitized file upload functionality. Attackers can upload files containing script payloads with event handlers like onerror attributes to execute arbitrary...

7.2CVSS0.00192EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/15 12:0 p.m.32 views

CVE-2016-20067 WordPress CP Polls 1.0.8 Cross-Site Request Forgery

WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in...

5.3CVSS0.00116EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 12:0 p.m.9 views

EUVD-2016-10880

WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in...

5.3CVSS5.2AI score0.00116EPSS
Exploits0References2
CVE
CVE
added 2026/06/15 12:0 p.m.13 views

CVE-2016-20067

CVE-2016-20067 : WordPress CP Polls 1.0.8 contains a cross-site request forgery (CSRF) vulnerability that allows an attacker to perform unauthorized poll operations on behalf of an authenticated administrator. An attacker can craft a malicious HTML page; when an admin visits it while logged in, t...

5.3CVSS5.3AI score0.00116EPSS
Exploits0References2
CVE
CVE
added 2026/06/15 12:0 p.m.15 views

CVE-2016-20066

WordPress CP Polls 1.0.8 is affected by a persistent cross-site scripting (XSS) vulnerability via unsanitized file upload functionality. Attackers can upload files containing script payloads (e.g., onerror handlers) to execute arbitrary JavaScript in the browsers of users viewing the affected con...

7.2CVSS5.4AI score0.00192EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/15 12:0 p.m.9 views

CVE-2016-20066 WordPress CP Polls 1.0.8 Persistent Cross-Site Scripting

WordPress CP Polls 1.0.8 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unsanitized file upload functionality. Attackers can upload files containing script payloads with event handlers like onerror attributes to execute arbitrary...

7.2CVSS5.3AI score0.00192EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 8:16 a.m.14 views

CVE-2026-9278

The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value before storing it and using it as part of a client-side script execution, allowing authenticated users with Editor-level access and above to perform Stored Cross-Site Scripting attacks against...

5.4CVSS0.00159EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 6:0 a.m.11 views

EUVD-2026-36700

The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value before storing it and using it as part of a client-side script execution, allowing authenticated users with Editor-level access and above to perform Stored Cross-Site Scripting attacks against...

5.4CVSS5.2AI score0.00159EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.31 views

CVE-2026-36670

A Time-Based Blind SQL Injection vulnerability in the aliasmanagement module of OpenSIPS Control Panel opensips-cp prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in aliasmanagement.php...

0.00361EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/06/13 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-41568

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version...

6.1CVSS5.9AI score0.00108EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 7:16 p.m.20 views

CVE-2026-42306

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary...

7.2CVSS0.00104EPSS
Exploits0References1
Rows per page
Query Builder