Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

207 matches found

EUVD
EUVDadded 2026/04/18 12:31 a.m.2 views

EUVD-2026-23577

The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the /wp-json/wp/v2/eablocks/eaappointments/ REST API endpoint. This is due to the endpoint being registered with 'permissioncallback' = 'returntrue', which...

7.5CVSS5.7AI score0.49987EPSS
Exploits0References7
RedhatCVE
RedhatCVEadded 2026/03/05 1:57 a.m.3 views

CVE-2026-1980

The WPBookit plugin for WordPress is vulnerable to unauthorized data disclosure due to a missing authorization check on the 'getcustomerlist' route in all versions up to, and including, 1.0.8. This makes it possible for unauthenticated attackers to retrieve sensitive customer information includin...

5.3CVSS5.9AI score0.00019EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/02/12 2:23 a.m.4 views

CVE-2026-1537 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.6 - Missing Authorization to Booking Details Exposure

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the loadstep function in all versions up to, and including, 5.2.6. This makes it possible for unauthenticated attackers to vie...

5.3CVSS5.5AI score0.00055EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/02/07 7:30 p.m.4 views

CVE-2025-69216

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an authenticated SQL injection vulnerability in OpenSTAManager's Scadenzario Payment Schedule print template allows any authenticated user to extract sensitive data from the database...

8.7CVSS5.6AI score0.00015EPSS
Exploits3References1
Positive Technologies
Positive Technologiesadded 2026/02/06 12:0 a.m.3 views

PT-2026-6769

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions 2.9.8 and earlier Description OpenSTAManager is susceptible to an authenticated SQL injection issue within the Scadenzario Payment Schedule print template. Any authenticated user can exploit this to extract sensitive da...

8.7CVSS5.6AI score0.00015EPSS
Exploits3References7
NVD
NVDadded 2026/01/31 5:16 a.m.6 views

CVE-2026-1431

The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpbcajaxWPBCFLEXTIMELINENAV function in all versions up to, and including, 10.14.13. This makes it possible for unauthenticated attackers to retrieve booking information...

5.3CVSS0.00026EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/01/31 4:35 a.m.2 views

CVE-2026-1431 Booking Calendar <= 10.14.13 - Missing Authorization to Unauthenticated Booking Details Exposure

The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpbcajaxWPBCFLEXTIMELINENAV function in all versions up to, and including, 10.14.13. This makes it possible for unauthenticated attackers to retrieve booking information...

5.3CVSS5.4AI score0.00026EPSS
Exploits0References2
NVD
NVDadded 2026/01/17 3:16 a.m.3 views

CVE-2025-14075

The WP Hotel Booking plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.7. This is due to the plugin exposing the 'hotelbookingfetchcustomerinfo' AJAX action to unauthenticated users without proper capability checks, relying only on a...

5.3CVSS0.00073EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/01/17 2:22 a.m.20 views

CVE-2025-14075 WP Hotel Booking <= 2.2.7 - Unauthenticated Sensitive Information Exposure via 'email' Parameter

The WP Hotel Booking plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.7. This is due to the plugin exposing the 'hotelbookingfetchcustomerinfo' AJAX action to unauthenticated users without proper capability checks, relying only on a...

5.3CVSS0.00073EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/01/17 2:22 a.m.2 views

CVE-2025-14075 WP Hotel Booking <= 2.2.7 - Unauthenticated Sensitive Information Exposure via 'email' Parameter

The WP Hotel Booking plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.7. This is due to the plugin exposing the 'hotelbookingfetchcustomerinfo' AJAX action to unauthenticated users without proper capability checks, relying only on a...

5.3CVSS5.5AI score0.00073EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/01/07 9:48 a.m.3 views

CVE-2022-27247

onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an attacker to download sensitive information about any customer e.g., data of birth, full address, mail information, and phone number via GastKont Insecure Direct Object Reference...

5.3CVSS6.5AI score0.00213EPSS
Exploits1References1
EUVD
EUVDadded 2025/11/22 12:30 p.m.3 views

EUVD-2025-198548

The OneClick Chat to Order plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.8 via the 'waorderthankyouoverride' function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view...

7.5CVSS5.1AI score0.0005EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2025/11/22 12:0 a.m.3 views

PT-2025-47835

Name of the Vulnerable Software and Affected Versions OneClick Chat to Order plugin for WordPress versions up to and including 1.0.8 Description The OneClick Chat to Order plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This is due to a lack of validation on a...

7.5CVSS6AI score0.0005EPSS
Exploits0References11
EUVD
EUVDadded 2025/10/09 6:30 p.m.2 views

EUVD-2025-33357

code-projects Client Details System 1.0 is vulnerable to Cross Site Scripting XSS. When adding customer information, the client details system fills in malicious JavaScript code in the username field...

6.1CVSS6.1AI score0.00034EPSS
Exploits1References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2021-17108

Malware in sbrugna...

5.4CVSS5.6AI score0.00247EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2016-2657

Malware in sbrugna...

4.3CVSS4.8AI score0.00336EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2017-11322

Malware in sbrugna...

5.3CVSS5.5AI score0.00153EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2020-3941

Malware in sbrugna...

5.3CVSS5.6AI score0.0088EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2024-17055

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00454EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2022-32892

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00191EPSS
Exploits1References1
Rows per page
Query Builder