Lucene search
K

627 matches found

CVE
CVE
added yesterday7 views

CVE-2026-14846

CVE-2026-14846 affects PrestaShop version 8.2.1. The flaw arises from incorrect sanitisation due to inadequate validation of the ‘Alias’ parameter in the ‘Update your address’ function. This allows an attacker to inject malicious expressions that are executed when exporting data with the ‘Get my ...

4.5CVSS6.1AI score0.0033EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday77 views

Relevanssi (A Better Search) <= 4.22.0 - Query Log Export

The Relevanssi Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query log data. id: CVE-2024-1380 info: name: Relevanssi A...

5.3CVSS6.7AI score0.50192EPSS
Exploits0References3
NVD
NVD
added 5 days ago9 views

CVE-2026-11869

The WP DSGVO Tools GDPR WordPress plugin before 3.1.40 does not perform an authorization check on the immediate-processing path of its data subject access request feature, allowing unauthenticated attackers to generate and download the full personal-data export including name, postal address, pho...

5.3CVSS0.00193EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-42509

The WP DSGVO Tools GDPR WordPress plugin before 3.1.40 does not perform an authorization check on the immediate-processing path of its data subject access request feature, allowing unauthenticated attackers to generate and download the full personal-data export including name, postal address, pho...

5.3CVSS6AI score0.00193EPSS
Exploits0References1
CVE
CVE
added 5 days ago8 views

CVE-2026-11869

The CVE concerns WP DSGVO Tools (GDPR) WordPress plugin prior to 3.1.40. A missing authorization check on the immediate-processing path of the data subject access request feature allows unauthenticated attackers to generate and download the full personal-data export (name, postal address, phone n...

5.3CVSS6AI score0.00193EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-11869 WP DSGVO Tools (GDPR) < 3.1.40 - Unauthenticated Sensitive Information Disclosure via Subject Access Request

The WP DSGVO Tools GDPR WordPress plugin before 3.1.40 does not perform an authorization check on the immediate-processing path of its data subject access request feature, allowing unauthenticated attackers to generate and download the full personal-data export including name, postal address, pho...

0.00193EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-56962

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CodexThemes TheGem Theme Elements for Elementor thegem-elements-elementor allows PHP Local File Inclusion.This issue affects TheGem Theme Elements for Elementor: from n/a through...

7.5CVSS6.1AI score0.00496EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-56938

Missing Authorization vulnerability in vowelweb VW Food Corner vw-food-corner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Food Corner: from n/a through = 1.1.0...

5.3CVSS6.1AI score0.00415EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-53729

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, any authenticated user can download /exportCenter/download/id, delete /exportCenter/delete, retry /exportCenter/retry/id, or generate download links /exportCenter/generateDownloadUri/id for export tasks belonging t...

8.7CVSS5.9AI score0.00391EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/07/01 1:17 p.m.6 views

CVE-2026-53906

MCO is vulnerable to Path Disclosure and Path Traversal in file handling functionality related to data export and upload. Improper validation of the filename parameter allows writing files to arbitrary locations as well as indirect disclosure of absolute server paths through error messages. Becau...

8.2CVSS0.00339EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 11:58 a.m.9 views

EUVD-2026-40952

MCO is vulnerable to Path Disclosure and Path Traversal in file handling functionality related to data export and upload. Improper validation of the filename parameter allows writing files to arbitrary locations as well as indirect disclosure of absolute server paths through error messages. Becau...

7.1CVSS5.9AI score0.00339EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 11:58 a.m.22 views

CVE-2026-53906

CVE-2026-53906 affects MCO’s file handling for data export and upload. The underlying issue is improper validation of the filename parameter, allowing path traversal and the potential to write files to arbitrary locations, along with indirect disclosure of absolute server paths via error messages...

8.2CVSS5.9AI score0.00339EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/24 8:55 p.m.13 views

CVE-2026-45687

CVE-2026-45687 affects Rocket.Chat prior to fixed versions (8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, 7.10.11). The issue lies in the sendFileMessage DDP path, where the attacker-provided file object is passed to Uploads.updateFileComplete and merged into a MongoDB $set via Object.assign ...

8.5CVSS5.9AI score0.00205EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/18 4:31 a.m.12 views

EUVD-2026-37839

The FireBox Popups – Increase Sales and Grow Your Email List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.7 via the 'formid' parameter. This makes it possible for unauthenticated attackers to extract download a full CSV export of a...

5.3CVSS5.4AI score0.00331EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/06/09 11:54 a.m.33 views

CVE-2026-11764 Data exposed without proper permission

When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This is inconsistent with the UI and API where only the first letters of the gift card secret are shown...

6.9CVSS0.00229EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.11 views

CVE-2026-0814

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vszcf7exporttoexcel' function in all versions up to, and including, 2.0.9. This makes it possible for authenticated attackers, with Subscriber-level access an...

4.3CVSS5.5AI score0.00303EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.10 views

CVE-2026-5395

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.2.0 via the exportEntries function due to missing validation on a user controlled key. This mak...

8.2CVSS5.6AI score0.00234EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.11 views

CVE-2026-22315

Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server...

7.2CVSS5.6AI score0.00349EPSS
Exploits0References1
Veeam
Veeam
added 2026/06/03 12:0 a.m.75 views

Email item data export from EWS failed

Challenge Exchange Online backup jobs in Veeam Backup for Microsoft 365 and Veeam Data Cloud for Microsoft 365 may fail to process mailboxes, returning one of the following errors: Processing mailbox failed with error: Email item data export from EWS failed item IDs: .... The operation has timed...

5.7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/28 6:45 a.m.9 views

CVE-2026-7621 SMTP2GO for WordPress <= 1.16.0 - Missing Authorization to Authenticated (Subscriber+) Log Read/Truncate

The SMTP2GO for WordPress – Email Made Easy plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.16.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers,...

4.3CVSS5.8AI score0.0025EPSS
Exploits0References11
Rows per page
Query Builder