Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

CVE
CVEadded 2026/06/09 3:41 a.m.16 views

CVE-2026-8499

The CVE concerns the WordPress Helpfulcrowd Product Reviews plugin (vulnerable up to 1.2.9). Root cause: a PHP type-juggling flaw in helpfulcrowd_validate_token() uses a loose != comparison, paired with a REST route (wp-json/helpfulcrowd/v1/update-settings) that has a permissive permission_callba...

5.3CVSS5.6AI score0.00273EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2025/05/23 9:27 a.m.17 views

CVE-2024-37699

An issue in DataLife Engine v.17.1 and before is vulnerable to SQL Injection in dboption...

9.8CVSS8.1AI score0.00481EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEVadded 2024/10/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-4974

The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the getdebuglog, getdboption, and the setdboption functions in versions up...

6.3CVSS5.8AI score0.00424EPSS
Exploits0References1
Prion
Prionadded 2023/06/07 2:15 a.m.13 views

Authorization

The uListing plugin for WordPress is vulnerable to authorization bypass via wproute due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::importnewlayout method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers t...

7.5CVSS9.3AI score0.014EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2023/06/07 1:51 a.m.26 views

CVE-2021-4381 uListing <= 1.6.6 - Unauthenticated Options Changes via wp_route

The uListing plugin for WordPress is vulnerable to authorization bypass via wproute due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::importnewlayout method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers t...

9.8CVSS9.6AI score0.014EPSS
Exploits1References3
Cvelist
Cvelistadded 2023/06/07 1:51 a.m.32 views

CVE-2021-4341 uListing <= 1.6.6 - Unauthenticated Wordpress Options Changes via AJAX

The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stmupdateemaildata AJAX action in versions up to, and including, 1.6.6. This makes it possible for unauthenticated...

9.8CVSS9.6AI score0.01134EPSS
Exploits1References2
OSV
OSVadded 2019/01/23 9:29 a.m.3 views

CVE-2019-6691

phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb parameter, related to the "--backup database" option...

7.2CVSS7.1AI score
Exploits0References1
CVE
CVEadded 2006/03/02 7:0 p.m.49 views

CVE-2005-2713

CVE-2005-2713 concerns local privilege escalation in Mac OS X. The iDefense advisory details two related issues in the /usr/bin/passwd binary on affected builds (Mac OS X 10.3.9 and 10.4.5; server variants also mentioned): first, passwd accepts a password database option and does not verify write...

6.8CVSS6.6AI score0.01037EPSS
Exploits1References11Affected Software2
Rows per page
Query Builder