Lucene search
+L

883 matches found

nuclei
nuclei
added yesterday35 views

Blinko <= 1.8.3 - User Information Leak

Blinko = 1.8.4 contains an information disclosure caused by a publicly accessible endpoint exposing user information including usernames, roles, and account creation dates, letting remote attackers access sensitive user data, exploit requires no special privileges. id: CVE-2026-23486 info: name:...

6.9CVSS6.1AI score0.00711EPSS
Exploits0References3
nvd
nvd
added 6 days ago12 views

CVE-2026-15289

The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpdevartid’ parameter in all versions up to, and including, 3.2.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...

5.9CVSS0.00346EPSS
Exploits0References4
euvd
euvd
added 6 days ago7 views

EUVD-2026-42798

The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpdevartid’ parameter in all versions up to, and including, 3.2.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...

5.9CVSS6AI score0.00346EPSS
Exploits0References4
cve
cve
added 6 days ago7 views

CVE-2026-15289

The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to a time-based SQL injection via the wpdevart_id parameter in all versions up to 3.2.17. The root cause is insufficient escaping of the user-supplied parameter and lack of proper SQL query preparation. This can a...

5.9CVSS6AI score0.00346EPSS
Exploits0References4
attackerkb
attackerkb
added 6 days ago6 views

CVE-2026-15289

The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpdevartid’ parameter in all versions up to, and including, 3.2.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...

5.9CVSS6AI score0.00346EPSS
Exploits0References5
cvelist
cvelist
added 6 days ago30 views

CVE-2026-15289 Booking calendar, Appointment Booking System <= 3.2.17 - Unauthenticated Time-Based SQL Injection via 'wpdevart_id'

The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpdevartid’ parameter in all versions up to, and including, 3.2.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...

5.9CVSS0.00346EPSS
Exploits0References4
nvd
nvd
added 2026/07/02 8:17 p.m.6 views

CVE-2026-59097

Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. Attackers can supply an arbitrary...

6.9CVSS0.00344EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/07/02 7:42 p.m.7 views

CVE-2026-59097

Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. Attackers can supply an arbitrary...

6.9CVSS6AI score0.00344EPSS
Exploits0References6
cvelist
cvelist
added 2026/07/02 7:42 p.m.39 views

CVE-2026-59097 Taiga < 6.10.2 - Unauthorized Due-Date Creation via API Viewsets

Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. Attackers can supply an arbitrary...

6.9CVSS0.00344EPSS
Exploits0References5
osv
osv
added 2026/07/02 7:42 p.m.4 views

CVE-2026-59097 Taiga < 6.10.2 - Unauthorized Due-Date Creation via API Viewsets

Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. Attackers can supply an arbitrary...

6.9CVSS6.2AI score0.00344EPSS
Exploits0References8
circl
circl
added 2026/07/01 9:12 a.m.10 views

CVE-2026-12224

creationtimestamp| type| source ---|---|--- 2026-07-01 09:12:13+00:00| seen| https://bsky.app/profile/qiancx.bsky.social/post/3mpl6f6frm32l 2026-07-01 09:12:13+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpl6f64vmw2r 2026-07-01 11:39:31+00:00| seen|...

8.8CVSS5.8AI score0.00246EPSS
Exploits0References5
euvd
euvd
added 2026/06/19 6:51 a.m.12 views

EUVD-2026-37996

The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS6AI score0.00299EPSS
Exploits0References8
attackerkb
attackerkb
added 2026/06/19 6:51 a.m.10 views

CVE-2026-6798

The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS6AI score0.00299EPSS
Exploits0References9
circl
circl
added 2026/06/15 11:0 p.m.10 views

CVE-2026-48713

creationtimestamp| type| source ---|---|--- 2026-06-15 23:00:38+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3moef7r5k4a24 2026-06-16 00:01:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moeimat47y2n 2026-06-16 03:00:27+00:00| seen|...

9.1CVSS5.7AI score0.00419EPSS
Exploits0References5
circl
circl
added 2026/06/04 11:18 p.m.10 views

CVE-2026-48579

creationtimestamp| type| source ---|---|--- 2026-06-04 23:18:35+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116694392154624808 2026-06-05 00:00:59+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnithjxzog2b 2026-06-05 13:22:36+00:00| seen|...

9.1CVSS5.3AI score0.01015EPSS
Exploits0References6
cve
cve
added 2026/06/03 1:28 p.m.21 views

CVE-2026-47325

The CVE-2026-47325 entry concerns the ProjectsAndPrograms school-management-system, where passwords for students and teachers are generated solely from the user’s date of birth (e.g., 12072000), and there is no forced password change at first login. Affected status: the version tied to commit 6b6...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References2
ubuntucve
ubuntucve
added 2026/06/01 12:0 a.m.14 views

CVE-2026-41150

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...

5.3CVSS5.8AI score0.00384EPSS
Exploits0References8
susecve
susecve
added 2026/05/30 2:7 a.m.17 views

SUSE CVE-2026-41150

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...

5.3CVSS5.8AI score0.00384EPSS
Exploits0References3
osv
osv
added 2026/05/29 3:16 p.m.8 views

DEBIAN-CVE-2026-41150

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...

5.3CVSS5.8AI score0.00384EPSS
Exploits0References1
osv
osv
added 2026/05/29 1:54 p.m.3 views

CVE-2026-41150 Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...

5.3CVSS6AI score0.00384EPSS
Exploits0References7
Rows per page
Query Builder