Lucene search
K

2612 matches found

Nuclei
Nuclei
added 6 hours ago71 views

WooCommerce Designer Pro <= 1.9.28 - Arbitrary File Read

WooCommerce Designer Pro theme for WordPress = 1.9.28 contains an arbitrary file read vulnerability caused by improper input validation, letting unauthenticated attackers read arbitrary files including sensitive configuration files, exploit requires no authentication. id: CVE-2025-10897 info: nam...

8.6CVSS6.2AI score0.01844EPSS
Exploits0References2
Nuclei
Nuclei
added 6 hours ago8 views

News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Local File Inclusion

The News & Blog Designer Pack WordPress plugin up to version 3.4.1 contains a remote code execution caused by local file inclusion in the bdpgetmorepost function, letting unauthenticated attackers include arbitrary PHP files, exploit requires AJAX request with crafted POST data. id: CVE-2023-5815...

9.8CVSS7.5AI score0.04262EPSS
Exploits0References3
Nuclei
Nuclei
added 6 hours ago18 views

JIRA Workflow Designer Plugin in Atlassian JIRA Server > 6.3.0 - Remote Code Execution (XXE)

The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object. id: CVE-2017-5983 info: name:...

9.8CVSS7.3AI score0.16239EPSS
Exploits1References2
NVD
NVD
added 2026/07/03 6:16 a.m.13 views

CVE-2026-9725

The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 2.5.2 This is due to insufficient path validation in the storedesigndata function, which constructs a filesystem path from the user-supplied...

9.1CVSS0.00742EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/03 4:30 a.m.26 views

CVE-2026-9725 Printcart Web to Print Product Designer for WooCommerce <= 2.5.2 - Unauthenticated Arbitrary File Deletion

The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 2.5.2 This is due to insufficient path validation in the storedesigndata function, which constructs a filesystem path from the user-supplied...

9.1CVSS0.00742EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/03 4:30 a.m.11 views

CVE-2026-9725

The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 2.5.2 This is due to insufficient path validation in the storedesigndata function, which constructs a filesystem path from the user-supplied...

9.1CVSS6.5AI score0.00742EPSS
Exploits0References7
NVD
NVD
added 2026/07/01 5:16 p.m.8 views

CVE-2026-34104

Guardian language-system passes the name GET parameter directly into an unsanitized SQL query in designer.php line 124: SELECT FROM complex WHERE name='".$GET'name'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS0.00373EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 3:53 p.m.6 views

EUVD-2026-41052

Guardian language-system fails to sanitize the name GET parameter before outputting it into an HTML input value attribute in designer.php line 57. An authenticated attacker can craft a URL containing script tags that execute in the victim's browser session...

4.8CVSS5.8AI score0.00147EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 3:53 p.m.12 views

CVE-2026-34096

Guardian Language-System XSS via name Parameter in designer.php. Root cause: failure to sanitize the name GET parameter before output into an HTML input value attribute (designer.php: line 57). Impact: authenticated attacker can craft a URL with script tags that execute in the victim’s browser se...

4.8CVSS5.8AI score0.00147EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 3:53 p.m.34 views

CVE-2026-34096 Guardian Language-System XSS via name Parameter in designer.php

Guardian language-system fails to sanitize the name GET parameter before outputting it into an HTML input value attribute in designer.php line 57. An authenticated attacker can craft a URL containing script tags that execute in the victim's browser session...

4.8CVSS0.00147EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 7:4 p.m.25 views

CVE-2026-9836

IBM InfoSphere Information Server 11.7.0.0–11.7.1.6 is affected by CVE-2026-9836, an information-disclosure vulnerability in the DataStage Flow Designer application (CWE-200). Reported base score varies by source (NVD lists 7.5 HIGH overall but IBM notes a CVSS v3.1 base score of 3.5, LOW). The u...

7.5CVSS5.8AI score0.00241EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/30 7:4 p.m.39 views

CVE-2026-9836 IBM DataStage Flow Designer application is affected by an information disclosure vulnerability

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability...

3.5CVSS0.00241EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 5:47 p.m.4 views

Security Bulletin: IBM Integration Designer is vulnerable to multiple CVEs

Summary Multiple vulnerabilities are resolved: CVE-2026-22007, CVE-2026-22013, CVE-2026-22016, CVE-2026-22018, CVE-2026-22021, CVE-2026-34268 Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

7.5CVSS7.1AI score0.00702EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/29 3:16 p.m.9 views

CVE-2026-57329

Subscriber Cross Site Scripting XSS in WooCommerce Designer Pro = 1.9.34 versions...

6.5CVSS0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/29 1:36 p.m.7 views

EUVD-2026-40100

Subscriber Cross Site Scripting XSS in WooCommerce Designer Pro = 1.9.34 versions...

6.5CVSS5.8AI score0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/29 1:36 p.m.33 views

CVE-2026-57329 WordPress WooCommerce Designer Pro plugin <= 1.9.34 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in WooCommerce Designer Pro = 1.9.34 versions...

6.5CVSS0.00211EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 1:36 p.m.18 views

CVE-2026-57329

CVE-2026-57329 describes a Subscriber Cross Site Scripting (XSS) vulnerability in the WooCommerce Designer Pro plugin up to version 1.9.34. CVSS v3.1 base score 6.5 (attackVector: NETWORK, attackComplexity: LOW, privilegesRequired: LOW, userInteraction: REQUIRED, scope: CHANGED, confidentiality/i...

6.5CVSS5.8AI score0.00211EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 1:36 p.m.6 views

CVE-2026-57329

Subscriber Cross Site Scripting XSS in WooCommerce Designer Pro = 1.9.34 versions...

6.5CVSS5.8AI score0.00211EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/29 8:47 a.m.6 views

WordPress WooCommerce Designer Pro plugin <= 1.9.34 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WooCommerce Designer Pro versions = 1.9.34...

6.5CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.16 views

PT-2026-53290

Name of the Vulnerable Software and Affected Versions WooCommerce Designer Pro versions prior to 1.9.35 Description Cross Site Scripting XSS allows an attacker with subscriber privileges to execute malicious scripts in the browser of other users. Recommendations Update WooCommerce Designer Pro to...

6.5CVSS6AI score0.00211EPSS
Exploits0References4
Rows per page
Query Builder