Lucene search
K

306 matches found

CVE
CVE
added 2 days ago26 views

CVE-2026-45064

CVE-2026-45064 (Symfony) affects the UrlSanitizer::parse() path used by Symfony HtmlSanitizer/UrlSanitizer. From versions 6.1.0-BETA1 up to 6.4.40, 7.4.12, and 8.0.12, Unicode explicit-direction BiDi formatting characters were passed through into sanitized href/src attributes, enabling phishing-s...

6.1CVSS6.1AI score0.00466EPSS
Exploits0References5Affected Software1
CVE
CVE
added 6 days ago10 views

CVE-2026-15299

CVE-2026-15299 : The Animation Addons for Elementor WordPress plugin is vulnerable to Stored Cross-Site Scripting in all versions up to 2.6.3 via the Weather widget’s weather_style and move_direction parameters. The root cause is insufficient output escaping in Weather widget render() (widgets/we...

6.4CVSS6AI score0.00193EPSS
Exploits0References4
NVD
NVD
added 2026/06/18 6:16 a.m.13 views

CVE-2026-11360

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'sortdirection' parameter in all versions up to, and including, 4.0.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00369EPSS
Exploits0References14
EUVD
EUVD
added 2026/06/18 5:34 a.m.14 views

EUVD-2026-37844

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'sortdirection' parameter in all versions up to, and including, 4.0.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS5.8AI score0.00369EPSS
Exploits0References14
Cvelist
Cvelist
added 2026/06/18 5:34 a.m.39 views

CVE-2026-11360 Advanced Order Export For WooCommerce <= 4.0.10 - Authenticated (Shop Manager+) SQL Injection via 'sort_direction' Parameter

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'sortdirection' parameter in all versions up to, and including, 4.0.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00369EPSS
Exploits0References14
CVE
CVE
added 2026/06/18 5:34 a.m.30 views

CVE-2026-11360

The CVE-2026-11360 entry concerns the WordPress plugin Advanced Order Export For WooCommerce (WooCommerce), affected up to version 4.0.10. The vulnerability is a generic SQL Injection via the sort_direction parameter caused by insufficient escaping and inadequate SQL query preparation. Exploitati...

4.9CVSS5.9AI score0.00369EPSS
Exploits0References14
GithubExploit
GithubExploit
added 2026/06/09 1:19 p.m.67 views

Exploit for CVE-2026-00000

CVE-2026-00000 Boolean-blind SQL injection Description...

5.6AI score
Exploits2
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.10 views

CVE-2026-9243

The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carouseldirection' parameter of the Carousel Anything widget in versions up to, and including, 6.4.15 This is due to insufficient output escaping in the render function, where the...

6.4CVSS5.7AI score0.00273EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.10 views

CVE-2026-33083

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints including /de2api/datasetData/enumValueDs and /de2api/datasetTree/exportDataset. The Order2SQLOb...

8.8CVSS5.7AI score0.00328EPSS
Exploits1References1
OSV
OSV
added 2026/06/05 3:59 p.m.7 views

GHSA-CXV7-GMMP-228P NocoDB: Postgres SQL Injection in Formula `ARRAYSORT`

Summary An authenticated user with columnAdd permission on a Postgres-backed base can inject arbitrary SQL into the formula engine via the optional direction argument of ARRAYSORT.... The value is unrestricted by formula validation and embedded into a knex.raw ORDER BY clause, executing during...

6CVSS5.8AI score0.00215EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/31 12:4 p.m.14 views

CVE-2026-49489 OpenCATS - SQL Injection in DataGrid sortDirection Parameter

OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers can inject malicious SQL via the sortDirection parameter in ajax/getDataGridPager.php to perform...

8.5CVSS5.9AI score0.00263EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/31 12:4 p.m.14 views

EUVD-2026-33501

OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers can inject malicious SQL via the sortDirection parameter in ajax/getDataGridPager.php to perform...

8.5CVSS5.9AI score0.00263EPSS
Exploits0References4
CVE
CVE
added 2026/05/31 12:4 p.m.33 views

CVE-2026-49489

OpenCATS up to version 0.9.7.4 is affected by an SQL injection in the DataGrid sortDirection parameter, enabling an authenticated user to exfiltrate data via ajax/getDataGridPager.php. The underlying issue is a vulnerable sortDirection parameter that allows time-based blind injections, potentiall...

8.5CVSS5.9AI score0.00263EPSS
Exploits0References4
NVD
NVD
added 2026/05/29 8:16 a.m.18 views

CVE-2026-9243

The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carouseldirection' parameter of the Carousel Anything widget in versions up to, and including, 6.4.15 This is due to insufficient output escaping in the render function, where the...

6.4CVSS0.00273EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/29 6:43 a.m.36 views

CVE-2026-9243 The Plus Addons for Elementor <= 6.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'carousel_direction' Parameter

The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carouseldirection' parameter of the Carousel Anything widget in versions up to, and including, 6.4.15 This is due to insufficient output escaping in the render function, where the...

6.4CVSS0.00273EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/29 6:43 a.m.12 views

CVE-2026-9243

The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carouseldirection' parameter of the Carousel Anything widget in versions up to, and including, 6.4.15 This is due to insufficient output escaping in the render function, where the...

6.4CVSS6AI score0.00273EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.21 views

PT-2026-44759

The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carousel direction' parameter of the Carousel Anything widget in versions up to, and including, 6.4.15 This is due to insufficient output escaping in the render function, where the carousel...

6.4CVSS6AI score0.00273EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2026/05/28 8:10 a.m.10 views

crypto: atmel-tdes - fix DMA sync direction

...

5.5CVSS5.4AI score0.00123EPSS
Exploits0
EUVD
EUVD
added 2026/05/27 12:58 p.m.13 views

EUVD-2026-32459

In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-tdes - fix DMA sync direction Before DMA output is consumed by the CPU, -dmaaddrout must be synced with dmasyncsingleforcpu instead of dmasyncsinglefordevice. Using the wrong direction can return stale cache data on...

5.8AI score0.00123EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/27 12:58 p.m.41 views

CVE-2026-46077 crypto: atmel-tdes - fix DMA sync direction

In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-tdes - fix DMA sync direction Before DMA output is consumed by the CPU, -dmaaddrout must be synced with dmasyncsingleforcpu instead of dmasyncsinglefordevice. Using the wrong direction can return stale cache data on...

0.00123EPSS
Exploits0References8
Rows per page
Query Builder