Lucene search
+L

239 matches found

cve
cve
added 3 days ago9 views

CVE-2026-57707

The CVE-2026-57707 entry concerns WordPress Plugin Simple Business Directory Pro (versions up to 15.9.4) affected by an SQL Injection vulnerability. Affected component is the Simple Business Directory Pro plugin; root cause indicated as improper neutralization of special elements used in SQL comm...

9.3CVSS6.1AI score0.00291EPSS
Exploits0References1
nvd
nvd
added 2026/07/03 6:16 a.m.6 views

CVE-2026-8892

The CM Business Directory – Optimise and showcase local business plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Business Address Meta Fields in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00212EPSS
Exploits0References7
euvd
euvd
added 2026/07/03 4:30 a.m.8 views

EUVD-2026-41491

The CM Business Directory – Optimise and showcase local business plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Business Address Meta Fields in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.9AI score0.00212EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/07/03 12:0 a.m.14 views

PT-2026-55498

Name of the Vulnerable Software and Affected Versions CM Business Directory versions prior to 1.5.8 Description Insufficient input sanitization and output escaping allow authenticated attackers with contributor-level access and above to perform Stored Cross-Site Scripting. This occurs when...

6.4CVSS6.1AI score0.00212EPSS
Exploits0References12
cvelist
cvelist
added 2026/06/29 1:36 p.m.31 views

CVE-2026-57328 WordPress Business Directory plugin <= 6.4.22 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

6.5CVSS0.00211EPSS
Exploits0References1
cve
cve
added 2026/06/29 1:36 p.m.14 views

CVE-2026-57328

CVE-2026-57328 is a Subscriber XSS vulnerability in the WordPress Business Directory plugin, affecting versions

6.5CVSS5.8AI score0.00211EPSS
Exploits0References1
osv
osv
added 2026/06/24 2:17 p.m.2 views

CVE-2026-57288

Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native ADSI authentication path, allowing unauthenticated attackers to inject LDAP wildcard characters to enumerate directory entries and to authenticate as a...

3.7CVSS6AI score
Exploits0References1
euvd
euvd
added 2026/06/24 1:20 p.m.12 views

EUVD-2026-38768

Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native ADSI authentication path, allowing unauthenticated attackers to inject LDAP wildcard characters to enumerate directory entries and to authenticate as a...

3.7CVSS5.9AI score0.00224EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/15 12:0 a.m.20 views

PT-2026-49390

Unauthenticated SQL Injection in GeoDirectory = 2.8.152 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/05 7:45 p.m.9 views

CVE-2026-48919

Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation...

6.6CVSS5.4AI score0.0027EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:45 p.m.11 views

CVE-2026-48918

Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default...

6.6CVSS5.4AI score0.00232EPSS
Exploits0References1
nvd
nvd
added 2026/05/27 3:16 p.m.29 views

CVE-2026-48919

Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation...

6.6CVSS0.0027EPSS
Exploits0References1
cve
cve
added 2026/05/27 2:13 p.m.28 views

CVE-2026-48919

CVE-2026-48919 affects Jenkins’ Active Directory Plugin (2.41 and earlier). The root cause is that the plugin deserializes data from LDAP referrals without validation. This leads to potential impact on confidentiality, integrity, and availability (CVSS v3.1 base score 6.6, MEDIUM). The exploitati...

6.6CVSS5.8AI score0.0027EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/05/27 2:13 p.m.44 views

CVE-2026-48918

Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default...

0.00232EPSS
Exploits0References1
cve
cve
added 2026/05/27 2:13 p.m.28 views

CVE-2026-48916

The CVE-2026-48916 entry concerns Jenkins LDAP Plugin up to version 807.v7d7de30930cf and earlier, which follows LDAP referrals. The available connected documents identify the affected component (Jenkins LDAP Plugin) and the specific version range, with CVSSv3.1 vectors indicating Network attack,...

6.6CVSS5.8AI score0.00285EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2026/05/27 12:0 a.m.19 views

PT-2026-44011

Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default...

5.8AI score0.00232EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/03/26 3:4 p.m.4 views

CVE-2026-3178

The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'namedirectoryname' parameter in all versions up to, and including, 1.32.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS6AI score0.00255EPSS
Exploits0References1
nvd
nvd
added 2026/03/11 12:15 p.m.5 views

CVE-2026-3178

The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'namedirectoryname' parameter in all versions up to, and including, 1.32.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS0.00255EPSS
Exploits0References5
cve
cve
added 2026/03/11 11:9 a.m.10 views

CVE-2026-3178

The CVE concerns the WordPress Name Directory plugin (affected: all versions up to 1.32.1) and a Stored XSS via the name_directory_name parameter. The vulnerability stems from insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject scripts into pages that...

7.2CVSS5.9AI score0.00255EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/02/19 7:28 a.m.6 views

CVE-2026-2576

The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

7.5CVSS5.9AI score0.00432EPSS
Exploits0References1
Rows per page
Query Builder