1489498 matches found
CVE-2026-12918
The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to generic SQL Injection via the 'recipients' parameter in all versions up to, and including, 1.24.1 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2026-12918 Mail Mint <= 1.24.1 - Authenticated (Administrator+) SQL Injection via 'recipients' Parameter
The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to generic SQL Injection via the 'recipients' parameter in all versions up to, and including, 1.24.1 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2026-12918
The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to generic SQL Injection via the 'recipients' parameter in all versions up to, and including, 1.24.1 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2026-12924
The Eventin – Event Calendar, Event Registration, Tickets & Booking AI Powered plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'etnfaqcontent' parameter in all versions up to, and including, 4.1.15 due to insufficient input sanitization and output escaping. This makes it...
Exploit for Deserialization of Untrusted Data in Apache Camel
camel-jms JMS ObjectMessage Unsafe Deserialization Reproducer...
Attackers Exploit 'Ill Bloom' Vulnerability to Drain $3.1 Million From Cryptocurrency Wallets
Security firm Coinspect has disclosed a crypto wallet flaw it calls Ill Bloom , and attackers are already using it. The flaw is in how some wallet software generated its recovery phrase, the words that control the money. When that phrase is made with weak randomness, an attacker can work it out a...
Exploit for Deserialization of Untrusted Data in Apache Camel
camel-netty-http / camel-vertx-http HTTP-Response Unsafe Deser...
Exploit for Improper Access Control in Ollyo Helix3
Исследование уязвимости CVE-2026-49049: Unauthenticated Arbitr...
K000162183: Spring web services vulnerability CVE-2026-40996
Security Advisory Description Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's safer default for validation RequestData. Inbound WS-Security decryption could therefore accept RSA PKCS1 v1.5 rsa-15 encrypted key material unless operators...
Exploit for Out-of-bounds Write in Mediatek Software_Development_Kit
CVE-2025-20720 — PolyShell: Magento 2 Unauthenticated File Uploa...
CVE-2026-12924 Eventin <= 4.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'etn_faq_content' Parameter
The Eventin – Event Calendar, Event Registration, Tickets & Booking AI Powered plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'etnfaqcontent' parameter in all versions up to, and including, 4.1.15 due to insufficient input sanitization and output escaping. This makes it...
EUVD-2026-42843
The Eventin – Event Calendar, Event Registration, Tickets & Booking AI Powered plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'etnfaqcontent' parameter in all versions up to, and including, 4.1.15 due to insufficient input sanitization and output escaping. This makes it...
CVE-2026-12924
The Eventin – Event Calendar, Event Registration, Tickets & Booking AI Powered plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'etnfaqcontent' parameter in all versions up to, and including, 4.1.15 due to insufficient input sanitization and output escaping. This makes it...
Exploit for CVE-2024-51482
CVE-2024-51482 — ZoneMinder Time-Based Blind SQL Injection A...
Exploit for Deserialization of Untrusted Data in Apache Camel
camel-infinispan Remote Aggregation Repository Unsafe Deserial...
WordPress WP Hotel Booking plugin <= 2.3.1 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by 1M4 in WordPress Plugin WP Hotel Booking versions = 2.3.1...
WordPress Hide My WP Lite plugin <= 1.3 - Unauthenticated Path Traversal to Arbitrary File Read vulnerability
Unauthenticated Path Traversal to Arbitrary File Read vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Hide My WP Lite versions = 1.3...
WordPress UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin <= 1.2.65 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability
Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by daroo in WordPress Plugin UsersWP versions = 1.2.65...
tomcat security, bug fix, and enhancement update
An update is available for tomcat. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages...
Vulnerabilities managed in GitLab Enterprise Edition and Community Edition
GitLab has identified several vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE versions ranging from 9.1 to 18.11.7, 19.0 to 19.0.4, and 19.1 to 19.1.2. The vulnerabilities include: - Creating repositories with discrepancies between the web interface and the actual...