Lucene search
K

5285 matches found

NVD
NVD
added yesterday5 views

CVE-2026-57810

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affects APIExperts Square for WooCommerce: from n/a through = 4.7.4...

8.5CVSS0.00357EPSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-57804

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CodexThemes TheGem Theme Elements for Elementor thegem-elements-elementor allows PHP Local File Inclusion.This issue affects TheGem Theme Elements for Elementor: from n/a through...

7.5CVSS0.00496EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57718

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Unlimited Elements Unlimited Elements For Elementor Free Widgets, Addons, Templates unlimited-elements-for-elementor allows Reflected XSS.This issue affects Unlimited Elements For Elementor Free...

7.1CVSS0.00251EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-57707

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows SQL Injection.This issue affects Simple Business Directory Pro: from n/a through = 15.9.4...

9.3CVSS0.004EPSS
Exploits0References1
CVE
CVE
added yesterday13 views

CVE-2026-57804

CVE-2026-57804 describes an PHP Local File Inclusion in CodexThemes TheGem Theme Elements (for Elementor), specifically TheGem Theme Elements for Elementor up to version 5.11.1. The issue arises from improper control of the filename used in include/require statements, enabling an attacker with au...

7.5CVSS6.1AI score0.00496EPSS
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-57718

CVE-2026-57718 describes a Reflected XSS in the WordPress plugin Unlimited Elements For Elementor (Free Widgets, Addons, Templates), specifically unlimited-elements-for-elementor, affecting versions from n/a up to and including 2.0.12. The vulnerability stems from improper neutralization of input...

7.1CVSS6.1AI score0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday17 views

CVE-2026-57718 WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin <= 2.0.12 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Unlimited Elements Unlimited Elements For Elementor Free Widgets, Addons, Templates unlimited-elements-for-elementor allows Reflected XSS.This issue affects Unlimited Elements For Elementor Free...

7.1CVSS0.00251EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday10 views

Unlimited Elements for Elementor <= 1.5.93 - Cross Site Scripting

Unlimited Elements For Elementor Free Widgets, Addons, Templates versions up to 1.5.93 contain a reflected cross-site scripting caused by improper neutralization of input during web page generation, letting attackers execute malicious scripts in the victim's browser, exploit requires attacker to...

7.1CVSS7AI score0.0074EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday42 views

WordPress Shortcodes and Extra Features for Phlox <2.9.8 - Cross-Site Scripting

WordPress Shortcodes and extra features plugin for the Phlox theme before 2.9.8 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the response. An attacker can inject arbitrary script in the browser of an unsuspecting...

6.1CVSS6.5AI score0.01347EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday60 views

Jeg Elementor Kit < 2.5.7 - Unauthenticated Settings Update

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...

8.6CVSS6.9AI score0.01594EPSS
Exploits1References4
Patchstack
Patchstack
added 5 days ago6 views

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin <= 2.0.12 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Taylsec in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 2.0.12...

7.1CVSS6.1AI score0.00251EPSS
Exploits0Affected Software1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42370

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

6.4CVSS5.9AI score0.00234EPSS
Exploits0References1
NVD
NVD
added 6 days ago13 views

CVE-2026-57258

The PRC file header parsing logic trusts the constructed file structure description information, assumes that the underlying array contains elements and reads them, leading to out-of-bounds reads and application crashes...

6.1CVSS0.00112EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-56357

Name of the Vulnerable Software and Affected Versions Foxit PDF Editor/Reader affected versions not specified Description The PRC file header parsing logic trusts the constructed file structure description information and assumes the underlying array contains elements. When reading these elements...

6.1CVSS6.1AI score0.00112EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/07/02 3:25 p.m.6 views

WordPress TheGem theme Elements (for Elementor) plugin <= 5.11.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin TheGem Theme Elements for Elementor versions = 5.11.1...

7.5CVSS5.9AI score0.00496EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.4 views

DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization

A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and...

6.1CVSS7.4AI score0.00263EPSS
Exploits1References7
CVE
CVE
added 2026/06/30 6:0 a.m.21 views

CVE-2026-11590

The WP Support Plus Responsive Ticket System WordPress plugin (≤ 9.1.2) is vulnerable because it does not sanitize user-supplied array keys before using them in a SQL statement, enabling unauthenticated SQL injection via filter[elements] array keys. Impact is unauthenticated access to manipulate ...

8.6CVSS5.8AI score0.00262EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/29 2:54 a.m.5 views

libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS

A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate,...

5.3CVSS6.7AI score0.0107EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-53182

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: nl80211: reject oversized EMA RNR lists nl80211parsernrelems stores the parsed element count in a u8-backed cfg80211rnrelems::cnt field and uses that coun...

7.8CVSS6.2AI score0.00138EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:30 p.m.6 views

CVE-2026-44696

OpenProject is open-source, web-based project management software. Prior to 17.4.0, OpenProject's rich text markdown rendering pipeline uses Sanitize::Config::RELAXED:css for inline style sanitization. This configuration permits essentially all CSS properties in style attributes on permitted HTML...

5.7CVSS5.8AI score0.00211EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder