Lucene search
K

3674 matches found

CVE
CVE
added 5 days ago11 views

CVE-2026-4298

The CVE-2026-4298 entry concerns the WordPress plugin DSGVO All in one for WP up to version 4.9. The underlying root cause is Missing Authorization due to the function dsgvo_reset_policy_service_func() lacking capability checks and nonce verification when processing user-supplied parameters to re...

4.3CVSS5.9AI score0.00204EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-4298 DSGVO All in one for WP <= 4.9 - Missing Authorization to Authenticated (Subscriber+) Settings Reset

The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is due to the dsgvoresetpolicyservicefunc function lacking both capability checks and nonce verification while processing user-supplied parameters to reset plugin...

4.3CVSS0.00204EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-4298

The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is due to the dsgvoresetpolicyservicefunc function lacking both capability checks and nonce verification while processing user-supplied parameters to reset plugin...

4.3CVSS5.9AI score0.00204EPSS
Exploits0References7
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42230

The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.11.1. This is due to missing or incorrect nonce validation on the maybeconnectiondata function. This makes it possible for...

4.7CVSS5.8AI score0.00102EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 3:32 p.m.53 views

CVE-2026-54303 n8n: Reflected XSS via Facebook, WhatsApp, and Microsoft Teams Trigger Webhook Verification Endpoints

n8n is an open source workflow automation platform. Prior to 2.24.0, an endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or Content-Security-Policy headers, enabling reflected XSS in the n8n origin when a logged-in user...

6.8CVSS0.00177EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/16 10:39 p.m.5 views

NPM: n8n: Reflected XSS via Facebook, WhatsApp, and Microsoft Teams Trigger Webhook Verification Endpoints

NPM: n8n: Reflected XSS via Facebook, WhatsApp, and Microsoft Teams Trigger Webhook Verification Endpoints vulnerability discovered by ? in WordPress Npm n8n versions 2.24.0...

6.8CVSS5.8AI score0.00177EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 10:39 p.m.18 views

n8n: Reflected XSS via Facebook, WhatsApp, and Microsoft Teams Trigger Webhook Verification Endpoints

Impact An endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or Content-Security-Policy headers, enabling reflected XSS in the n8n origin when a logged-in user visits a crafted URL. Patches The issue has been fixed in n8n...

6.8CVSS5.2AI score0.00177EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2026/06/15 6:30 a.m.13 views

Sniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser Alerts

Cybersecurity researchers have disclosed details of fraudulent activity targeting users across the Middle East and North Africa by employing various fraudulent Facebook accounts impersonating politicians, public figures, and trusted organizations. "These accounts promoted fake offers, including...

5.6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/12 8:52 a.m.22 views

INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator

An INTERPOL-led operation last month resulted in the disruption of Sniper Dz , a decade-long phishing-as-a-service PhaaS platform, Group-IB said Thursday. The effort, codenamed Operation Ramz, took place between October 2025 and February 2026, and saw authorities from 13 countries in the Middle...

5.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/06/09 1:2 p.m.24 views

Scammers love Meta, according to Lloyds Bank

Scammers go phishing wherever the victims are. In the UK, that means Facebook, Instagram, and WhatsApp, according to Lloyds Bank. It just revealed that Meta platforms account for over two thirds of fraud reports made by its customers. Writing in The Sunday Times, Lloyds Bank's fraud prevention...

5.5AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/09 12:47 p.m.88 views

Exploit for Deserialization of Untrusted Data in Facebook React

React2ShellExploit CVE-2025-55182 I created simple react2she...

10CVSS7.3AI score0.99562EPSS
Exploits374
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.10 views

CVE-2026-49059

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Facebook Facebook for WooCommerce allows Phishing. This issue affects Facebook for WooCommerce: from n/a through 3.7.0...

4.7CVSS5.4AI score0.00231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.12 views

CVE-2026-9048

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...

4.3CVSS5.5AI score0.00163EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/05 3:11 a.m.83 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2...

10CVSS7.1AI score0.99562EPSS
Exploits374
EUVD
EUVD
added 2026/06/02 12:31 a.m.17 views

EUVD-2026-33851

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...

4.3CVSS5.8AI score0.00163EPSS
Exploits0References3
NVD
NVD
added 2026/06/02 12:16 a.m.21 views

CVE-2026-9048

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...

4.3CVSS0.00163EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/01 11:28 p.m.12 views

CVE-2026-9048 Slider Revolution 7.0.0 - 7.0.14 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...

4.3CVSS5.8AI score0.00163EPSS
Exploits0References2
CVE
CVE
added 2026/06/01 11:28 p.m.34 views

CVE-2026-9048

The Slider Revolution WordPress plugin is affected (versions 7.0.0–7.0.14). The vulnerability arises in the slider.get.full AJAX action, enabling authenticated attackers with Contributor-level access and higher to expose sensitive data stored in slider settings. Exposed data includes raw social m...

4.3CVSS5.8AI score0.00163EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 11:28 p.m.11 views

CVE-2026-9048

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...

4.3CVSS5.8AI score0.00163EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/01 11:28 p.m.39 views

CVE-2026-9048 Slider Revolution 7.0.0 - 7.0.14 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...

4.3CVSS0.00163EPSS
Exploits0References2
Rows per page
Query Builder