Lucene search
K

15 matches found

Cvelist
Cvelist
added 2026/06/30 9:31 a.m.36 views

CVE-2026-9711 EventON - WordPress Virtual Event Calendar Plugin <= 5.0.11 - Unauthenticated Blind SQL Injection via Search Parameter

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress full is vulnerable to SQL Injection via the WordPress 'search' parameter in versions up to, and including, 5.0.11 due to insufficient escaping on the user supplied parameter and lack of preparation on the existing SQL quer...

9.8CVSS0.00438EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 5:33 a.m.11 views

CVE-2026-9620

CVE-2026-9620 concerns the WordPress plugin WP Latest Posts (≤ 5.0.11). It enables a Stored Cross-Site Scripting (XSS) via crafted image src attributes in post content. The root cause is insufficient output escaping in the plugin’s field() and loop() functions, which extract the raw src from img ...

6.4CVSS6AI score0.00207EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/06/23 4:46 p.m.5 views

WordPress WP Latest Posts plugin <= 5.0.11 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Latest Posts versions = 5.0.11...

6.4CVSS5.8AI score0.00207EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/15 3:43 p.m.4 views

CVE-2025-53444

Cross-Site Request Forgery CSRF vulnerability in DeluxeThemes Userpro userpro allows Cross Site Request Forgery.This issue affects Userpro: from n/a through 5.1.11...

4.3CVSS5.8AI score0.00098EPSS
Exploits0References3
CVE
CVE
added 2026/04/15 3:43 p.m.8 views

CVE-2025-53444

The CVE describes a Cross‑Site Request Forgery (CSRF) vulnerability in the DeluxeThemes WordPress Userpro plugin prior to version 5.1.11, allowing CSRF exploitation. Affected software: WordPress Userpro plugin (pre-5.1.11). Root cause details are not expanded in the provided documents beyond the ...

4.3CVSS5.8AI score0.00098EPSS
Exploits0References1
NVD
NVD
added 2026/04/08 9:16 a.m.6 views

CVE-2026-39647

Server-Side Request Forgery SSRF vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through = 5.11...

5.4CVSS0.00168EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/09 7:34 a.m.7 views

WordPress RSS Aggregator - RSS Import, News Feeds, Feed to Post, and Autoblogging plugin <= 5.0.11 - Unauthenticated DOM-Based Reflected Cross-Site Scripting via postMessage vulnerability

WordPress RSS Aggregator - RSS Import, News Feeds, Feed to Post, and Autoblogging plugin = 5.0.11 - Unauthenticated DOM-Based Reflected Cross-Site Scripting via postMessage vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - cyberdogzmarketing.com | krei.dev | ogbuilders.io in WordPress...

6.1CVSS5.8AI score0.00209EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/07 9:30 a.m.7 views

EUVD-2026-10137

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via postMessage in all versions up to, and including, 5.0.11. This is due to the plugin's admin-shell.js registering a global message event listener...

6.1CVSS6AI score0.00209EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/01/10 4:50 p.m.10 views

WordPress TheGem Theme Elements (for WPBakery) plugin <= 5.11.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin TheGem Theme Elements for WPBakery versions = 5.11.0...

6.5CVSS5.9AI score0.00133EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.3 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414665)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414665 advisory. A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if scosockgetsockopt function in net/bluetooth/sco.c do not have a sanity check fo...

7.2CVSS6.6AI score0.00273EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/29 12:0 a.m.3 views

CVE-2024-57412

An issue in SunOS Omnios v5.11 allows attackers to cause a Denial of Service DoS via repeatedly sending crafted TCP packets...

6.5AI score0.00286EPSS
Exploits0References1
OSV
OSV
added 2025/04/15 8:39 p.m.8 views

CVE-2025-32021 Weblate VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext

Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code...

2.2CVSS6.8AI score0.00332EPSS
Exploits1References4
OSV
OSV
added 2024/03/01 3:15 a.m.3 views

CVE-2023-47716

IBM CP4BA - Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5.5.11.0 could allow a user to gain the privileges of another user under unusual circumstances. IBM X-Force ID: 271656...

8.8CVSS5.8AI score0.00401EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/03/10 12:0 a.m.13 views

PT-2021-2432 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.11.6 Description: The issue is related to the rtw wx set scan function in the Linux kernel, which allows writing beyond the end of the -ssid array. This can lead to a buffer overflow in memory. The exploitation...

9.8CVSS7.6AI score0.88106EPSS
Exploits212References1210
CNVD
CNVD
added 2017/09/08 12:0 a.m.6 views

dayrui FineCms 'checktitle' Function Cross-Site Scripting Vulnerability

dayrui FineCms is China Tianrui dayrui program design team released a set of content management system CMS using MVC architecture and PDO database interface development. A cross-site scripting vulnerability exists in the 'checktitle' function in the controllers/member/api.php file in version 5.0....

6.1CVSS6AI score0.00635EPSS
Exploits0References1
Rows per page
Query Builder