Lucene search
K

258 matches found

NVD
NVD
added 3 days ago3 views

CVE-2026-57380

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects Extensions for Leaflet Map: from n/a through = 5.1...

7.1CVSS0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago27 views

CVE-2026-57695 WordPress Document Gallery plugin <= 5.1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dan Rossiter Document Gallery document-gallery allows Reflected XSS.This issue affects Document Gallery: from n/a through = 5.1.0...

7.1CVSS0.00184EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 3:0 a.m.3 views

CVE-2026-14792 Formbricks Survey actions.ts access control

A security vulnerability has been detected in Formbricks 5.0.0. This impacts an unknown function of the file apps/web/modules/survey/link/actions.ts of the component Survey Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. Upgrading to...

6.9CVSS6.1AI score0.00366EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/07/02 8:33 a.m.37 views

CVE-2026-10104 Product Video Gallery for Woocommerce <= 1.5.1.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via custom_thumbnail Parameter

The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via customthumbnail Parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS0.00263EPSS
Exploits1References8
EUVD
EUVD
added 2026/06/15 9:30 p.m.11 views

EUVD-2026-36941

Author Arbitrary File Download in Download Monitor = 5.1.9 versions...

4.4CVSS5.2AI score0.00337EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.12 views

EUVD-2026-36911

Unauthenticated Broken Access Control in User Registration = 5.1.2 versions...

7.5CVSS5.2AI score0.00372EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.19 views

PT-2026-49347

Custom role Insecure Direct Object References IDOR in Projectopia = 5.1.25.2 versions...

7.5CVSS5.2AI score0.00287EPSS
Exploits0References2
NVD
NVD
added 2026/06/14 8:16 a.m.17 views

CVE-2025-15546

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...

5.4CVSS0.00159EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.8 views

CVE-2026-7784

A vulnerability has been found in RTGS2017 NagaAgent up to 5.1.0. This issue affects some unknown processing of the file apiserver/routes/extensions.py of the component Skills Endpoint. Such manipulation of the argument Name leads to path traversal. It is possible to launch the attack remotely. T...

7.5CVSS6.7AI score0.00501EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/26 6:54 a.m.11 views

WordPress Realtyna Organic IDX plugin plugin <= 5.1.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by ParkHyunWoo in WordPress Plugin Realtyna Organic IDX plugin versions = 5.1.0...

5.9AI score0.00291EPSS
Exploits0Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: s390: Avoid using a global register for the currentstackpointer. The commit 30de14b1884b “s390: The currentstackpointer should not be a function” changed the currentstackpointer to a global register variable, as is common on many...

7.8CVSS5.8AI score0.0016EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/14 10:46 a.m.13 views

WordPress InfusedWoo Pro plugin <= 5.1.2 - Unauthenticated Missing Authorization to Arbitrary Post Deletion vulnerability

Unauthenticated Missing Authorization to Arbitrary Post Deletion vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin InfusedWoo Pro versions = 5.1.2...

9.1CVSS5.8AI score0.00264EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/11 5:42 p.m.15 views

CVE-2026-42856 Network-AI: Missing authentication on MCP HTTP endpoint allows unauthenticated privileged tool calls

Network-AI is a TypeScript/Node.js multi-agent orchestrator. Prior to 5.1.3, the MCP HTTP transport accepts JSON-RPC tools/call requests with no authentication, session, origin, or token check, and dispatches them directly to the orchestrator's tool registry. The default bind address is 0.0.0.0. ...

8.7CVSS5.8AI score0.00471EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/08 8:21 p.m.11 views

CVE-2026-41654

Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission default on hosted Weblate SaaS and for any user holding an active billing/trial plan can import a crafted project backup ZIP whose components/.json contains an attacker-chosen repo...

8.1CVSS5.7AI score0.00371EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/05 8:27 a.m.65 views

CVE-2026-3601 User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Limited Page Content Modification

The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the embedformaction function in all versions up to, and including, 5.1.4. This makes it possible for authenticated attackers, with Contributor-level acce...

4.3CVSS0.003EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/05/04 7:57 p.m.15 views

WordPress User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Limited Page Content Modification vulnerability

Missing Authorization to Authenticated Contributor+ Limited Page Content Modification vulnerability discovered by Hunter Jensen skid in WordPress Plugin User Registration versions = 5.1.4...

4.3CVSS5.8AI score0.003EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/03 10:0 p.m.8 views

CVE-2026-7705

A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function setiptvinfo of the file /jdcap of the component Service Interface. Executing a manipulation of the argument vid can lead to command injection. It is possible to launch the attack remotely. The exploit has...

6.5CVSS6.3AI score0.01158EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/29 10:40 a.m.3 views

CVE-2026-42652 WordPress User Registration plugin <= 5.1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpeverest User Registration user-registration allows Reflected XSS.This issue affects User Registration: from n/a through = 5.1.5...

7.1CVSS5.2AI score0.00149EPSS
Exploits0References1
NVD
NVD
added 2026/04/23 12:16 a.m.22 views

CVE-2026-1726

IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify system configurations, or change permissions for other users. T...

4.8CVSS0.00194EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/22 11:42 p.m.5 views

CVE-2026-1726

IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1...

5.7AI score0.00194EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder