Lucene search
K

271 matches found

NVD
NVD
added 6 hours ago6 views

CVE-2026-14029

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter in all versions up to, and including, 4.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS
Exploits0References10
Nvidia
Nvidia
added 2 days ago5 views

Security Bulletin: NVIDIA AIStore Framework - June 2026

NVIDIA has released a software update for NVIDIA® AIStore™ framework. To protect your system, download and install the latest version of the NVIDIA AIStore framework. Go to NVIDIA Product Security. Details The following table summarizes the potential vulnerabilities that this security update...

9.8CVSS5.8AI score
Exploits0Affected Software1
Cvelist
Cvelist
added 5 days ago38 views

CVE-2026-13331 Groundhogg <= 4.5.5 - Authenticated (Marketer+) SQL Injection via 'search' Parameter

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS0.0028EPSS
Exploits0References7
NVD
NVD
added 6 days ago8 views

CVE-2026-57667

Sales Representative SQL Injection in Groundhogg = 4.5 versions...

8.5CVSS0.00211EPSS
Exploits0References1
NVD
NVD
added 6 days ago6 views

CVE-2026-56055

Subscriber PHP Object Injection in RealHomes = 4.5.3 versions...

8.8CVSS0.00391EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago37 views

CVE-2026-57667 WordPress Groundhogg plugin <= 4.5 - SQL Injection vulnerability

Sales Representative SQL Injection in Groundhogg = 4.5 versions...

8.5CVSS0.00211EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-39671

Sales Representative SQL Injection in Groundhogg = 4.5 versions...

8.5CVSS5.8AI score0.00211EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-39710

Subscriber PHP Object Injection in RealHomes = 4.5.3 versions...

8.8CVSS5.8AI score0.00391EPSS
Exploits0References1
Patchstack
Patchstack
added 6 days ago7 views

WordPress Groundhogg plugin <= 4.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Baikuya in WordPress Plugin Groundhogg versions = 4.5...

8.5CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
EUVD
EUVD
added 6 days ago10 views

EUVD-2026-39615

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter in all versions up to, and including, 4.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS6AI score0.00281EPSS
Exploits0References8
CVE
CVE
added last week26 views

CVE-2026-46607

CVE-2026-46607 describes an insecure deserialization vulnerability in Glances, where a version-check cache file (~/.cache/glances/glances-version.db) is loaded with pickle without validation. An attacker with write access to the cache path can introduce a malicious pickle and achieve arbitrary co...

7.8CVSS6.5AI score0.00303EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 5:33 a.m.14 views

CVE-2026-9643

WP Meta SEO for WordPress insert(). This allows injection of arbitrary scripts that execute when an administrator visits the 404 & Redirects admin page (/wp-admin/admin.php?page=metaseo_broken_link). Exploitation details are not provided beyond the generic flow; no fixes, mitigations, or exploita...

7.2CVSS6AI score0.00241EPSS
Exploits0References6
NVD
NVD
added 2026/06/15 9:17 p.m.7 views

CVE-2026-48872

Unauthenticated Sensitive Data Exposure in EmbedPress = 4.5.2 versions...

7.5CVSS0.00278EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.10 views

PT-2026-49480

Unauthenticated Sensitive Data Exposure in EmbedPress = 4.5.2 versions...

7.5CVSS5.2AI score0.00278EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.17 views

PT-2026-47171

A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation of the argument dev name results in command injection. It is possible to initiate the attack...

7.5CVSS7.1AI score0.01572EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.7 views

CVE-2026-2712

The WP-Optimize plugin for WordPress is vulnerable to unauthorized access of functionality due to missing capability checks in the receiveheartbeat function in includes/class-wp-optimize-heartbeat.php in all versions up to, and including, 4.5.0. This is due to the Heartbeat handler directly...

5.4CVSS5.4AI score0.00427EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.8 views

Vinades NukeViet 跨站脚本漏洞

Vinades NukeViet is an open-source content management system CMS developed by the Vietnamese company Vinades. Versions of Vinades NukeViet 4.5.07 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from insufficient input cleansing on the server side, which could lead...

8.7CVSS5.7AI score0.00349EPSS
Exploits0References3
NVD
NVD
added 2026/05/21 8:16 a.m.18 views

CVE-2026-44065

An off-by-two error in lpwrite in papd in Netatalk 2.0.0 through 4.4.2 allows an adjacent network attacker to modify limited data or cause a minor service disruption via crafted print data...

4.2CVSS0.0013EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/21 7:35 a.m.8 views

EUVD-2026-31216

Netatalk 2.2.1 through 4.4.2 calls system after a failed chdir without properly handling the error condition, which allows a local privileged user to execute unintended commands or cause a minor service disruption under specific conditions...

3CVSS5.9AI score0.00091EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/21 7:34 a.m.12 views

EUVD-2026-31213

An off-by-two error in lpwrite in papd in Netatalk 2.0.0 through 4.4.2 allows an adjacent network attacker to modify limited data or cause a minor service disruption via crafted print data...

4.2CVSS5.8AI score0.0013EPSS
Exploits0References1
Rows per page
Query Builder