Lucene search
K

595 matches found

NVD
NVD
added yesterday4 views

CVE-2026-57734

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Composer td-composer allows Reflected XSS.This issue affects tagDiv Composer: from n/a through = 5.4.3...

7.1CVSS0.00251EPSS
Exploits0References1
CVE
CVE
added yesterday12 views

CVE-2026-57734

The CVE concerns WordPress tagDiv Composer (td-composer). Affected: tagDiv Composer

7.1CVSS6.1AI score0.00251EPSS
Exploits0References1
CVE
CVE
added 4 days ago6 views

CVE-2026-14475

The CVE-2026-14475 entry relates to the WordPress plugin “WPLP Cookie Consent” (GDPR/CCPA banner) with a SQL Injection vulnerability via the scan_id parameter in all versions up to 4.3.6. The root cause is insufficient escaping of the user-supplied parameter and inadequate preparation of the exis...

4.9CVSS6.1AI score0.00294EPSS
Exploits0References7
NVD
NVD
added 2026/06/30 4:16 p.m.8 views

CVE-2026-48286

Adobe Campaign Classic ACC versions 7.4.3 build 9396 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.00712EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 3:8 p.m.35 views

CVE-2026-48286

Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are affected by an Incorrect Authorization vulnerability (CWE-863) that could permit arbitrary code execution in the context of the current user. Exploitation does not require user interaction, and the impact is limited to the use...

10CVSS6.4AI score0.00712EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/29 1:36 p.m.25 views

CVE-2026-57336

CVE-2026-57336 affects the WordPress Jobify theme up to version 4.3.2 and is an unauthenticated Cross-Site Scripting (XSS) vulnerability. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L) indicates network access with low attack complexity, no privileges required, user interaction needed,...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/29 1:36 p.m.34 views

CVE-2026-57336 WordPress Jobify theme <= 4.3.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Jobify = 4.3.2 versions...

7.1CVSS0.00146EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 1:36 p.m.6 views

CVE-2026-57336

Unauthenticated Cross Site Scripting XSS in Jobify = 4.3.2 versions...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 3:32 p.m.5 views

EUVD-2025-210358

Contributor Local File Inclusion in Splash - Sport Club WordPress Theme for Basketball, Football, Hockey = 4.4.3 versions...

7.5CVSS5.8AI score0.0032EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 7:50 p.m.5 views

CVE-2026-50129

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.11, 4.4.18, and 4.3.24, a DoS can be triggered by Uncaught Exception vulerability, due to missing exception handling in the math sanitizer. Malformed nodes can result in a DoS of a whole server or targeted...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/23 10:7 p.m.30 views

CVE-2026-47693 Poweradmin: CSV Injection in log export endpoints allows formula execution in spreadsheet applications

Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 are vulnerable to CSV Injection Formula Injection in its log export functionality. User-controlled data — specifically the username field — is written to exported CSV files without sanitizing...

6.9CVSS0.00229EPSS
Exploits0References3
OSV
OSV
added 2026/06/23 1:27 p.m.3 views

SUSE-SU-2026:2584-1 Security update for exiv2

This update for exiv2 fixes the following issues - CVE-2021-34334: DoS due to integer overflow in loop counter bsc1189338. - CVE-2026-25884: out-of-bounds read in CrwMap: decode0x0805 bsc1259083. - CVE-2026-27596: integer overflow in LoaderNative: getData leads to out-of-bounds read bsc1259084. -...

8.1CVSS6.6AI score0.01104EPSS
Exploits1References9
EUVD
EUVD
added 2026/06/15 9:30 p.m.9 views

EUVD-2026-36935

Author PHP Object Injection in ShortPixel Image Optimizer = 6.4.3 versions...

7.2CVSS5.3AI score0.00446EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.8 views

CVE-2026-39471

Author PHP Object Injection in ShortPixel Image Optimizer = 6.4.3 versions...

7.2CVSS0.00446EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49377

Name of the Vulnerable Software and Affected Versions ShortPixel Image Optimizer versions prior to 6.4.4 Description PHP Object Injection occurs in the software. This issue allows an attacker to inject malicious objects into the application, which can lead to unauthorized code execution or other...

7.2CVSS5.8AI score0.00446EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 8:59 p.m.28 views

CVE-2026-47938

Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability (CVE-2026-47938) that could lead to arbitrary code execution in the context of the current user without user interaction. CVSSv3.1 base score 10.0 (CRITICAL), vect...

10CVSS5.5AI score0.00449EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 8:59 p.m.9 views

CVE-2026-48303 Adobe Campaign Classic (ACC) | Incorrect Authorization (CWE-863)

Adobe Campaign Classic ACC versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS6.2AI score0.00553EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 8:59 p.m.40 views

CVE-2026-48303 Adobe Campaign Classic (ACC) | Incorrect Authorization (CWE-863)

Adobe Campaign Classic ACC versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.00553EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 8:59 p.m.35 views

CVE-2026-48303

Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability (CWE-863) that could allow arbitrary code execution in the context of the current user. Exploitation does not require user interaction; the CVSS 3.1 vector is AV:N/AC:L/PR:N...

10CVSS6.2AI score0.00553EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-48278

Name of the Vulnerable Software and Affected Versions Adobe Campaign Classic ACC versions prior to 7.4.3 build 9395 Description An incorrect authorization issue exists that could allow arbitrary code execution in the context of the current user. This flaw can be exploited without requiring any us...

10CVSS6.2AI score0.00553EPSS
Exploits0References10
Rows per page
Query Builder