Lucene search
+L

4495 matches found

NVD
NVD
added yesterday6 views

CVE-2026-60025

The Joomla extension Events Booking prior version 5.8.0 had an frontend file upload endpoint that lacked CSRF protection...

Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-60025

CVE-2026-60025 affects the Joomla extension Events Booking prior to version 5.8.0. The frontend file upload endpoint is reported to lack CSRF protection, which in the accompanying CVE listing is described as enabling user enumeration in Events Booking

5.3AI score
Exploits0References1
Cvelist
Cvelist
added yesterday8 views

CVE-2026-60025 Joomla Extension - joomdonation.com - User enumeration in Events Booking < 5.8.0

The Joomla extension Events Booking prior version 5.8.0 had an frontend file upload endpoint that lacked CSRF protection...

Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-45198

The Joomla extension Events Booking prior version 5.8.0 had an frontend file upload endpoint that lacked CSRF protection...

5.3AI score
Exploits0References1
Nuclei
Nuclei
added yesterday20 views

WordPress Frontend File Manager < 4.0 & N-Media Post Frontend < 1.1 - Arbitrary File Upload

The Frontend File Manager plugin 4.0 and N-Media Post Front-end Form plugin 1.1 for WordPress were vulnerable to arbitrary file uploads due to missing file type validation. This allowed unauthenticated attackers to upload arbitrary files and potentially achieve remote code execution. id:...

9.8CVSS5.9AI score0.05515EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday19 views

WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation

Privilege escalation vulnerability exists in the Frontend Login and Registration Blocks plugin for WordPress versions = 1.0.7. An unauthenticated attacker can exploit the AJAX endpoint flrblocksusersettingshandleajaxcallback to change the administrator's email address. Subsequently, the attacker...

9.8CVSS8.3AI score0.06441EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday29 views

Frontend File Manager Plugin <= 23.5 - Unauthenticated Arbitrary Email Sending

Frontend File Manager Plugin WordPress plugin through 23.5 contains an open relay and unauthorized file access vulnerability caused by lack of authentication and security checks, letting unauthenticated attackers send emails and access files, exploit requires no authentication. id: CVE-2026-0829...

5.8CVSS5.2AI score0.00682EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday9 views

Frontend Post Submission Manager Lite <= 1.2.7 - Open Redirect

The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Open Redirection in all versions up to, and including, 1.2.7 due to insufficient validation on the 'requestedpage' POST parameter in the verifyusernamepassword function. This makes it possible for unauthenticated...

6.1CVSS5.3AI score0.0046EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday19 views

Frontend File Manager < 21.3 - Unauthenticated File Renaming

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server id:...

5.3CVSS5.8AI score0.06263EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-60787

The Joomla extension Events Booking prior version 5.8.0 had an frontend file upload endpoint that lacked CSRF protection...

5.2AI score
Exploits0References2
Nuclei
Nuclei
added 2 days ago263 views

Vite - Arbitrary File Read

Vite, a provider of frontend development tooling, has a vulnerability in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. @fs denies access to files outside of Vite serving allow list. Adding ?raw?? or ?import&raw?? to the URL bypasses this limitation and returns the file content if it...

7.5CVSS6.7AI score0.74998EPSS
Exploits28References2
CVE
CVE
added 2 days ago9 views

CVE-2026-15350

CVE-2026-15350 affects the WordPress plugin The Cache Purger (up to version 2.3.20). The vulnerability is an authorization bypass that allows authenticated users with subscriber-level access or higher to permanently truncate the plugin’s cache-purge audit log (wp-content/purge.log), destroying th...

4.3CVSS6.1AI score0.00222EPSS
Exploits0References6
Oracle linux
Oracle linux
added 2 days ago4 views

cockpit-image-builder security update

94.3-1.0.1 - Switch to old frotend Orabug: 38011073 Orabug: 37856296 Orabug: 37856375 - Replaced additional upstream url Orabug: 37856187 - Replaced upstream urls in documentation with oracle links Orabug: 37856187 94.3-1 - New upstream release 94.2-1 - New upstream release 94.1-1 - Resolve...

9.8CVSS5.3AI score0.02474EPSS
Exploits0
NVD
NVD
added 4 days ago6 views

CVE-2026-58319

Certain Apache Doris FE HTTP REST administrative APIs were accessible without proper authentication. An unauthenticated attacker with network access to the FE HTTP service could perform unauthorized administrative operations, potentially affecting cluster integrity and availability and leading to...

9.1CVSS0.00614EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-57975

Name of the Vulnerable Software and Affected Versions Apache Doris versions prior to 3.1.0 Description Certain HTTP REST administrative APIs in the Frontend FE were accessible without proper authentication. An unauthenticated attacker with network access to the FE HTTP service could perform...

9.1CVSS6.1AI score0.00614EPSS
Exploits0References5
Cvelist
Cvelist
added last week37 views

CVE-2026-10041 WCFM – Frontend Manager for WooCommerce <= 6.7.27 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Vendor Data Manipulation via Multiple AJAX Handlers

The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.27 via the wcfmproductarchive due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS0.0025EPSS
Exploits0References12
EUVD
EUVD
added last week7 views

EUVD-2026-43156

The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.7.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attacker...

5.3CVSS6.2AI score0.00361EPSS
Exploits0References12
CVE
CVE
added last week18 views

CVE-2026-12994

Technical details are not publicly available in the provided documents. The description summarizes the vulnerability but lacks concrete affected versions, components, and remediation specifics beyond general impact. Monitor for updates.

5.3CVSS6.2AI score0.00361EPSS
Exploits0References12
EUVD
EUVD
added 2026/07/10 3:31 a.m.6 views

EUVD-2026-42787

The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possibl...

5.4CVSS5.9AI score0.00251EPSS
Exploits0References10
NVD
NVD
added 2026/07/09 11:16 a.m.8 views

CVE-2026-13441

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'neweventtypebackgroundcolor' parameter in all versions up to, and including, 4.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible...

7.2CVSS0.00247EPSS
Exploits0References8
Rows per page
Query Builder