Lucene search
+L

60143 matches found

CVE
CVE
added 4 hours ago8 views

CVE-2026-9734

The CVE-2026-9734 entry concerns the W3SC Elementor to Zoho CRM plugin for WordPress. A CSRF vulnerability exists in all versions up to 2.2.0 due to missing or incorrect nonce validation in the storeInfo function, enabling unauthenticated attackers to alter Zoho CRM integration settings by forgin...

4.3CVSS5.2AI score
Exploits0References4
Cvelist
Cvelist
added 4 hours ago11 views

CVE-2026-9734 W3SC Elementor to Zoho CRM <= 2.2.0 - Cross-Site Request Forgery to Settings Update

The W3SC Elementor to Zoho CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the storeInfo function. This makes it possible for unauthenticated attackers to modify the plugin's...

4.3CVSS
Exploits0References4
CVE
CVE
added yesterday9 views

CVE-2026-49485

Summary: CVE-2026-49485 affects HAPI FHIR’s FHIRPathEngine (matches(), matchesFull(), replaceMatches()) where user-controlled regex patterns are compiled via Java’s regex engine, enabling ReDoS and CPU exhaustion. The issue exists in implementations prior to version 6.9.9 and 6.9.4.2. An attacker...

7.5CVSS5.5AI score
Exploits0References6
EUVD
EUVD
added yesterday44 views

EUVD-2026-34900

AWS-JDBC Wrapper: Privilege Escalation in Aurora PostgreSQL instance...

8.6CVSS5.2AI score0.00305EPSS
Exploits0References5
CVE
CVE
added yesterday15 views

CVE-2026-52746

CVE-2026-52746 concerns the JSONata language. Affected: jsonata prior to version 2.2.0. Issue: malicious non-matching inputs to the $toMillis function can cause superlinear backtracking in the ISO-8601 validation regex, leading to denial of service in applications evaluating JSONata expressions. ...

7.5CVSS5.3AI score
Exploits0References6
Vulnrichment
Vulnrichment
added yesterday4 views

CVE-2026-52746 JSONata: Malicious inputs to "$toMillis" function can cause resource exhaustion

JSONata is a JSON query and transformation language. Prior to 2.2.0, malicious non-matching inputs to the $toMillis function can cause superlinear backtracking in the ISO-8601 validation regex, leading to denial of service in applications that evaluate user-provided JSONata expressions. This issu...

7.5CVSS5.3AI score
Exploits0References6
Cvelist
Cvelist
added yesterday14 views

CVE-2026-52746 JSONata: Malicious inputs to "$toMillis" function can cause resource exhaustion

JSONata is a JSON query and transformation language. Prior to 2.2.0, malicious non-matching inputs to the $toMillis function can cause superlinear backtracking in the ISO-8601 validation regex, leading to denial of service in applications that evaluate user-provided JSONata expressions. This issu...

7.5CVSS
Exploits0References6
NVD
NVD
added yesterday6 views

CVE-2026-12691

Missing authentication for critical function vulnerability in Vimesoft Inc. Enterprise Video Platform allows Authentication Bypass. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0...

7.5CVSS
Exploits0References1
EUVD
EUVD
added yesterday7 views

EUVD-2026-45219

Missing authentication for critical function vulnerability in Vimesoft Inc. Enterprise Video Platform allows Authentication Bypass. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0...

7.5CVSS5.3AI score
Exploits0References1
CVE
CVE
added yesterday22 views

CVE-2026-15982

The CVE-2026-15982 entry describes a Privilege Escalation flaw in the Aimogen Pro WordPress plugin (&lt;= 2.8.4). The root cause is a missing capability check in the function aiomatic_call_google_ai_function, which allows unauthenticated attackers to use the aimogen_wp_god_mode tool to clear func...

9.8CVSS6.3AI score0.00294EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday19 views

CVE-2026-15982 Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit <= 2.8.4 - Unauthenticated Privilege Escalation via 'aiomatic_call_google_ai_function'

The Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.8.4. This is due to due to a missing capability check on the 'aiomaticcallgoogleaifunction' function. This makes ...

9.8CVSS0.00294EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday15 views

LotusCMS 3.0 - Remote Code Execution

LotusCMS 3.0 is susceptible to remote code execution via the Router function. This is done by embedding PHP code in the 'page' parameter, which will be passed to a eval call and allow remote code execution. id: CVE-2011-0518 info: name: LotusCMS 3.0 - Remote Code Execution author: pikpikcu...

5.1CVSS6.4AI score0.15833EPSS
Exploits3References2
Nuclei
Nuclei
added yesterday39 views

WordPress Epsilon Framework Themes <=2.4.8 - Remote Code Execution

WordPress themes including Shapely = 1.2.7, NewsMag = 2.4.1, Activello = 1.4.0, Illdy = 2.1.4, Allegiant = 1.2.2, Newspaper X = 1.3.1, Pixova Lite = 2.0.5, Brilliance = 1.2.7, MedZone Lite = 1.2.4, Regina Lite = 2.0.4, Transcend = 1.1.8, Affluent = 1.1.0, Bonkers = 1.0.4, Antreas = 1.0.2, Sparkli...

9.8CVSS8.8AI score0.65342EPSS
Exploits1References7
Nuclei
Nuclei
added yesterday66 views

DedeCMS 5.7 SP2 - Cross-Site Scripting

DedeCMS 5.7 SP2 is vulnerable to cross-site scripting via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATHINFO to /member/index.php, /member/pm.php,...

6.1CVSS5.7AI score0.02625EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday206 views

mooSocial 3.1.8 - External Service Interaction

mooSocial 3.1.8 is vulnerable to external service interaction via multiple parameters in the post function. id: CVE-2023-43323 info: name: mooSocial 3.1.8 - External Service Interaction author: ritikchaddha severity: medium description: | mooSocial 3.1.8 is vulnerable to external service...

6.5CVSS6.4AI score0.0186EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday104 views

MooSocial 3.1.8 - Cross-Site Scripting

A reflected cross-site scripting XSS vulnerability exisits in the q parameter on search function of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL. id: CVE-2023-45542 info: name: MooSocial 3.1.8 - Cross-Site Scripting author...

6.1CVSS5.8AI score0.01635EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-60836

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function Star.text to image/NetworkRenderStrategy.render of the file astrbot/core/star/base.py of the component T2I Feature. The manipulation leads to cross site scripting. The attack is...

5.1CVSS3.4AI score
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-60768

A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. Impacted is the function list/remove of the file tools/tool cron.go of the component cron Chat Tool. The manipulation results in missing authorization. The attack may be performed from remote. The exploit has been released to th...

6.5CVSS6AI score
Exploits0References6
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-60744

GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets. The random method creates the challenge text used for the CAPTCHA by sampling characters from an array using Perl's built-in rand function, and generates a by default six-character string. The built-in rand function is...

5.3AI score
Exploits0References3
NVD
NVD
added 2 days ago8 views

CVE-2026-63304

AVideo through 29.0 contains an OS command injection vulnerability in plugin/API/standAlone/functions.php where the listFFmpegProcesses function interpolates unsanitized keyword parameters inside single quotes without escaping. Attackers who can craft a valid encrypted codeToExec payload can brea...

9.2CVSS0.01355EPSS
Exploits0References2
Rows per page
Query Builder