Lucene search
K

663 matches found

Nuclei
Nuclei
added yesterday11 views

Schneider Electric U.motion Builder - SQL Injection

The vulnerability exists within processing of trackimportexport.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the objectid input parameter. id: CVE-2018-7765 info: name: Schneider Electric U.motion...

8.8CVSS7.2AI score0.02917EPSS
Exploits3References2
NVD
NVD
added 4 days ago8 views

CVE-2026-11397

The WP Import Export Lite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to and including 3.9.30 via the wpieimportuploadfilefromurl AJAX action. The plugin's URL downloader first calls wpsaferemoteget which correctly blocks private/reserved IP ranges, but wh...

5.5CVSS0.00235EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-11397 WP Import Export Lite <= 3.9.30 - Authenticated (Administrator+) Server-Side Request Forgery via 'file_url' Parameter

The WP Import Export Lite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to and including 3.9.30 via the wpieimportuploadfilefromurl AJAX action. The plugin's URL downloader first calls wpsaferemoteget which correctly blocks private/reserved IP ranges, but wh...

5.5CVSS0.00235EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-41489

The WP Import Export Lite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to and including 3.9.30 via the wpieimportuploadfilefromurl AJAX action. The plugin's URL downloader first calls wpsaferemoteget which correctly blocks private/reserved IP ranges, but wh...

5.5CVSS5.9AI score0.00235EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 4 days ago8 views

CVE-2026-11397

The WP Import Export Lite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to and including 3.9.30 via the wpieimportuploadfilefromurl AJAX action. The plugin's URL downloader first calls wpsaferemoteget which correctly blocks private/reserved IP ranges, but wh...

5.5CVSS5.9AI score0.00235EPSS
Exploits0References7
Patchstack
Patchstack
added 5 days ago3 views

WordPress WP Import Export Lite plugin <= 3.9.30 - Authenticated (Administrator+) Server-Side Request Forgery vulnerability

Authenticated Administrator+ Server-Side Request Forgery vulnerability discovered by 밥김국 - DDADDA in WordPress Plugin WP Import Export Lite versions = 3.9.30...

5.5CVSS5.9AI score0.00235EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.13 views

CVE-2026-7430

The Post Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.0.19. This is due to insufficient output escaping of imported snippet content when rendering JavaScript variables in the post editor. Specifically, the jqueryUiDialog method...

4.4CVSS5.9AI score0.00244EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.11 views

CVE-2026-48971

Missing Authorization vulnerability in WebToffee Product Import Export for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Import Export for WooCommerce: from n/a through 2.5.6...

4.3CVSS5.4AI score0.00231EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 2:27 a.m.13 views

EUVD-2026-33246

The Post Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.0.19. This is due to insufficient output escaping of imported snippet content when rendering JavaScript variables in the post editor. Specifically, the jqueryUiDialog method...

4.4CVSS6.1AI score0.00244EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/27 3:33 p.m.18 views

EUVD-2026-32311

Missing Authorization vulnerability in WebToffee Product Import Export for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Import Export for WooCommerce: from n/a through 2.5.6...

4.3CVSS5.8AI score0.00231EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 2:17 p.m.26 views

CVE-2026-48971

Missing Authorization vulnerability in WebToffee Product Import Export for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Import Export for WooCommerce: from n/a through 2.5.6...

4.3CVSS0.00231EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 11:53 a.m.26 views

CVE-2026-48971

CVE-2026-48971 affects the WordPress plugin WordPress Product Import Export for WooCommerce (WebToffee) up to version 2.5.6. The issue is a Missing Authorization/Broken Access Control vulnerability due to incorrectly configured access control levels, enabling an attacker to exploit over the netwo...

4.3CVSS5.8AI score0.00231EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 11:53 a.m.10 views

CVE-2026-48971 WordPress Product Import Export for WooCommerce plugin <= 2.5.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in WebToffee Product Import Export for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Import Export for WooCommerce: from n/a through 2.5.6...

4.3CVSS5.8AI score0.00231EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 11:53 a.m.8 views

CVE-2026-48971

Missing Authorization vulnerability in WebToffee Product Import Export for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Import Export for WooCommerce: from n/a through 2.5.6...

4.3CVSS5.8AI score0.00231EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/27 11:52 a.m.12 views

WordPress Product Import Export for WooCommerce plugin <= 2.5.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Product Import Export for WooCommerce versions = 2.5.6...

4.3CVSS5.8AI score0.00231EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

WordPress plugin Product Import Export for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

4.3CVSS5.8AI score0.00231EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/05/19 9:31 a.m.5 views

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +174 more potentially affected by CVE-2026-8922 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.6.2)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.11 - com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak =24.3.0.0 -...

5.4CVSS5.4AI score0.00281EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/15 5:2 p.m.44 views

CVE-2026-42458 Magento LTS: Reflected XSS - Import -> Data Flow (profiles)

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, there is a reflected XSS vulnerability under admin panel - System - Import/Export -...

5.3CVSS0.00258EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 5:2 p.m.7 views

CVE-2026-42458

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, there is a reflected XSS vulnerability under admin panel - System - Import/Export -...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/15 5:2 p.m.11 views

CVE-2026-42458 Magento LTS: Reflected XSS - Import -> Data Flow (profiles)

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, there is a reflected XSS vulnerability under admin panel - System - Import/Export -...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References1
Rows per page
Query Builder