Lucene search
K

5359 matches found

euvd
euvd
added 2026/04/13 6:30 a.m.7 views

EUVD-2026-21848

Bluetooth ACPI Drivers provided by Dynabook Inc. contain a stack-based buffer overflow vulnerability. An attacker may execute arbitrary code by modifying certain registry values...

8.4CVSS6.5AI score0.00147EPSS
Exploits0References4
patchstack
patchstack
added 2026/04/09 9:39 p.m.6 views

WordPress BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin <= 1.1.5 - Cross-Site Request Forgery to Taxonomy Term Deletion vulnerability

WordPress BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin = 1.1.5 - Cross-Site Request Forgery to Taxonomy Term Deletion vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin BEAR versions = 1.1.5...

4.3CVSS5.9AI score0.00128EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2026/04/09 9:38 p.m.4 views

WordPress BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin <= 1.1.5 - Cross-Site Request Forgery to Product Data Modification vulnerability

WordPress BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin = 1.1.5 - Cross-Site Request Forgery to Product Data Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin BEAR versions = 1.1.5...

6.5CVSS5.9AI score0.00176EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2026/03/26 5:4 p.m.5 views

CVE-2026-25398

Missing Authorization vulnerability in Webilia Inc. Vertex Addons for Elementor addons-for-elementor-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Vertex Addons for Elementor: from n/a through = 1.6.4...

6.5CVSS5.8AI score0.00293EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/03/25 4:14 p.m.4 views

CVE-2026-25398 WordPress Vertex Addons for Elementor plugin <= 1.6.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Webilia Inc. Vertex Addons for Elementor addons-for-elementor-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Vertex Addons for Elementor: from n/a through = 1.6.4...

6.5CVSS5.8AI score0.00293EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/03/25 12:0 a.m.10 views

PT-2026-27937

Name of the Vulnerable Software and Affected Versions Webilia Inc. Vertex Addons for Elementor versions through 1.6.4 Description An incorrect access control configuration exists in Webilia Inc. Vertex Addons for Elementor. This allows exploitation due to missing authorization checks...

6.5CVSS5.9AI score0.00293EPSS
Exploits0References4
patchstack
patchstack
added 2026/03/22 10:18 p.m.5 views

WordPress WP-Chatbot for Messenger plugin <= 4.9 - Missing Authorization to Unauthenticated Chatbot Configuration Takeover vulnerability

Missing Authorization to Unauthenticated Chatbot Configuration Takeover vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin WP-Chatbot for Messenger versions = 4.9...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2026/03/16 12:0 a.m.7 views

MCP Server to Auto commit changes 命令注入漏洞

MCP Server to Auto commit Changes is an AI tool developed by Hypermodel Inc for automatically generating Git commit messages. Version 1.0.0 of MCP Server to Auto commit Changes contains a command injection vulnerability. This vulnerability stems from incorrect operations on the getGitChanges...

5.3CVSS6.1AI score0.00649EPSS
Exploits0References7
patchstack
patchstack
added 2026/03/10 11:16 p.m.6 views

WordPress Happy Addons for Elementor plugin <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Stored Cross-Site Scripting via Template Conditions vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Stored Cross-Site Scripting via Template Conditions vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Happy Addons for Elementor versions = 3.21.0...

6.4CVSS5.8AI score0.00193EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2026/03/10 11:15 p.m.10 views

WordPress Modular Connector plugin <= 2.5.1 - Cross-Site Request Forgery via postConfirmOauth vulnerability

Cross-Site Request Forgery via postConfirmOauth vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Modular DS versions = 2.5.1...

4.3CVSS5.8AI score0.00104EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2026/03/10 9:38 p.m.5 views

WordPress Booktics plugin <= 1.0.16 - Missing Authorization to Addon Plugin Installation vulnerability

Missing Authorization to Addon Plugin Installation vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Booktics versions = 1.0.16...

5.3CVSS5.8AI score0.00232EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2026/03/06 12:0 a.m.9 views

PT-2026-23679

Net-Billetterie 2.9 contains an SQL injection vulnerability in the login parameter of login.inc.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit malicious SQL code through the login POST parameter to extract database information including usernames,...

8.8CVSS6.1AI score0.00232EPSS
Exploits0References3
cve
cve
added 2026/02/26 5:39 a.m.29 views

CVE-2026-23703

The CVE-2026-23703 entry concerns the FinalCode Client installer from Digital Arts Inc. A flaw in the installer's default permissions allows a non-administrative user to escalate to SYSTEM by exploiting local permission settings (LOCAL, PR:L, UI:N). The issue is confirmed by both the CVE record a...

8.5CVSS5.8AI score0.0012EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/02/26 12:0 a.m.14 views

PT-2026-22122

The installer of FinalCode Client provided by Digital Arts Inc. contains an incorrect default permissions vulnerability. A non-administrative user may execute arbitrary code with SYSTEM privilege...

8.5CVSS8AI score0.0012EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/02/21 1:31 a.m.8 views

CVE-2026-26721

An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to obtain sensitive information via the sid query parameter...

7.1CVSS5.5AI score0.00262EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/02/21 1:31 a.m.8 views

CVE-2026-26724

Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the selectgroup and gn parameters on the /?Function=Groups endpoint...

7.6CVSS6AI score0.00281EPSS
Exploits1References1
nvd
nvd
added 2026/02/20 5:25 p.m.5 views

CVE-2026-26723

Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the function parameter...

8.2CVSS0.00315EPSS
Exploits1References1
osv
osv
added 2026/02/20 5:25 p.m.8 views

CVE-2026-26723

Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the function parameter...

8.2CVSS6.1AI score0.00315EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/02/20 12:0 a.m.3 views

CVE-2026-26724

Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the selectgroup and gn parameters on the /?Function=Groups endpoint...

6AI score0.00281EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2026/02/20 12:0 a.m.3 views

CVE-2026-26724

Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the selectgroup and gn parameters on the /?Function=Groups endpoint...

6AI score0.00281EPSS
Exploits1References1
Rows per page
Query Builder