Lucene search
+L

21263 matches found

euvd
euvd
added 1 hour ago3 views

EUVD-2026-45012

An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. LISTRIGHTS os not limited to users with admin access. An authenticated user could call IMAP LISTRIGHTS against any mailbox they could name and learn what principals had what access to it. This action should have been restricted ...

4.3CVSS6.1AI score
Exploits0References3
attackerkb
attackerkb
added 7 hours ago3 views

CVE-2026-55548

Yamcs is a mission control framework. Prior to 5.12.8 and 5.13.2, the PacketsApi.exportPackets endpoint in yamcs-core/src/main/java/org/yamcs/http/api/PacketsApi.java failed to enforce object-level ReadPacket privileges when a request omitted specific packet names: with an empty name list the...

4.3CVSS6.1AI score
Exploits0References6Affected Software1
nuclei
nuclei
added 13 hours ago43 views

Simple File List < 4.4.12 - Cross Site Scripting

The plugin does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting id: CVE-2022-3062 info: name: Simple File List 4.4.12 - Cross Site Scripting author: r3Y3r53 severity: medium description: | The plugin does not escape parameters before...

6.1CVSS6.8AI score0.44095EPSS
Exploits2References4
nuclei
nuclei
added 13 hours ago9 views

WhatsUp Gold GetStatisticalMonitorList SQL Injection - Authentication Bypass

In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. id: CVE-2024-6671 info: name: WhatsUp Gold GetStatisticalMonitorList SQL Injectio...

9.8CVSS7.2AI score0.14886EPSS
Exploits0References3
nuclei
nuclei
added 13 hours ago75 views

WordPress Mapping Multiple URLs Redirect Same Page <=5.8 - Cross-Site Scripting

WordPress Mapping Multiple URLs Redirect Same Page plugin 5.8 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the mmurspid parameter before outputting it back in an admin page. id: CVE-2022-0599 info: name: WordPress Mapping Multiple URLs Redirec...

6.1CVSS6.4AI score0.01713EPSS
Exploits2References5
nuclei
nuclei
added 13 hours ago37 views

WordPress Simple File List - Path Traversal

Simple File List plugin allows path traversal via file upload, enabling files to be written outside the upload directory. id: CVE-2020-12832 info: name: WordPress Simple File List - Path Traversal author: riteshs4hu severity: critical description: | Simple File List plugin allows path traversal v...

9.8CVSS7AI score0.07131EPSS
Exploits0References2
nuclei
nuclei
added 13 hours ago46 views

JoomSport <= 5.7.7 - SQL Injection

The JoomSport WordPress plugin through 5.7.7 is vulnerable to unauthenticated time-based blind SQL injection via the 'sortf' GET parameter in the player list view. The parameter value is backtick-wrapped and directly concatenated into an ORDER BY clause. id: CVE-2026-42647 info: name: JoomSport =...

9.3CVSS6.1AI score0.01323EPSS
Exploits1References4
nuclei
nuclei
added 13 hours ago58 views

WordPress JS Archive List <= 6.1.5 - SQL Injection

Miguel Useche JS Archive List contains an sql injection caused by improper neutralization of special elements in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires crafted input. id: CVE-2025-54726 info: name: WordPress JS Archive List = 6.1.5 - SQL Injection author:...

9.3CVSS6.3AI score0.01425EPSS
Exploits2References3
nuclei
nuclei
added 13 hours ago16 views

Simple File List < 6.1.13 - Reflected Cross-Site Scripting

Simple File List WordPress plugin \u003C 6.1.13 contains a reflected cross-site scripting caused by unsanitized URL output in an attribute, letting attackers execute malicious scripts in admin browsers, exploit requires victim to be an admin. id: CVE-2024-10146 info: name: Simple File List 6.1.13...

5.4CVSS6.1AI score0.0057EPSS
Exploits1References2
nuclei
nuclei
added 13 hours ago51 views

Infographic Maker iList < 4.3.8 - SQL Injection

The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the postid parameter before using it in a SQL statement via the qcldupvoteaction AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL Injection. id: CVE-2022-0747 info:...

9.8CVSS7.1AI score0.15254EPSS
Exploits2References5
nuclei
nuclei
added 13 hours ago13 views

WordPress 12 Step Meeting List Plugin <= 3.14.33 - Cross-Site Scripting

Code for Recovery 12 Step Meeting List versions up to 3.14.33 contain a reflected cross-site scripting caused by improper input neutralization during web page generation, letting attackers execute malicious scripts in users' browsers, exploit requires attacker to craft a malicious URL. id:...

7.1CVSS6.1AI score0.0059EPSS
Exploits0References4
nvd
nvd
added 18 hours ago8 views

CVE-2026-12434

The List category posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.95.0 via the sanitizestatus. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles, full content, excerpts,...

4.3CVSS
Exploits0References6
attackerkb
attackerkb
added 20 hours ago4 views

CVE-2026-12434

The List category posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.95.0 via the sanitizestatus. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles, full content, excerpts,...

4.3CVSS6.1AI score
Exploits0References7
cve
cve
added 20 hours ago8 views

CVE-2026-12434

The List category posts plugin for WordPress is vulnerable to Sensitive Information Exposure up to version 0.95.0 via sanitize_status. An authenticated attacker with contributor-level access or higher can extract titles, full content, excerpts, dates, authors, and custom-field metadata of other u...

4.3CVSS6.1AI score
Exploits0References6
cvelist
cvelist
added 20 hours ago11 views

CVE-2026-12434 List category posts <= 0.95.0 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via 'post_status' Shortcode Attribute

The List category posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.95.0 via the sanitizestatus. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles, full content, excerpts,...

4.3CVSS
Exploits0References6
euvd
euvd
added 20 hours ago4 views

EUVD-2026-44856

The List category posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.95.0 via the sanitizestatus. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles, full content, excerpts,...

4.3CVSS6.1AI score
Exploits0References6
cvelist
cvelist
added yesterday33 views

CVE-2026-52870 MCP Python SDK: Experimental task handlers allow any client to access and cancel other clients' tasks

The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol MCP. From 1.23.0 until 1.27.2, default handlers installed by server.experimental.enabletasks for tasks/list, tasks/get, tasks/result, and tasks/cancel operate only on task identifiers without recordin...

7.6CVSS0.00043EPSS
Exploits0References4
packetstorm
packetstorm
added yesterday16 views

📄 xxl-job Cross Site Scripting

A persistent cross site scripting vulnerability exists in xxl-job-admin JobInfoController.java where the addressList parameter accepts unsanitized URL‑encoded JavaScript. xxl-job versions prior to 3.4.0 are affected. Description Summary A stored Cross‑Site Scripting vulnerability exists in...

6.1CVSS5.7AI score
Exploits1
nvd
nvd
added 2 days ago7 views

CVE-2026-49981

Twig is a template language for PHP. Prior to 3.27.0, the per-template filter, tag, and function allow-list verdict is computed when a Template instance is constructed and can remain cached after sandbox state changes between renders, allowing a later sandboxed render to reuse a template that was...

6CVSS0.00414EPSS
Exploits0References3
osv
osv
added 2 days ago4 views

DEBIAN-CVE-2026-49981

Twig is a template language for PHP. Prior to 3.27.0, the per-template filter, tag, and function allow-list verdict is computed when a Template instance is constructed and can remain cached after sandbox state changes between renders, allowing a later sandboxed render to reuse a template that was...

6CVSS6.1AI score0.00414EPSS
Exploits0References1
Rows per page
Query Builder