Lucene search
K

1005 matches found

Nuclei
Nuclei
added 15 hours ago98 views

Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File

The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible printphpinformation.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PH...

5.3CVSS7AI score0.00879EPSS
Exploits0References2
NVD
NVD
added 6 days ago7 views

CVE-2026-59206

n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated user with the default workflow:create permission could pollute Object.prototype through a crafted workflow saved, updated, or imported via the workflow API, allowing unauthenticated reques...

7.1CVSS0.00297EPSS
Exploits0References3
NVD
NVD
added 6 days ago8 views

CVE-2026-9237

The Employee, Leave and Recruitment Management System – Crew HRM plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00227EPSS
Exploits0References7
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42566

The Employee, Leave and Recruitment Management System – Crew HRM plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS6AI score0.00227EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-9237

The Employee, Leave and Recruitment Management System – Crew HRM plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS6AI score0.00227EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/02 7:43 p.m.9 views

EUVD-2026-41431

LobeChat through 2.2.9 contains a broken object level authorization vulnerability that allows authenticated attackers to access and modify other users' chat-group agent data by supplying arbitrary group identifiers. Attackers can invoke the getGroupAgents, updateAgentInGroup, and...

5CVSS5.9AI score0.0018EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/02 7:43 p.m.7 views

CVE-2026-59100

LobeChat through 2.2.9 contains a broken object level authorization vulnerability that allows authenticated attackers to access and modify other users' chat-group agent data by supplying arbitrary group identifiers. Attackers can invoke the getGroupAgents, updateAgentInGroup, and...

5CVSS5.9AI score0.0018EPSS
Exploits0References5
NVD
NVD
added 2026/07/02 12:17 p.m.5 views

CVE-2026-57355

Subscriber Broken Access Control in Classified Listing = 5.4.2 versions...

6.5CVSS0.00299EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 12:17 p.m.5 views

CVE-2026-27425

Unauthenticated Cross Site Scripting XSS in Automotive Listings = 18.6 versions...

7.1CVSS0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:14 a.m.32 views

CVE-2026-27425 WordPress Automotive Listings plugin <= 18.6 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Automotive Listings = 18.6 versions...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:14 a.m.12 views

CVE-2026-27425

CVE-2026-27425 details (normal mode): Unauthenticated, reflected Cross-Site Scripting (XSS) vulnerability affecting WordPress Automotive Listings plugin, versions up to and including 18.6. The issue is due to a reflected XSS flaw in the plugin’s input handling, allowing an attacker to craft a mal...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.12 views

PT-2026-54978

Unauthenticated Cross Site Scripting XSS in Automotive Listings = 18.6 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References3
NVD
NVD
added 2026/07/01 8:16 a.m.9 views

CVE-2026-12435

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.111. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00232EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/01 7:53 a.m.7 views

EUVD-2026-40935

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.111. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS5.9AI score0.00232EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/01 7:53 a.m.37 views

CVE-2026-12435 Motors <= 1.4.111 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Modification via 'stm_mark_as_sold_car' Parameter

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.111. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00232EPSS
Exploits0References8
NVD
NVD
added 2026/06/30 5:16 p.m.13 views

CVE-2026-58371

SeaweedFS before 4.30 reflects the callback query parameter verbatim into responses served with Content-Type application/javascript in the shared writeJson helper weed/server/common.go, with no callback-name validation, no X-Content-Type-Options: nosniff header, and no CORS allow-list. Every JSON...

3.1CVSS0.0021EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/06/29 2:59 p.m.7 views

WordPress Automotive Listings plugin <= 18.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Automotive Listings versions = 18.6...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/27 6:50 a.m.9 views

EUVD-2026-39948

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.4 via the 'id' parameter due to missing validation on a user controlled key. This...

4.3CVSS5.7AI score0.00271EPSS
Exploits0References14
Fedora
Fedora
added 2026/06/27 12:56 a.m.6 views

[SECURITY] Fedora 43 Update: nginx-mod-fancyindex-0.6.0-6.fc43

The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...

9.2CVSS6.9AI score0.03552EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.19 views

PT-2026-53052

Name of the Vulnerable Software and Affected Versions Dokan: AI Powered WooCommerce Multivendor Marketplace Solution versions prior to 5.0.5 Description An Insecure Direct Object Reference exists due to missing validation on a user-controlled key. Authenticated attackers with subscriber-level...

4.3CVSS5.8AI score0.00271EPSS
Exploits0References20
Rows per page
Query Builder