Lucene search
K

7745 matches found

Vulnrichment
Vulnrichment
added 2026/06/09 6:0 a.m.8 views

CVE-2026-4986 WPForms Lite < 1.10.0.5 – Unauthenticated PayPal Webhook Forgery

The WPForms WordPress plugin before 1.10.0.5 does not verify the authenticity of incoming PayPal webhook events before processing them, allowing unauthenticated attackers to forge webhook payloads and manipulate the payment state of arbitrary transactions...

5.6AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 6:0 a.m.36 views

CVE-2026-4986

The CVE-2026-4986 entry concerns the WPForms WordPress plugin (pre-1.10.0.5). The issue is that incoming PayPal webhook events are not validated for authenticity before processing, enabling unauthenticated attackers to forge webhook payloads and manipulate the payment state of arbitrary transacti...

5.3CVSS5.6AI score0.00197EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 4:6 p.m.8 views

USN-8406-1 libnet-cidr-lite-perl vulnerabilities

Dave Rolsky discovered that Net::CIDR::Lite did not properly handle extraneous zero characters at the beginning of an IP address string. A remote attacker could possibly use this issue to bypass access controls that are based on IP addresses. This issue only affected Ubuntu 16.04 LTS and Ubuntu...

7.5CVSS6.6AI score0.00493EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2026/06/08 4:6 p.m.11 views

USN-8406-1: Net::CIDR::Lite vulnerabilities

Dave Rolsky discovered that Net::CIDR::Lite did not properly handle extraneous zero characters at the beginning of an IP address string. A remote attacker could possibly use this issue to bypass access controls that are based on IP addresses. This issue only affected Ubuntu 16.04 LTS and Ubuntu...

7.5CVSS5.6AI score0.00493EPSS
Exploits0
CVE
CVE
added 2026/06/08 11:23 a.m.27 views

CVE-2026-3011

CVE-2026-3011 - Recipe Card Blocks Lite (WordPress) Vulnerability: Stored Cross-Site Scripting in the Recipe Card Blocks Lite plugin for WordPress, affecting all versions up to 3.4.13. Affected component: WPZOOM Recipe Card Blocks Lite plugin for WordPress (block-based recipe card feature). Root ...

6.4CVSS5.7AI score0.00206EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/08 11:23 a.m.12 views

EUVD-2026-35049

The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions up to, and including, 3.4.13. This is due to the 'WPZOOMHelpers::deserializeblockattributes' method converting unicode-encoded...

6.4CVSS5.7AI score0.00206EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/08 11:23 a.m.10 views

CVE-2026-3011 Recipe Card Blocks Lite <= 3.4.13 - Authenticated (Author+) Stored Cross-Site Scripting via 'summary' and 'notes'

The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions up to, and including, 3.4.13. This is due to the 'WPZOOMHelpers::deserializeblockattributes' method converting unicode-encoded...

6.4CVSS5.7AI score0.00206EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.14 views

PT-2026-47275

The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions up to, and including, 3.4.13. This is due to the 'WPZOOM Helpers::deserialize block attributes' method converting unicode-encoded...

6.4CVSS5.7AI score0.00206EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.10 views

WordPress plugin Recipe Card Blocks Lite 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.3AI score0.00206EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.11 views

SUSE SLED15 / SLES15 Security Update : perl-Net-CIDR-Lite (SUSE-SU-2026:2113-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2113-1 advisory. This update for perl-Net-CIDR-Lite fixes the following issues - CVE-2026-45190: improper validation of trailin...

7.5CVSS5.7AI score0.00311EPSS
Exploits0References12
Patchstack
Patchstack
added 2026/06/07 12:0 a.m.13 views

WordPress Recipe Card Blocks Lite plugin <= 3.4.13 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Recipe Card Blocks for Gutenberg & Elementor versions = 3.4.13...

6.4CVSS5.4AI score0.00206EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.10 views

CVE-2026-45191

A flaw was found in Net::CIDR::Lite. This vulnerability allows an attacker to bypass IP Access Control Lists ACLs by providing specially crafted CIDR Classless Inter-Domain Routing mask values. The component incorrectly processes mask forms containing extraneous zero characters, such as "/00" or...

6.5CVSS5AI score0.00311EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.10 views

CVE-2026-32648

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug configuration details e.g., SSH/RTTY status, assisting attackers in reconnaissance against the device...

5.3CVSS5.5AI score0.00249EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.9 views

CVE-2026-5361

The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in the updategallerydata function and improper output escaping in the galleryinit function. The...

6.4CVSS5.7AI score0.0035EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.10 views

CVE-2026-5243

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to stored cross-site scripting via the menuhoverclick parameter of the Navigation Menu Lite widget in all versions up to, and including, 6.4.11 due to...

6.4CVSS5.4AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.11 views

CVE-2026-49053

Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementsKit Elementor addons Lite: from n/a through 3.9.6...

5.3CVSS5.4AI score0.00187EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.12 views

CVE-2026-49052

Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementsKit Elementor addons Lite: from n/a through 3.9.6...

4.3CVSS5.4AI score0.00152EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.14 views

CVE-2026-33569

Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device...

6.5CVSS5.4AI score0.00186EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.10 views

CVE-2026-20172

A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email ECE could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Agent. This...

4.3CVSS5.8AI score0.00125EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.10 views

CVE-2026-4852

The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Image Source' attachment field in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS5.7AI score0.00155EPSS
Exploits0References1
Rows per page
Query Builder