Lucene search
K

7292 matches found

Nuclei
Nuclei
added 11 hours ago22 views

Quiz and Survey Master <= 8.1.4 - SQL Injection

ExpressTech Quiz And Survey Master versions up to 8.1.4 contains an SQL injection caused by improper neutralization of special elements used in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires user interaction. id: CVE-2023-28787 info: name: Quiz and Survey Master =...

9.3CVSS7.3AI score0.01977EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday16 views

ASUSTOR ADM 3.1.0.RFQ3 - SQL Injection

ASUSTOR ADM version 3.1.0.RFQ3 is vulnerable to SQL injection via the albumid parameter in the /photo-gallery/api/album/treelists/ endpoint. An attacker can exploit this vulnerability to execute arbitrary SQL commands on the database, potentially leading to information disclosure or further...

9.8CVSS7.4AI score0.11176EPSS
Exploits7References2
Nuclei
Nuclei
added yesterday40 views

TerraMaster TOS < 4.2.06 - User Enumeration

User Enumeration vulnerability in TerraMaster TOS = 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php. id: CVE-2020-28185 info: name: TerraMaster TOS 4.2.06 - User Enumeration author: pussycat0x severity:...

5.3CVSS6.2AI score0.18066EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday35 views

Apache Spark - Authentication Bypass

In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication spark.authenticate via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even...

9.8CVSS6.9AI score0.29157EPSS
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2026-9230

The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress

4.3CVSS6AI score
Exploits0References14
EUVD
EUVD
added 2 days ago13 views

EUVD-2026-36320

OpenClaw: Hook-triggered CLI runs could receive owner MCP tool authority...

8.7CVSS5.8AI score0.00281EPSS
Exploits0References3
OSV
OSV
added 2 days ago2 views

UBUNTU-CVE-2026-53339

In the Linux kernel, the following vulnerability has been resolved: i2c: qcom-cci: Fix NULL pointer dereference in cciremove On all modern platforms Qualcomm CCI controller provides two I2C masters, and on particular boards only one I2C master may be initialized, and in such cases the device...

5.7AI score0.00164EPSS
Exploits0References11
OSV
OSV
added 5 days ago5 views

PYSEC-2026-529 Salt vulnerable to directory traversal attack in file receiving method

Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...

9.6CVSS5.9AI score0.00982EPSS
Exploits0References7
OSV
OSV
added 5 days ago5 views

PYSEC-2026-436 SatyaLab opendiamond 10.1.1 vulnerable to path traversal because Flask send_file function used unsafely

The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely. A patch is available on the master branch of the repository...

9.3CVSS7.3AI score0.01213EPSS
Exploits1References7
CVE
CVE
added 2026/06/27 6:50 a.m.13 views

CVE-2026-9233

CVE-2026-9233 affects the WordPress plugin Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker up to version 11.1.4 . The root cause is an authorization bypass in the AJAX action qsm_insert_quiz_template , allowing authenticated users with contributor-level access and above to create, modif...

4.3CVSS5.9AI score0.00272EPSS
Exploits0References12
EUVD
EUVD
added 2026/06/27 6:50 a.m.9 views

EUVD-2026-39952

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 11.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS5.9AI score0.00272EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/06/27 6:50 a.m.32 views

CVE-2026-9233 Quiz and Survey Master (QSM) <= 11.1.4 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via qsm_insert_quiz_template AJAX Action

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 11.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00272EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/06/26 12:20 p.m.6 views

CVE-2026-53030

A flaw was found in the Linux kernel, specifically within the i3c master renesas driver. This vulnerability is caused by a memory leak in the renesasi3ci3cxfers function, where an allocated xfer structure is not properly freed. An attacker could potentially exploit this to cause a denial of servi...

5.8AI score0.00166EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/26 2:10 a.m.7 views

SUSE CVE-2026-53193

In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Forcibly close timer instances at closing When sndtimer object is freed via sndtimerfree and still pending sndtimerinstance objects are assigned to the timer object, it tries to unlink all instances and just set NULL...

7.8CVSS5.8AI score0.00141EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 2:16 p.m.5 views

CVE-2026-56014

Unauthenticated Cross Site Scripting XSS in Master Slider = 3.11.2 versions...

7.1CVSS0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 1:12 p.m.27 views

CVE-2026-56014 WordPress Master Slider plugin <= 3.11.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Master Slider = 3.11.2 versions...

7.1CVSS0.00175EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:12 p.m.12 views

CVE-2026-56014

CVE-2026-56014 concerns the WordPress Master Slider plugin (versions &lt;= 3.11.2) and describes an Unauthenticated Cross Site Scripting (XSS) vulnerability. The connected sources confirm the affected product and version range and indicate that exploitation is possible without authentication, wit...

7.1CVSS5.8AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:12 p.m.4 views

EUVD-2026-39377

Unauthenticated Cross Site Scripting XSS in Master Slider = 3.11.2 versions...

7.1CVSS5.8AI score0.00175EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52428

Name of the Vulnerable Software and Affected Versions Master Slider versions prior to 3.11.3 Description An unauthenticated cross-site scripting XSS flaw exists in the web-facing input handling. The issue stems from improper input validation and output encoding, which allows attacker-supplied...

7.1CVSS5.6AI score0.00175EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.7 views

PT-2026-52582

Unauthenticated Broken Access Control in Paymob for WooCommerce = 4.1.2 versions...

7.5CVSS5.8AI score0.00238EPSS
Exploits0References3
Rows per page
Query Builder