Lucene search
+L

833 matches found

cvelist
cvelist
added 2026/03/24 4:27 a.m.35 views

CVE-2026-4662 JetEngine <= 3.8.6.1 - Unauthenticated SQL Injection via Listing Grid 'filtered_query' Parameter

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the listingloadmore AJAX action in all versions up to, and including, 3.8.6.1. This is due to the filteredquery parameter being excluded from the HMAC signature validation allowing attacker-controlled input to bypass security...

7.5CVSS0.00322EPSS
Exploits0References6
cve
cve
added 2026/03/24 4:27 a.m.59 views

CVE-2026-4662

Affected software: JetEngine WordPress plugin. Vulnerability: SQL Injection via the listing_load_more AJAX action in all versions up to and including 3.8.6.1. Root cause: The filtered_query parameter is excluded from HMAC signature validation and the prepare_where_clause() in the SQL Query Builde...

7.5CVSS5.8AI score0.00322EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/03/24 12:0 a.m.8 views

PT-2026-27331

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the listing load more AJAX action in all versions up to, and including, 3.8.6.1. This is due to the filtered query parameter being excluded from the HMAC signature validation allowing attacker-controlled input to bypass securit...

7.5CVSS5.8AI score0.00322EPSS
Exploits0References7
osv
osv
added 2026/03/05 8:16 p.m.8 views

CVE-2026-28413 Products.isurlinportal: Possible open redirect when using more than 2 forward slashes

Products.isurlinportal is a replacement for isURLInPortal method in Plone. Prior to versions 2.1.0, 3.1.0, and 4.0.0, a url /login?camefrom=////evil.example may redirect to an external website after login. This issue has been patched in versions 2.1.0, 3.1.0, and 4.0.0...

5.3CVSS5.7AI score0.00227EPSS
Exploits0References3
cvelist
cvelist
added 2026/02/25 8:1 p.m.27 views

CVE-2026-25942 FreeRDP has global-buffer-overflow in xf_rail_server_execute_result

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfrailserverexecuteresult indexes the global errorcodenames array 7 elements, indices 0–6 with an unchecked execResult-execResult value received from the server, allowing an out-of-bounds read when the serve...

6.9CVSS0.00454EPSS
Exploits1References6
redhatcve
redhatcve
added 2026/02/21 7:30 p.m.6 views

CVE-2025-67624

Missing Authorization vulnerability in Arya Dhiratara Optimize More! – Images optimize-more-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Optimize More! – Images: from n/a through = 1.1.3...

6.5CVSS5.1AI score0.00261EPSS
Exploits0References1
nvd
nvd
added 2026/02/20 4:22 p.m.5 views

CVE-2025-67624

Missing Authorization vulnerability in Arya Dhiratara Optimize More! – Images optimize-more-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Optimize More! – Images: from n/a through = 1.1.3...

6.5CVSS0.00261EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/02/20 3:46 p.m.1 views

CVE-2025-67624 WordPress Optimize More! – Images plugin <= 1.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Arya Dhiratara Optimize More! Images optimize-more-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Optimize More! Images: from n/a through = 1.1.3...

6.5CVSS5.3AI score0.00261EPSS
Exploits0References1
cve
cve
added 2026/02/20 3:46 p.m.11 views

CVE-2025-67624

CVE-2025-67624 : WordPress plugin Optimize More! – Images

6.5CVSS5.1AI score0.00261EPSS
Exploits0References1
cvelist
cvelist
added 2026/02/20 3:46 p.m.31 views

CVE-2025-67624 WordPress Optimize More! – Images plugin <= 1.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Arya Dhiratara Optimize More! – Images optimize-more-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Optimize More! – Images: from n/a through = 1.1.3...

6.5CVSS0.00261EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/02/20 12:0 a.m.8 views

WordPress plugin Optimize More! – Images 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.8AI score0.00261EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/02/20 12:0 a.m.8 views

PT-2026-21042

Name of the Vulnerable Software and Affected Versions Arya Dhiratara Optimize More! – Images versions through 1.1.3 Description The software contains a missing authorization issue, allowing exploitation of incorrectly configured access control security levels. Recommendations Update Arya Dhiratar...

5.4AI score0.00261EPSS
Exploits0References3
thn
thn
added 2026/02/19 5:40 p.m.11 views

Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center

Microsoft has disclosed a now-patched security flaw in Windows Admin Center that could allow an attacker to escalate their privileges. Windows Admin Center is a locally deployed, browser-based management tool set that lets users manage their Windows Clients, Servers, and Clusters without the need...

8.8CVSS6AI score0.00803EPSS
Exploits0
fedora
fedora
added 2026/02/15 1:29 a.m.9 views

[SECURITY] Fedora 42 Update: nginx-mod-headers-more-0.39-6.fc42

This module allows adding, setting, or clearing specified input/output header s. This is an enhanced version of the standard headers module because it provides more utilities like resetting or clearing "builtin headers" like Content-Type, Content-Length, and Server...

8.2CVSS5.5AI score0.00339EPSS
Exploits0
fedora
fedora
added 2026/02/15 1:13 a.m.7 views

[SECURITY] Fedora 43 Update: nginx-mod-headers-more-0.39-6.fc43

This module allows adding, setting, or clearing specified input/output header s. This is an enhanced version of the standard headers module because it provides more utilities like resetting or clearing "builtin headers" like Content-Type, Content-Length, and Server...

8.2CVSS5.5AI score0.00339EPSS
Exploits0
nessus
nessus
added 2026/02/15 12:0 a.m.6 views

Fedora 42 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-0b8cc86e5b)

The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-0b8cc86e5b advisory. nginx-mod-fancyindex: - Rebuild for 1.28.2 nginx-mod-headers-more: - Rebuild for 1.28.2 nginx-mod-brotli: - Rebuild for 1.28.2 nginx-mod-modsecurity: - Rebui...

8.2CVSS6.1AI score0.00339EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/02/12 12:0 a.m.9 views

More reporting GLPI plugin SQL注入漏洞

The More Reporting GLPI plugin is an open-source report generation plugin developed by GLPI Project Plugins. Versions of the More Reporting GLPI plugin prior to 1.9.4 contained a SQL injection vulnerability, which stemmed from SQL injection issues when date fields were modified...

6.5CVSS5.9AI score0.00242EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/02/11 9:27 a.m.5 views

CVE-2026-2295

The WPZOOM Addons for Elementor – Starter Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajaxpostgridloadmore' function in all versions up to, and including, 1.3.2. This makes it possible for unauthenticated attacker...

5.3CVSS5.5AI score0.00325EPSS
Exploits0References4
cvelist
cvelist
added 2026/02/11 9:27 a.m.30 views

CVE-2026-2295 WPZOOM Addons for Elementor – Starter Templates & Widgets <= 1.3.2 - Unauthenticated Protected Post Exposure via ajax_post_grid_load_more

The WPZOOM Addons for Elementor – Starter Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajaxpostgridloadmore' function in all versions up to, and including, 1.3.2. This makes it possible for unauthenticated attacker...

5.3CVSS0.00325EPSS
Exploits0References3
cve
cve
added 2026/02/11 9:27 a.m.29 views

CVE-2026-2295

CVE-2026-2295 affects the WordPress plugin “WPZOOM Addons for Elementor – Starter Templates & Widgets” up to version 1.3.2, exposing protected post titles and excerpts via an unauthenticated request to ajax_post_grid_load_more due to a missing capability check. Multiple sources (Wordfence, CVE en...

5.3CVSS5.5AI score0.00325EPSS
Exploits0References3
Rows per page
Query Builder