Lucene search
+L

151738 matches found

CVE
CVE
added 48 minutes ago4 views

CVE-2026-12705 Integrity mechanism of KNX-device FW-files can be bypassed in ABB Update Tool

Missing support for integrity check vulnerability in ABB KNX Update Tool ABB, ABB KNX Update Tool BJE. This issue affects KNX Update Tool ABB: through 2.0.175; KNX Update Tool BJE: through 2.0.175...

6.4CVSS
Exploits0References1
Cvelist
Cvelist
added 48 minutes ago3 views

CVE-2026-12705 Integrity mechanism of KNX-device FW-files can be bypassed in ABB Update Tool

Missing support for integrity check vulnerability in ABB KNX Update Tool ABB, ABB KNX Update Tool BJE. This issue affects KNX Update Tool ABB: through 2.0.175; KNX Update Tool BJE: through 2.0.175...

6.4CVSS
Exploits0References1
The Hacker News
The Hacker News
added 3 hours ago6 views

E.U. Orders Google to Open Android Mic, Camera and Screen to Rival AI Assistants

The European Commission on Thursday ordered Google to give rival AI assistants the same reach into Android that Gemini already has: the camera, the microphone, whatever is on screen, a wake word that fires with the display off, and the ability to drive other apps in the background by imitating ta...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 3 hours ago7 views

The Race to Field Military Autonomy Is On, Can Trusted Information Infrastructure Keep Pace?

Military forces are under increasing pressure to field autonomous capabilities faster than ever before. Across the U.S., UK, and NATO, new investment, evolving defense strategies, and accelerated acquisition pathways are transforming how capability is delivered, rewarding programs that can move...

5.8AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 5 hours ago3 views

Security Bulletin: Multiple vulnerabilities in IBM Guardium Unified Discovery and Classification (GUDC) container images

Summary Security vulnerabilities have been addressed in the IBM Guardium Unified Discovery and Classification GUDC container images Vulnerability Details CVEID:CVE-2025-0167 DESCRIPTION: When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password use...

9.3CVSS7.2AI score0.00723EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 hours ago3 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.13.0 Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision...

8.7CVSS6.3AI score0.00549EPSS
Exploits3Affected Software1
NVD
NVD
added 9 hours ago4 views

CVE-2026-15094

The WP Hotel Booking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'checkindate' parameter in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

6.1CVSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 9 hours ago2 views

CVE-2026-15094

The WP Hotel Booking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'checkindate' parameter in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

6.1CVSS5.5AI score
Exploits0References7
Cvelist
Cvelist
added 9 hours ago9 views

CVE-2026-15094 WP Hotel Booking <= 2.3.2 - Reflected Cross-Site Scripting via 'check_in_date' Parameter

The WP Hotel Booking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'checkindate' parameter in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

6.1CVSS
Exploits0References6
EUVD
EUVD
added 9 hours ago6 views

EUVD-2026-45143

The WP Hotel Booking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'checkindate' parameter in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

6.1CVSS6.2AI score
Exploits0References6
CVE
CVE
added 9 hours ago7 views

CVE-2026-15094

WP Hotel Booking for WordPress, version up to 2.3.2, is vulnerable to Reflected Cross-Site Scripting via the check_in_date parameter. The root cause is insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts into pages executed when ...

6.1CVSS6.2AI score
Exploits0References6
NVD
NVD
added 10 hours ago7 views

CVE-2026-15349

The ERP: Complete HR, Accounting & CRM Suite Built for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.17.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS
Exploits0References10
Nuclei
Nuclei
added 10 hours ago45 views

Popup Builder < 4.0.7 - SQL Injection

The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection. id: CVE-2022-0228 info: name: Popup Builder 4.0.7 -...

7.2CVSS7.3AI score0.05887EPSS
Exploits2References4
Nuclei
Nuclei
added 10 hours ago46 views

JoomSport <= 5.7.7 - SQL Injection

The JoomSport WordPress plugin through 5.7.7 is vulnerable to unauthenticated time-based blind SQL injection via the 'sortf' GET parameter in the player list view. The parameter value is backtick-wrapped and directly concatenated into an ORDER BY clause. id: CVE-2026-42647 info: name: JoomSport =...

9.3CVSS5.6AI score0.01323EPSS
Exploits1References4
Nuclei
Nuclei
added 10 hours ago14 views

WordPress ARMember Premium <= 7.3.1 - Unauthenticated SQL Injection

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...

7.5CVSS5.7AI score0.01383EPSS
Exploits1References4
Nuclei
Nuclei
added 10 hours ago79 views

WordPress Duplicate Page or Post <1.5.1 - Cross-Site Scripting

WordPress Duplicate Page or Post plugin before 1.5.1 contains a stored cross-site scripting vulnerability. The plugin does not have any authorization and has a flawed cross-site request forgery check in the wpdevartduplicatepostparametrssaveindb AJAX action, allowing unauthenticated users to call...

3.5CVSS5.2AI score0.01582EPSS
Exploits2References5
Nuclei
Nuclei
added 10 hours ago275 views

ZoneMinder Snapshots - Command Injection

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the...

9.8CVSS7.9AI score0.80462EPSS
Exploits11References5
Nuclei
Nuclei
added 10 hours ago70 views

Cryptocurrency Widgets Pack < 2.0 - SQL Injection

The plugin does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. id: CVE-2022-4059 info: name: Cryptocurrency Widgets Pack 2.0 - SQL Injection author: r3Y3r53 severity: critical description...

9.8CVSS8.7AI score0.04756EPSS
Exploits1References3
Nuclei
Nuclei
added 10 hours ago42 views

External Media without Import <=1.1.2 - Authenticated Blind Server-Side Request Forgery

WordPress External Media without Import plugin through 1.1.2 is susceptible to authenticated blind server-side request forgery. The plugin has no authorization and does not ensure that media added via URLs are external media, which can allow any authenticated users, including subscribers, to obta...

6.5CVSS6.5AI score0.02941EPSS
Exploits1References4
Nuclei
Nuclei
added 10 hours ago216 views

WordPress Perfect Survey <1.5.2 - SQL Injection

Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the questionid GET parameter before using it in a SQL statement in the getquestion AJAX action, allowing unauthenticated users to perform SQL injection. id: CVE-2021-24762 info: name: WordPress Perfect Survey 1.5.2 - SQL...

9.8CVSS8.6AI score0.86896EPSS
Exploits7References4
Rows per page
Query Builder