Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

33616 matches found

RedhatCVE
RedhatCVEadded 6 days ago12 views

CVE-2026-8611

The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoiceid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS5.6AI score0.00034EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 6 days ago11 views

CVE-2026-7566

The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP...

6.6CVSS5.9AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 6 days ago6 views

CVE-2026-11152

An object lifecycle issue flaw was found in the Dawn component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=501762953...

9.6CVSS5.4AI score0.00073EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 6 days ago6 views

CVE-2026-11036

An inappropriate implementation flaw was found in the DOM component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497964917...

9.3CVSS5.4AI score0.00011EPSS
Exploits0References5
SUSE CVE
SUSE CVEadded 6 days ago5 views

SUSE CVE-2026-11152

Object lifecycle issue in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

9.6CVSS5.5AI score0.00073EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 6 days ago8 views

CVE-2026-10038

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insecure Direct Object Reference / Authorization Bypass leading to Arbitrary Attachment Deletion in versions up to, and including, 1.8.11.1 via the profile avatar...

4.3CVSS5.6AI score0.00045EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 6 days ago10 views

CVE-2026-7654

The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of unserialize without an allowedclasses restriction in the IdsToCollection::getidsfromstring function, which processes...

8.8CVSS6.6AI score0.00523EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded last week8 views

CVE-2026-11369

The Comment API GET /api/Comment and POST /api/Comment in the affected application fails to perform authorization checks to verify that the requesting user has access to the object identified by the relatedObjectId. This Insecure Direct Object Reference IDOR vulnerability allows any authenticated...

7.1CVSS5.6AI score0.00043EPSS
Exploits0References1
NVD
NVDadded 2026/06/06 5:16 a.m.9 views

CVE-2026-8611

The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoiceid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS0.00034EPSS
Exploits0References8
NVD
NVDadded 2026/06/06 4:17 a.m.9 views

CVE-2026-7566

The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP...

6.6CVSS0.00197EPSS
Exploits0References8
EUVD
EUVDadded 2026/06/06 3:28 a.m.10 views

EUVD-2026-34958

The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoiceid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS5.6AI score0.00034EPSS
Exploits0References8
CVE
CVEadded 2026/06/06 3:28 a.m.15 views

CVE-2026-8611

The Klamra Paycal for Aspaclaria WordPress plugin is vulnerable to Insecure Direct Object Reference through the invoice_id parameter in versions up to 1.1.4, caused by missing validation on a user-controlled key. Authenticated users with subscriber-level access and higher can enumerate post IDs t...

4.3CVSS5.6AI score0.00034EPSS
Exploits0References8
Cvelist
Cvelistadded 2026/06/06 3:28 a.m.35 views

CVE-2026-8611 Klamra Paycal for Aspaclaria <= 1.1.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Information Exposure via 'invoice_id' Parameter

The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoiceid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS0.00034EPSS
Exploits0References8
Vulnrichment
Vulnrichmentadded 2026/06/06 3:28 a.m.5 views

CVE-2026-8611 Klamra Paycal for Aspaclaria <= 1.1.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Information Exposure via 'invoice_id' Parameter

The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoiceid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS5.6AI score0.00034EPSS
Exploits0References8
ATTACKERKB
ATTACKERKBadded 2026/06/06 2:28 a.m.6 views

CVE-2026-7566

The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP...

6.6CVSS5.9AI score0.00197EPSS
Exploits0References9
Cvelist
Cvelistadded 2026/06/06 2:28 a.m.38 views

CVE-2026-7566 LearnPress – Backup & Migration Tool <= 4.1.4 - Authenticated (Administrator+) PHP Object Injection via WXR XML File Upload

The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP...

6.6CVSS0.00197EPSS
Exploits0References8
EUVD
EUVDadded 2026/06/06 2:28 a.m.9 views

EUVD-2026-34947

The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP...

6.6CVSS5.9AI score0.00197EPSS
Exploits0References8
Vulnrichment
Vulnrichmentadded 2026/06/06 2:28 a.m.8 views

CVE-2026-7566 LearnPress – Backup & Migration Tool <= 4.1.4 - Authenticated (Administrator+) PHP Object Injection via WXR XML File Upload

The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP...

6.6CVSS5.9AI score0.00197EPSS
Exploits0References8
CVE
CVEadded 2026/06/06 2:28 a.m.16 views

CVE-2026-7566

The LearnPress – Backup & Migration Tool (WordPress) is affected by a PHP Object Injection in versions up to and including 4.1.4. The issue arises from deserialization of untrusted input via a WXR XML file upload, and requires authenticated access with administrator-level privileges or higher. If...

6.6CVSS5.9AI score0.00197EPSS
Exploits0References8
EUVD
EUVDadded 2026/06/06 12:31 a.m.6 views

EUVD-2026-34922

The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of unserialize without an allowedclasses restriction in the IdsToCollection::getidsfromstring function, which processes...

8.8CVSS6.6AI score0.00523EPSS
Exploits0References11
Rows per page
Query Builder