Lucene search
K

7874 matches found

CVE
CVE
added 4 hours ago4 views

CVE-2026-57390

Missing Authorization vulnerability in EDGARROJAS Extra Product Options Builder for WooCommerce additional-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Extra Product Options Builder for WooCommerce: from n/a through =...

6.5CVSS6.1AI score
Exploits0References1
Nuclei
Nuclei
added 8 hours ago79 views

Cockpit Web Console < 360 - Remote Code Execution

Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...

9.8CVSS6.9AI score0.142EPSS
Exploits4References3
Nuclei
Nuclei
added 8 hours ago9 views

Rclone RC - Broken Access Control

Rclone = 1.45.0 and = 1.45.0 and 1.73.5 contains a broken access control vulnerability caused by unauthenticated access to the RC endpoint options/set allowing mutation of global runtime configuration, letting unauthenticated attackers access sensitive administrative functions, exploit requires R...

9.8CVSS6.1AI score0.34734EPSS
Exploits1References2
Nuclei
Nuclei
added 8 hours ago12 views

WordPress Image Hover Ultimate - Unauthenticated Settings Update

Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate versions = 9.6.1 WordPress plugin. id: CVE-2021-36888 info: name: WordPress Image Hover Ultimate - Unauthenticated Settings Update author: riteshs4hu severity:...

9.8CVSS7AI score0.0674EPSS
Exploits1References2
Nuclei
Nuclei
added 8 hours ago11 views

Total Donations Plugin for WordPress < 2.0.6 - Arbitrary Options Update

Incorrect access control in miglaajaxfunctions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to wp-admin/admin-ajax.php to call...

9.8CVSS7AI score0.26076EPSS
Exploits1References2
Nuclei
Nuclei
added 8 hours ago10 views

WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated Options Import and Export

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import. id: CVE-2019-17232 info: name: WordPress Ultimate FAQs = 1.8.24 – Unauthenticated Options Import and Export author: daffainfo severity: high description: |...

7.5CVSS7.1AI score0.03518EPSS
Exploits1References4
Nuclei
Nuclei
added 8 hours ago69 views

All Thrive Themes and Plugins - Unauthenticated Option Update

The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin...

5.3CVSS6.3AI score0.02076EPSS
Exploits2References2
Nuclei
Nuclei
added 8 hours ago12 views

Guten Free Options - Cross Site Scripting

Guten Free Options WordPress plugin = 0.9.5 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to click malicious link. id: CVE-2024-13492 info: name: Guten Free...

6.1CVSS7AI score0.00568EPSS
Exploits1References1
Nuclei
Nuclei
added 8 hours ago29 views

ND Booking < 2.5 - Unauthenticated Options Change

The Hotel Booking WordPress plugin ND Booking 2.5 was affected by an Unauthenticated Options Change security vulnerability. id: CVE-2019-15774 info: name: ND Booking 2.5 - Unauthenticated Options Change author: popcorn94 severity: medium description: | The Hotel Booking WordPress plugin ND Bookin...

6.1CVSS6.4AI score0.01731EPSS
Exploits1References2
Nuclei
Nuclei
added 8 hours ago43 views

WHMpress <= 6.3-revision-0 - Unauthenticated Local File Inclusion to Arbitrary Options Update

The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.3-revision-0 via the whmpressdomainsearchajaxextendedresults function. This makes it possible for unauthenticated attackers to include and execute...

9.8CVSS7.5AI score0.03111EPSS
Exploits0References3
Nuclei
Nuclei
added 8 hours ago145 views

Nodejs Squirrelly - Remote Code Execution

Nodejs Squirrelly is susceptible to remote code execution. Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuratio...

8.8CVSS7.4AI score0.59844EPSS
Exploits2
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-43166

The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the genolvesetOpt function in all versions up to, and including, 5.0.5. This makes it possible for authenticated attackers, with Contributor-leve...

8.8CVSS6.2AI score0.00308EPSS
Exploits0References2
CVE
CVE
added 2 days ago9 views

CVE-2026-7559

Technical details beyond what is in the Initial Description are not publicly provided in the connected documents. Monitor for updates to affected versions, remediation status, and exploit information.

4.3CVSS6.1AI score0.00304EPSS
Exploits0References12
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43119

The MyParcel plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.25.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access a...

4.3CVSS6.2AI score0.00232EPSS
Exploits0References8
CVE
CVE
added 2 days ago9 views

CVE-2026-8678

The CVE-2026-8678 entry concerns the WordPress MyParcel plugin and its versions up to 4.25.1. Affected component: the MyParcel plugin (WordPress). Root cause: missing authorization verification for certain AJAX actions (wcmp_get_shipment_options and wcmp_save_shipment_options). Impact: authentica...

4.3CVSS6.2AI score0.00232EPSS
Exploits0References8
Metasploit
Metasploit
added 3 days ago13 views

FTP Fetch, Reverse TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x86 payload from an FTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/ftp/x86/dllinject/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf payloadreversetcprc4 show options ...show and se...

6.2AI score
Exploits0
Metasploit
Metasploit
added 3 days ago10 views

FTP Fetch

Fetch and execute an x64 payload from an FTP server. Module Options msf use payload/cmd/linux/ftp/x64/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf payloadmeterpreterreversehttps set ACTION msf payloadmeterpreterreversehttps show options ...show and set...

6.2AI score
Exploits0
Metasploit
Metasploit
added 3 days ago9 views

FTP Fetch, Linux Command Shell, Bind IPv6 TCP Stager (Linux x86)

Fetch and execute a x86 payload from an FTP server. Spawn a command shell staged. Listen for an IPv6 connection Linux x86 Module Options msf use payload/cmd/linux/ftp/x86/shell/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf payloadbindipv6tcp...

6.2AI score
Exploits0
CVE
CVE
added 3 days ago8 views

CVE-2026-55641

9router (affected component: /v1 LLM proxy logic) had an unauthenticated bypass due to client-controlled Host header processing before version 0.5.2. This allowed a remote attacker to craft Host: localhost to bypass API-key checks, potentially enabling upstream provider calls with stored credenti...

8.2CVSS6.1AI score0.00246EPSS
Exploits0References3
NVD
NVD
added 4 days ago9 views

CVE-2026-59721

Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, the updateInfraConfigs GraphQL mutation in admin/infra.resolver.ts accepts an attacker-controlled MAILERSMTPURL value, and validateSMTPUrl in utils.ts permits path, query, or fragment content that nodemailer parses into...

7.2CVSS0.00518EPSS
Exploits0References4
Rows per page
Query Builder