Lucene search
K

105814 matches found

Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.11 views

PT-2026-47135

Name of the Vulnerable Software and Affected Versions OptinCraft – Drag & Drop Optins & Popup Builder for WordPress versions prior to 1.2.1 Description The plugin is subject to generic SQL Injection, a flaw where an attacker can interfere with the queries that an application makes to its database...

4.9CVSS5.6AI score0.00259EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.10 views

EulerOS Virtualization 2.10.1 : python-ply (EulerOS-SA-2026-2035)

According to the versions of the python-ply package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile...

9.8CVSS8.6AI score0.16903EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.9 views

EulerOS Virtualization 2.12.1 : python-ply (EulerOS-SA-2026-2087)

According to the versions of the python-ply packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile...

9.8CVSS6.3AI score0.16903EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.28 views

PT-2026-47132

Name of the Vulnerable Software and Affected Versions Click to Chat – WA Widget versions prior to 4.39 Description The plugin is subject to Stored Cross-Site Scripting. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages. This occurs because...

6.4CVSS5.9AI score0.00288EPSS
Exploits0References14
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.10 views

OneDev 授权问题漏洞

OneDev is a JAVA-based multi-functional DevOps platform developed by Theonedev team. This platform supports container building, orchestration, CI, Git management, and team collaboration, helping developers create a simple yet powerful development platform. OneDev versions 15.0.5 and earlier have...

6.5CVSS6.5AI score0.00214EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.11 views

Mage AI 代码注入漏洞

Mage AI is an intelligent program developed by Mage OpenSource, used for building, running, and managing data pipelines. Versions of Mage AI 0.9.79 and earlier contained a code injection vulnerability. This vulnerability stemmed from the use of the query.redirecturl parameter in the useMutation...

5.3CVSS4.6AI score0.00263EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.7 views

Jinher OA SQL注入漏洞

Jinher OA is a collaborative management software developed by Jinher Company in China. Version 1.0 of Jinher OA contains an SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter httpOID in the file nextselectplan.aspx, which may lead to SQL injection...

7.5CVSS7.5AI score0.00259EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.9 views

Jinher OA C6 SQL注入漏洞

Jinher OA C6 is a digital office platform developed by Jinher Corporation. Jinher OA C6 has a SQL injection vulnerability. This vulnerability arises from improper handling of the parameter ‘queryID’ in the file/C6/JHSoft.Web.ModuleCount/GetFormSn.aspx, an unknown function. An attacker can exploit...

6.5CVSS6.6AI score0.00196EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.8 views

WordPress plugin Ad Inserter – Ad Manager & AdSense Ads 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.1CVSS5.4AI score0.00225EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.7 views

WordPress plugin OptinCraft – Drag & Drop Optins & Popup Builder SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.9CVSS5.8AI score0.00259EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.8 views

WordPress plugin Quiz and Survey Master SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.9CVSS5.8AI score0.00352EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.10 views

EulerOS Virtualization 2.13.1 : python-ply (EulerOS-SA-2026-2145)

According to the versions of the python-ply package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile...

9.8CVSS6.2AI score0.16903EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.19 views

PT-2026-47144

Name of the Vulnerable Software and Affected Versions The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress versions prior to 1.8.42 Description Insufficient escaping of user-supplied parameters and lack of proper preparation of SQL queries allow authenticated attackers...

6.5CVSS5.6AI score0.00325EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.8 views

EulerOS Virtualization 2.10.0 : python-ply (EulerOS-SA-2026-2062)

According to the versions of the python-ply package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile...

9.8CVSS6.5AI score0.16903EPSS
Exploits3References2
Cvelist
Cvelist
added 2026/06/05 11:28 p.m.42 views

CVE-2026-6448 Quiz and Survey Master (QSM) <= 11.1.2 - Authenticated (Admin+) SQL Injection via 'order' and 'limit' Parameters

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' parameter in all versions up to, and including, 11.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

4.9CVSS0.00352EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2026/06/05 11:28 p.m.10 views

CVE-2026-6448 Quiz and Survey Master (QSM) <= 11.1.2 - Authenticated (Admin+) SQL Injection via 'order' and 'limit' Parameters

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' parameter in all versions up to, and including, 11.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

4.9CVSS5.7AI score0.00352EPSS
Exploits0References12
CVE
CVE
added 2026/06/05 11:28 p.m.23 views

CVE-2026-6448

The CVE-2026-6448 entry concerns the WordPress plugin Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker. All versions up to 11.1.2 are listed as vulnerable to time-based blind SQL Injection via the order parameter due to insufficient escaping and improper query preparation. The issue enab...

4.9CVSS5.7AI score0.00352EPSS
Exploits0References12
CVE
CVE
added 2026/06/05 11:28 p.m.26 views

CVE-2026-10038

The Charitable – Donation Plugin for WordPress (Charitable) up to version 1.8.11.1 is affected by an Insecure Direct Object Reference/Authorization Bypass that enables Arbitrary Attachment Deletion via the profile avatar update flow. The issue stems from save_avatar() calling wp_delete_attachment...

4.3CVSS5.6AI score0.00285EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/06/05 11:28 p.m.72 views

CVE-2026-9290 WP User Manager <= 2.9.17 - Unauthenticated Path Traversal to Local File Inclusion via 'tab' Query Parameter

The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the profile template scope function. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files...

7.5CVSS0.02403EPSS
Exploits1References13
Cvelist
Cvelist
added 2026/06/05 10:28 p.m.35 views

CVE-2026-7523 Alba Board <= 2.1.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'card_id' Parameter

The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access...

4.3CVSS0.00272EPSS
Exploits0References8
Rows per page
Query Builder