Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

104858 matches found

Vulnrichment
Vulnrichmentadded 2026/05/29 1:30 p.m.10 views

CVE-2026-10061 TRENDnet TEW-432BRP formWPS command injection

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. Affected is the function formWPS of the file /goform/formWPS. The manipulation of the argument peerPin results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor...

6.5CVSS6.3AI score0.04341EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/05/29 1:30 p.m.10 views

CVE-2026-10061

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. Affected is the function formWPS of the file /goform/formWPS. The manipulation of the argument peerPin results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor...

6.5CVSS6.3AI score0.04341EPSS
Exploits1References4Affected Software1
CVE
CVEadded 2026/05/29 1:30 p.m.22 views

CVE-2026-10061

CVE-2026-10061 affects TRENDnet TEW-432BRP, version 3.10B20. The vulnerability is in the function goform/formWPS, where manipulating the peerPin argument enables a remote command injection. The attack can be executed remotely and, per the sources, the exploit has been made public. TRENDnet notes ...

9.8CVSS6.3AI score0.04341EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/29 12:44 p.m.6 views

CVE-2026-44238

FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the order and sort POST parameters. Authentication with a FreePBX Administration Control Panel account that has CDR section access is required. Full administrator privileges ar...

8.5CVSS5.8AI score0.00289EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/29 12:42 p.m.8 views

CVE-2026-44239 FreePBX: Authenticated Local File Inclusion in Dashboard Module

FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5, the Dashboard module's getcontent AJAX handler includes PHP files based on user-supplied input without path sanitization. The $REQUEST'rawname' parameter is concatenated into an include call with a .class.php suffix, allowing path...

7.6CVSS6AI score0.00272EPSS
Exploits0References1
CVE
CVEadded 2026/05/29 12:42 p.m.13 views

CVE-2026-44239

Affected software : FreePBX Dashboard module (Dashboard getcontent AJAX handler). Vulnerability : Prior to 16.0.22 and 17.0.5, the handler includes PHP files based on unsanitized user input, concatenating $_REQUEST['rawname'] into an include() call with a .class.php suffix. This enables path trav...

8.8CVSS6AI score0.00272EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVEadded 2026/05/29 12:22 p.m.11 views

CVE-2026-32936

A flaw was found in CoreDNS, a DNS server that chains plugins. A remote, unauthenticated attacker can exploit this vulnerability by repeatedly sending oversized DNS-over-HTTPS DoH GET requests. The GET path, unlike the POST path, lacks size validation before processing large dns= query parameter...

8.7CVSS5.6AI score0.00672EPSS
Exploits1References5
NVD
NVDadded 2026/05/29 9:16 a.m.13 views

CVE-2026-10039

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to generic SQL Injection via the 'order' parameter in all versions up to, and including, 3.28.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

4.9CVSS0.00301EPSS
Exploits0References6
OSV
OSVadded 2026/05/29 8:44 a.m.6 views

BIT-JOOMLA-2026-48901 Joomla! Core - [20260517] - Incorrect Cache Key Construction for InputFilter objects

The InputFilter::getInstance method omitted a security sensitive parameter from the instance cache key...

7.5CVSS5.8AI score0.00245EPSS
Exploits0References2
OSV
OSVadded 2026/05/29 8:44 a.m.4 views

BIT-JOOMLA-2026-40384 Joomla! Core - [20260510] - Path traversal in com_media webservice endpoint

An improper validation of the search parameter of the commedia files API endpoint leads to a path traversal vulnerability...

7.5CVSS5.8AI score0.00445EPSS
Exploits0References2
NVD
NVDadded 2026/05/29 8:16 a.m.13 views

CVE-2025-11262

The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the userid parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS0.00233EPSS
Exploits1References3
CVE
CVEadded 2026/05/29 7:46 a.m.17 views

CVE-2026-10039

The CVE-2026-10039 entry concerns the WordPress plugin Frontend Admin by DynamiApps. Affected versions up to and including 3.28.28 are vulnerable to a generic SQL Injection via the 'order' parameter due to insufficient escaping of user input and inadequate preparation of the existing SQL query. A...

4.9CVSS6AI score0.00301EPSS
Exploits0References6
EUVD
EUVDadded 2026/05/29 7:46 a.m.9 views

EUVD-2026-33259

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to generic SQL Injection via the 'order' parameter in all versions up to, and including, 3.28.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

4.9CVSS6AI score0.00301EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/05/29 7:46 a.m.33 views

CVE-2026-10039 Frontend Admin by DynamiApps <= 3.28.28 - Authenticated (Administrator+) SQL Injection via 'order' Parameter

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to generic SQL Injection via the 'order' parameter in all versions up to, and including, 3.28.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

4.9CVSS0.00301EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/05/29 7:46 a.m.6 views

CVE-2026-10039 Frontend Admin by DynamiApps <= 3.28.28 - Authenticated (Administrator+) SQL Injection via 'order' Parameter

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to generic SQL Injection via the 'order' parameter in all versions up to, and including, 3.28.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

4.9CVSS6AI score0.00301EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 2026/05/29 7:46 a.m.6 views

CVE-2026-10039

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to generic SQL Injection via the 'order' parameter in all versions up to, and including, 3.28.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

4.9CVSS6AI score0.00301EPSS
Exploits0References7
NVD
NVDadded 2026/05/29 7:16 a.m.15 views

CVE-2026-9714

The Simple Divi Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the showmodule shortcode in versions up to, and including, 1.2 This is due to insufficient input sanitization and output escaping in the showmoduleshortcode function, which...

6.4CVSS0.00197EPSS
Exploits0References4
NVD
NVDadded 2026/05/29 7:16 a.m.13 views

CVE-2026-9493

Service Center developed by BankPro E-Service Technology has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify the parameter of a specific query function to access other users' EC order details...

7.1CVSS0.00259EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/29 6:43 a.m.7 views

CVE-2025-11262

The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the userid parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS6AI score0.00233EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2026/05/29 6:43 a.m.6 views

CVE-2025-11262 Link Whisper Free <= 0.9.0 - Unauthenticated Stored Cross-Site Scripting

The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the userid parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS6AI score0.00233EPSS
Exploits1References3
Rows per page
Query Builder