Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

105210 matches found

CVE
CVEadded 2026/05/12 9:5 a.m.22 views

CVE-2026-8162

The CVE-2026-8162 entry affects multiparty (versions 4.2.3 and earlier) where a multipart/form-data request with a Content-Disposition filename* contains malformed percent-encoding. The parser calls decodeURI without a try/catch, causing a URIError to propagate as an uncaught exception and crash ...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloudadded 2026/05/12 8:23 a.m.15 views

fileId parameter reveals workflow associations in Nextcloud Approval app

None...

3.3CVSS5.8AI score0.0013EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/05/12 8:21 a.m.10 views

CVE-2026-44411

Solid Edge SE2026 is affected (versions

7.8CVSS5.9AI score0.00105EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/05/12 8:20 a.m.12 views

CVE-2021-47950

Advanced Guestbook 2.4.4 contains a persistent cross-site scripting vulnerability in the smilies administration interface that allows authenticated attackers to inject malicious scripts by manipulating the semotion parameter. Attackers can submit POST requests to admin.php with JavaScript code in...

6.4CVSS5.7AI score0.00187EPSS
Exploits0References1
CVE
CVEadded 2026/05/12 7:48 a.m.16 views

CVE-2026-5028

The Eight Day Week Print Workflow WordPress plugin (vulnerable up to 1.2.6) is affected by a time-based blind SQL injection via the title parameter in the pp-get-articles AJAX action. Root cause: insufficient escaping and inadequate SQL query preparation. Impact: authenticated attackers with Subs...

6.5CVSS5.9AI score0.00241EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/12 7:48 a.m.29 views

CVE-2026-5028 Eight Day Week Print Workflow <= 1.2.6 - Authenticated (Subscriber+) SQL Injection via 'title' Parameter

The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the pp-get-articles AJAX action in all versions up to, and including, 1.2.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficie...

6.5CVSS5.9AI score0.00241EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/12 7:48 a.m.36 views

CVE-2026-7464 WP Google Maps Integration <= 1.2 - Reflected Cross-Site Scripting via 'page' Parameter

The WP Google Maps Integration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00211EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/05/12 7:48 a.m.9 views

CVE-2026-7464

The WP Google Maps Integration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6AI score0.00211EPSS
Exploits0References6
CVE
CVEadded 2026/05/12 7:48 a.m.17 views

CVE-2026-7464

The CVE concerns the WordPress plugin WP Google Maps Integration (versions up to 1.2). It is vulnerable to Reflected Cross-Site Scripting via the page parameter due to insufficient input sanitization and output escaping. The issue could allow unauthenticated attackers to cause the execution of ar...

6.1CVSS6AI score0.00211EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/05/12 7:48 a.m.72 views

CVE-2026-5028 Eight Day Week Print Workflow <= 1.2.6 - Authenticated (Subscriber+) SQL Injection via 'title' Parameter

The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the pp-get-articles AJAX action in all versions up to, and including, 1.2.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficie...

6.5CVSS0.00241EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/12 7:48 a.m.7 views

CVE-2026-3604 WP SEO Structured Data Schema <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via '_kcseo_ative_tab' Parameter

The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kcseoativetab parameter in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.9CVSS6AI score0.00229EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/05/12 7:48 a.m.7 views

CVE-2026-7437 AzonPost <= 1.3 - Reflected Cross-Site Scripting

The AzonPost plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the editposhidden parameter in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS6AI score0.00204EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/12 7:48 a.m.56 views

CVE-2026-7437 AzonPost <= 1.3 - Reflected Cross-Site Scripting

The AzonPost plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the editposhidden parameter in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS0.00204EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/12 7:48 a.m.7 views

CVE-2026-4301 Rate Star Review Vote <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification via 'rating_id' Parameter

The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsrreview AJAX handler lacks both capability checks and nonce verification. The only access control is an isuserloggedin check...

4.3CVSS5.8AI score0.00271EPSS
Exploits0References7
CVE
CVEadded 2026/05/12 7:48 a.m.11 views

CVE-2026-4301

The CVE-2026-4301 entry documents a vulnerability in the WordPress plugin Rate Star Review Vote (versions up to 1.6.4). The vwrsr_review() AJAX handler lacks proper capability checks and nonce verification, relying only on is_user_logged_in(). When form is set to 'update', an attacker-supplied ra...

4.3CVSS5.8AI score0.00271EPSS
Exploits0References7
Cvelist
Cvelistadded 2026/05/12 7:48 a.m.36 views

CVE-2026-4301 Rate Star Review Vote <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification via 'rating_id' Parameter

The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsrreview AJAX handler lacks both capability checks and nonce verification. The only access control is an isuserloggedin check...

4.3CVSS0.00271EPSS
Exploits0References7
ATTACKERKB
ATTACKERKBadded 2026/05/12 7:48 a.m.6 views

CVE-2026-4301

The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsrreview AJAX handler lacks both capability checks and nonce verification. The only access control is an isuserloggedin check...

4.3CVSS5.8AI score0.00271EPSS
Exploits0References8
Vulnrichment
Vulnrichmentadded 2026/05/12 7:48 a.m.8 views

CVE-2026-6913 Shortcodely <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'widget_area' Shortcode Attribute

The Shortcodely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'widgetarea' parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acces...

6.4CVSS6AI score0.00201EPSS
Exploits0References7
ATTACKERKB
ATTACKERKBadded 2026/05/12 7:48 a.m.6 views

CVE-2026-6808

The Pricing Tables for WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6AI score0.00255EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/12 7:48 a.m.35 views

CVE-2026-6808 Pricing Tables for WP <= 1.1.0 - Reflected Cross-Site Scripting via 'page' Parameter

The Pricing Tables for WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00255EPSS
Exploits0References3
Rows per page
Query Builder