Lucene search
K

105361 matches found

NVD
NVD
added 2026/05/05 2:16 p.m.28 views

CVE-2026-4304

The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS0.00294EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/05 1:27 p.m.6 views

CVE-2026-4304 WeePie Cookie Allow <= 3.4.11 - Unauthenticated SQL Injection via 'consent' Parameter

The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS5.9AI score0.00294EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/05 1:27 p.m.50 views

CVE-2026-4304 WeePie Cookie Allow <= 3.4.11 - Unauthenticated SQL Injection via 'consent' Parameter

The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS0.00294EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/05 1:27 p.m.5 views

CVE-2026-4304

The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS5.9AI score0.00294EPSS
Exploits0References4
CVE
CVE
added 2026/05/05 1:27 p.m.23 views

CVE-2026-4304

The CVE-2026-4304 entry concerns the WeePie Cookie Allow plugin for WordPress. Affected component: the plugin, throughout all versions up to and including 3.4.11. Root cause: insufficient escaping of the user-supplied consent parameter and lack of proper preparation in the SQL query, enabling SQL...

7.5CVSS5.9AI score0.00294EPSS
Exploits0References3
NVD
NVD
added 2026/05/05 1:16 p.m.10 views

CVE-2026-7833

A weakness has been identified in EFM ipTIME C200 up to 1.092. This vulnerability affects the function sub408F90 of the file /cgi/iuxset.cgi of the component ApplyRestore Endpoint. This manipulation of the argument RestoreFile causes command injection. The attack can be initiated remotely. The...

8.6CVSS0.02336EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/05 12:31 p.m.9 views

EUVD-2023-60570

OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and...

8.7CVSS5.8AI score0.00537EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/05/05 12:30 p.m.3 views

CVE-2026-7833

A weakness has been identified in EFM ipTIME C200 up to 1.092. This vulnerability affects the function sub408F90 of the file /cgi/iuxset.cgi of the component ApplyRestore Endpoint. This manipulation of the argument RestoreFile causes command injection. The attack can be initiated remotely. The...

8.6CVSS6.7AI score0.02336EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/05 12:30 p.m.38 views

CVE-2026-7833 EFM ipTIME C200 ApplyRestore Endpoint iux_set.cgi sub_408F90 command injection

A weakness has been identified in EFM ipTIME C200 up to 1.092. This vulnerability affects the function sub408F90 of the file /cgi/iuxset.cgi of the component ApplyRestore Endpoint. This manipulation of the argument RestoreFile causes command injection. The attack can be initiated remotely. The...

8.6CVSS0.02336EPSS
Exploits0References4
NVD
NVD
added 2026/05/05 12:16 p.m.14 views

CVE-2026-43567

OpenClaw before 2026.4.10 contains a path traversal vulnerability in the screenrecord tool's outPath parameter that bypasses workspace-only filesystem guards. Attackers can exploit this by specifying an outPath outside the workspace boundary to write files to unintended locations on the system...

7.1CVSS0.0022EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/05 11:25 a.m.7 views

EUVD-2026-27285

OpenClaw before 2026.4.10 contains a path traversal vulnerability in the screenrecord tool's outPath parameter that bypasses workspace-only filesystem guards. Attackers can exploit this by specifying an outPath outside the workspace boundary to write files to unintended locations on the system...

7.1CVSS5.8AI score0.0022EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/05 11:25 a.m.7 views

CVE-2026-43567

OpenClaw before 2026.4.10 contains a path traversal vulnerability in the screenrecord tool's outPath parameter that bypasses workspace-only filesystem guards. Attackers can exploit this by specifying an outPath outside the workspace boundary to write files to unintended locations on the system...

7.1CVSS5.8AI score0.0022EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/05 11:25 a.m.4 views

CVE-2026-43567 OpenClaw < 2026.4.10 - Path Traversal in screen_record outPath Parameter

OpenClaw before 2026.4.10 contains a path traversal vulnerability in the screenrecord tool's outPath parameter that bypasses workspace-only filesystem guards. Attackers can exploit this by specifying an outPath outside the workspace boundary to write files to unintended locations on the system...

7.1CVSS5.8AI score0.0022EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/05 11:24 a.m.5 views

CVE-2026-42434 OpenClaw 2026.4.5 < 2026.4.10 - Sandbox Escape via host Parameter Override in Exec Routing

OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec routing by specifying host=node. Attackers can bypass sandbox boundaries and route execution to remote nodes instead of intended sandbox paths...

8.8CVSS6AI score0.00347EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/05 11:24 a.m.51 views

CVE-2026-42434 OpenClaw 2026.4.5 < 2026.4.10 - Sandbox Escape via host Parameter Override in Exec Routing

OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec routing by specifying host=node. Attackers can bypass sandbox boundaries and route execution to remote nodes instead of intended sandbox paths...

8.8CVSS0.00347EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/05 11:18 a.m.7 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS6.7AI score0.00308EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/05/05 11:17 a.m.12 views

CVE-2026-6994

A flaw was found in Envoy. A remote attacker could exploit a weakness in the Query Parameter Handler component, specifically within the params.add function. This vulnerability allows for injection, which may lead to limited impacts on the confidentiality, integrity, and availability of the affect...

6.5CVSS5.8AI score0.00228EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/05 9:31 a.m.6 views

EUVD-2026-27240

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'inputs' parameter in versions up to, and including, 1.15.42 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

7.5CVSS5.9AI score0.00358EPSS
Exploits1References3
NVD
NVD
added 2026/05/05 9:16 a.m.9 views

CVE-2026-3359

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'inputs' parameter in versions up to, and including, 1.15.42 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

7.5CVSS0.00358EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/05 7:42 a.m.3 views

CVE-2026-3359

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'inputs' parameter in versions up to, and including, 1.15.42 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

7.5CVSS5.9AI score0.00358EPSS
Exploits1References3
Rows per page
Query Builder