Lucene search
K

105377 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/13 1:27 p.m.5 views

CVE-2026-4608

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind SQL Injection via the 'rid' parameter in all versions up to, and including, 5.9.8.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

6.5CVSS5.9AI score0.00269EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/13 1:27 p.m.54 views

CVE-2026-4608 ProfileGrid <= 5.9.8.4 - Authenticated (Subscriber+) SQL Injection via 'rid' Parameter

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind SQL Injection via the 'rid' parameter in all versions up to, and including, 5.9.8.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

6.5CVSS0.00269EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/13 1:27 p.m.9 views

CVE-2026-4608 ProfileGrid <= 5.9.8.4 - Authenticated (Subscriber+) SQL Injection via 'rid' Parameter

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind SQL Injection via the 'rid' parameter in all versions up to, and including, 5.9.8.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

6.5CVSS5.9AI score0.00269EPSS
Exploits0References6
CVE
CVE
added 2026/05/13 1:27 p.m.19 views

CVE-2026-4608

CVE-2026-4608 affects the WordPress ProfileGrid – User Profiles, Groups and Communities plugin (versions up to and including 5.9.8.4). It describes a blind SQL Injection via the rid parameter, caused by insufficient escaping of user input and inadequate query preparation, allowing authenticated a...

6.5CVSS5.9AI score0.00269EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/13 1:20 p.m.13 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.9AI score0.01945EPSS
Exploits0References8
NVD
NVD
added 2026/05/13 1:16 p.m.12 views

CVE-2026-42950

ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may become broken...

5.1CVSS0.00207EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 1:16 p.m.12 views

CVE-2026-42062

ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentication is required...

9.8CVSS0.01633EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 1:1 p.m.10 views

CVE-2026-4782

The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusiongetsvgfromfile' function with the 'customsvg' parameter of the 'fusionsectionseparator' shortcode. This makes it possible for authenticated attackers, with...

6.5CVSS0.00473EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/13 12:29 p.m.9 views

CVE-2026-3425 RTMKit Addons for Elementor <= 2.0.2 - Authenticated (Author+) Local File Inclusion via 'path'

The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.2 via the 'path' parameter of the 'getcontent' AJAX action. This makes it possible for authenticated attackers, with Author-level access and above, to include and...

8.8CVSS6.4AI score0.00625EPSS
Exploits0References3
CVE
CVE
added 2026/05/13 12:29 p.m.16 views

CVE-2026-3425

The vulnerability CVE-2026-3425 affects the RTMKit Addons for Elementor WordPress plugin and is exploitable via a Local File Inclusion (LFI) flaw in all versions up to 2.0.2. The issue is triggered through the path parameter of the get_content AJAX action, allowing authenticated users with Author...

8.8CVSS6.4AI score0.00625EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/13 12:2 p.m.56 views

CVE-2026-42950

ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may become broken...

5.1CVSS0.00207EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 12:2 p.m.22 views

CVE-2026-42950

The CVE-2026-42950 entry concerns ELECOM wireless LAN access point devices where the language parameter can be given an inappropriate value. The underlying issue may cause the admin page in the user’s web browser to become broken if a logged-in user visits a malicious page. Documented impact is b...

5.1CVSS5.8AI score0.00207EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 12:2 p.m.7 views

CVE-2026-42950

ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may become broken...

5.1CVSS5.8AI score0.00207EPSS
Exploits0References3Affected Software4
Vulnrichment
Vulnrichment
added 2026/05/13 12:1 p.m.10 views

CVE-2026-42062

ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentication is required...

9.8CVSS7.4AI score0.01633EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/13 12:1 p.m.37 views

CVE-2026-42062

ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentication is required...

9.8CVSS0.01633EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 12:1 p.m.18 views

CVE-2026-42062

ELECOM wireless LAN access point devices are affected by an OS command injection in the processing of the username parameter. A crafted request can execute arbitrary OS commands with no authentication required. Affected versions are not explicitly listed in the provided documents; CVSS metrics in...

9.8CVSS7.4AI score0.01633EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 12:1 p.m.5 views

CVE-2026-42062

ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentication is required...

9.8CVSS7.4AI score0.01633EPSS
Exploits0References3Affected Software4
Vulnrichment
Vulnrichment
added 2026/05/13 12:1 p.m.7 views

CVE-2026-35506

ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of pingipaddr parameter. If processing a crafted request sent by a logged-in user, an arbitrary OS command may be executed...

8.6CVSS5.9AI score0.01308EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/13 9:26 a.m.24 views

EUVD-2026-29933

The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusiongetsvgfromfile' function with the 'customsvg' parameter of the 'fusionsectionseparator' shortcode. This makes it possible for authenticated attackers, with...

6.5CVSS5.9AI score0.00473EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/13 9:26 a.m.11 views

CVE-2026-4782 Avada Builder <= 3.15.2 - Authenticated (Subscriber+) Arbitrary File Read via 'custom_svg' Shortcode Parameter

The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusiongetsvgfromfile' function with the 'customsvg' parameter of the 'fusionsectionseparator' shortcode. This makes it possible for authenticated attackers, with...

6.5CVSS5.9AI score0.00473EPSS
Exploits1References2
Rows per page
Query Builder