Lucene search
K

105483 matches found

CVE
CVE
added 2026/05/13 4:26 a.m.28 views

CVE-2026-7051

The CVE-2026-7051 entry concerns the Blog2Social WordPress plugin (versions up to 8.9.0) with a Missing Authorization issue. The root cause is missing blog_user_id constraints in B2S_Post_Tools::deleteUserPublishPost() and deleteUserSchedPost(), allowing an authenticated subscriber+ to delete oth...

5.4CVSS5.9AI score0.00409EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 2026/05/13 4:26 a.m.7 views

CVE-2026-6828

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'permissionmessage' parameter in all versions up to, and including, 6.2.1 due to insufficient input sanitization and output escaping...

6.4CVSS6AI score0.00201EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/13 4:26 a.m.8 views

EUVD-2026-29900

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 1.8.10.4 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS5.9AI score0.00281EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/13 4:26 a.m.37 views

CVE-2026-7619 Charitable <= 1.8.10.4 - Authenticated (Custom+) SQL Injection via 's' Search Parameter

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 1.8.10.4 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS0.00281EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/13 2:8 a.m.20 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS7AI score0.00308EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/13 12:48 a.m.18 views

EUVD-2026-29871

The Court Reservation – Manage Your Court Bookings Online plugin for WordPress is vulnerable to generic SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.10.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

7.5CVSS5.9AI score0.00273EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/13 12:48 a.m.29 views

EUVD-2026-29850

Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted filename with traversal sequences. Attackers can exploit the unvalidated filename parameter in th...

7.6CVSS5.9AI score0.00355EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.10 views

PT-2026-40619

Joomla com hdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hdwplayersearch parameter. Attackers can submit POST requests with crafted SQL payloads in the...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.11 views

PT-2026-40627

Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Attackers can send POST requests to the administrator index with malicious 'sortby' values to extract...

7.1CVSS5.9AI score0.00273EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.9 views

PT-2026-40598

Name of the Vulnerable Software and Affected Versions ELECOM wireless LAN access point devices affected versions not specified Description An OS command injection exists in the processing of the username parameter. This allows an unauthenticated attacker to execute arbitrary OS commands by sendin...

9.8CVSS7.5AI score0.01633EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.11 views

PT-2026-40809

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, a SQL injection vulnerability existed in the handling of user-controlled ordering parameters in the event and shadow attribute listing endpoints. The affected code accepted order or sort values from request paramete...

9.3CVSS5.9AI score0.0054EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

JupyterLab 参数注入漏洞

JupyterLab is an open-source extension for interactive and reproducible computing environments, based on Jupyter Notebooks and their architecture. Versions 4.0.0 to 4.5.6 of JupyterLab contain a parameter injection vulnerability. This vulnerability arises from improper execution of the allowlist...

8.8CVSS5.9AI score0.0053EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.8 views

Joomla com_fabrik 路径遍历漏洞

Joomla comfabrik is an extension developed by the Fabrik team, designed for building data forms, database applications, and business processes for Joomla websites. Version 3.9.11 of Joomla comfabrik contains a path traversal vulnerability. This vulnerability stems from directory traversal issues,...

8.7CVSS5.9AI score0.00716EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.18 views

PT-2026-40600

ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may become broken...

5.1CVSS5.8AI score0.00207EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.8 views

Deciso OPNsense 参数注入漏洞

Deciso OPNsense is a firewall and router operating system developed by the Dutch company Deciso. Versions of Decivo OPNsense prior to 26.1.7 contained a parameter injection vulnerability. This vulnerability stemmed from the XMLRPC method opnsense.restoreconfigsection, which failed to clean up the...

9.1CVSS6.1AI score0.00686EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.9 views

PT-2026-40594

The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.2 via the 'path' parameter of the 'get content' AJAX action. This makes it possible for authenticated attackers, with Author-level access and above, to include and...

8.8CVSS6.4AI score0.00625EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

Flight 安全漏洞

Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained security vulnerabilities. These vulnerabilities stemmed from the unconditional acceptance of the X-HTTP-Method-Override header and the$REQUESTmethod parameter by the Request::getMethod method. This...

7.5CVSS5.8AI score0.0031EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

WordPress plugin ProfileGrid SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.5CVSS5.9AI score0.00269EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

Flight 跨站脚本漏洞

Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of Flight::jsonp, which directly connected the “?jsonp=” query parameter to the application/javascript response body. No...

8.6CVSS5.7AI score0.00341EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

qihang-wms SQL注入漏洞

Qihang-WMS is an intelligent warehousing management system developed by Qiliping’s individual developers. Qihang-WMS has a SQL injection vulnerability. This vulnerability stems from the SQL injection vulnerability present in the datascope parameter in the SysDeptMapper.xml file. It may allow...

6.5CVSS5.8AI score0.00209EPSS
Exploits0References1
Rows per page
Query Builder