Lucene search
K

120 matches found

Nuclei
Nuclei
added 15 hours ago16 views

WordPress Product Slider Pro for WooCommerce < 3.5.4 - Supply Chain Backdoor RCE

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4. id: CVE-2026-49777 info: name: WordPress Product Slider Pro f...

10CVSS6.1AI score0.01656EPSS
Exploits2References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-41418

The TinyPNG – JPEG, PNG & WebP image compression plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteconvertedimagesize function in all versions up to, and including, 3.6.13. This makes it possible for authenticated attackers, with...

8.1CVSS6.5AI score
Exploits0References6
EUVD
EUVD
added yesterday5 views

EUVD-2026-41320

Contributor SQL Injection in WP EasyCart = 5.9.0 versions...

8.5CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2026/06/24 2:17 p.m.9 views

CVE-2026-57285

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration...

4.3CVSS0.00216EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in the 389-DS-base

A flaw was discovered in the ‘deref’ plugin of 389-ds-base, where it could use the ‘search’ permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes...

6.5CVSS6.7AI score0.013EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49205

WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in...

5.3CVSS5.2AI score0.00116EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/10 6:0 a.m.7 views

CVE-2026-8071 Spam protection, Honeypot, Anti-Spam by CleanTalk < 6.79 - Unauthenticated Stored XSS via Comment Shortcode Bypass

The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content within a custom shortcode used in its email-encoding feature, allowing unauthenticated attackers to inject arbitrary web scripts into approved comments that will execute when any user...

5.7AI score0.00296EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.10 views

EulerOS 2.0 SP13 : vim (EulerOS-SA-2026-2318)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob function on...

8.2CVSS7.9AI score0.01162EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.6 views

CVE-2026-11693

Inappropriate implementation in Plugins in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

5.4AI score0.00184EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/08 11:27 p.m.35 views

CVE-2026-11693

Inappropriate implementation in Plugins in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

0.00184EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/08 11:27 p.m.9 views

CVE-2026-11693

Inappropriate implementation in Plugins in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

8.1CVSS5.4AI score0.00184EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/05 11:28 p.m.7 views

CVE-2026-9719 LatePoint <= 5.6.0 - Cross-Site Request Forgery via invoices__change_status Action

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the changestatus function. This makes it possible for...

4.3CVSS5.5AI score0.00135EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.11 views

CVE-2026-3614

The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.0 up to, and including, 10.8.1 due to a missing capability check on the wpajaxacymailingrouter AJAX handler. This makes it possible for authenticated attackers, with Subscriber-level access and...

8.8CVSS5.5AI score0.00435EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 2:26 a.m.7 views

CVE-2026-6702

The Publish 2 Ping.fm plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the '/wp-admin/options-general.php?page=admin.php' page. This makes it possible for unauthenticated attackers t...

6.1CVSS5.7AI score0.0012EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.7 views

PT-2026-33112

Name of the Vulnerable Software and Affected Versions Velociraptor versions prior to 0.76.3 Description A flaw in the query plugin allows an authenticated GUI user to access all organizations using their current ACL token. By utilizing the query plugin within a notebook cell, a user with access t...

9.1CVSS5.9AI score0.00224EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.8 views

Velociraptor 安全漏洞

Velociraptor is an open-source tool developed by Velocidex, designed for querying and collecting host-based status information using the Velociraptor Query Language VQL. Versions of Velociraptor prior to 0.76.3 contained security vulnerabilities. These vulnerabilities stemmed from the query plugi...

9.1CVSS5.9AI score0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.10 views

Discourse 安全漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email, and chat rooms. Versions of Discourse prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain security vulnerabilities. These vulnerabilities stem from...

6.5CVSS5.8AI score0.00332EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.4 views

EulerOS Virtualization 2.12.0 : vim (EulerOS-SA-2026-1526)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vims tar.vim plugin can allow...

4.1CVSS6.2AI score0.00731EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2026/03/13 8:50 p.m.2 views

CVE-2026-32628

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected...

7.7CVSS6.2AI score0.00299EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.8 views

PT-2026-23388

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP AttractiveDonationsSystem allows Blind SQL Injection.This issue affects WP Attractive Donations System - Easy Stripe & Payp...

6AI score0.00241EPSS
Exploits0References2
Rows per page
Query Builder