Lucene search
K

225155 matches found

Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.16 views

PT-2026-42728

The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's the-subtitle shortcode before and after attributes in all versions up to, and including, 4.0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS6AI score0.00249EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.16 views

PT-2026-42734

The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 via the map meta cap. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

4.3CVSS5.8AI score0.00236EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.7 views

Unity Linux 20.1060e / 20.1070e Security Update: grafana (UTSA-2026-016678)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016678 advisory. Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin...

6.5CVSS6.9AI score0.02359EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2026/05/21 10:45 p.m.85 views

Exploit for CVE-2026-5118

Divi Form Builder ⚠️ WARNING: This tool is for authorized p...

9.8CVSS5.9AI score0.00487EPSS
Exploits4
NVD
NVD
added 2026/05/21 10:16 p.m.13 views

CVE-2026-6960

The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpressvalidatesubmittedbookingformfunc' function in all versions up to, and including, 5.6. This makes it possible for unauthenticated attackers to upload arbitrary...

9.8CVSS0.00672EPSS
Exploits1References2
NVD
NVD
added 2026/05/21 10:16 p.m.14 views

CVE-2026-5091

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password...

5.1CVSS0.00196EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/21 10:16 p.m.13 views

CVE-2026-5091

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password...

5.1CVSS5.8AI score0.00196EPSS
Exploits0References3
OSV
OSV
added 2026/05/21 10:16 p.m.3 views

UBUNTU-CVE-2026-5091

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password...

5.1CVSS5.8AI score0.00196EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/21 9:27 p.m.32 views

CVE-2026-6960 BookingPress Pro <= 5.6 - Unauthenticated Arbitrary File Upload via Signature Custom Field

The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpressvalidatesubmittedbookingformfunc' function in all versions up to, and including, 5.6. This makes it possible for unauthenticated attackers to upload arbitrary...

9.8CVSS0.00672EPSS
Exploits1References2
CVE
CVE
added 2026/05/21 9:27 p.m.21 views

CVE-2026-6960

BookingPress Pro (WordPress) is affected by CVE-2026-6960 due to missing file type validation in the function bookingpress_validate_submitted_booking_form_func, affecting all versions up to and including 5.6. The vulnerability enables arbitrary file uploads on the affected site’s server and could...

9.8CVSS6.5AI score0.00672EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/21 9:27 p.m.9 views

CVE-2026-6960 BookingPress Pro <= 5.6 - Unauthenticated Arbitrary File Upload via Signature Custom Field

The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpressvalidatesubmittedbookingformfunc' function in all versions up to, and including, 5.6. This makes it possible for unauthenticated attackers to upload arbitrary...

9.8CVSS6.5AI score0.00672EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/21 9:27 p.m.8 views

CVE-2026-6960

The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpressvalidatesubmittedbookingformfunc' function in all versions up to, and including, 5.6. This makes it possible for unauthenticated attackers to upload arbitrary...

9.8CVSS6.5AI score0.00672EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/21 9:7 p.m.9 views

CVE-2026-5091

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password...

5.8AI score0.00196EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/21 9:7 p.m.28 views

CVE-2026-5091 Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password...

0.00196EPSS
Exploits0References2
CVE
CVE
added 2026/05/21 9:7 p.m.19 views

CVE-2026-5091

CVE-2026-5091 affects Catalyst::Plugin::Authentication up to version 0.10024 for Perl. The issue is a timing-attack vulnerability arising from using Perl’s built-in eq comparison, enabling an attacker with local access to distinguish timing differences and potentially infer the underlying hash or...

5.1CVSS5.8AI score0.00196EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/21 9:7 p.m.7 views

CVE-2026-5091 Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password...

5.8AI score0.00196EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/21 8:34 p.m.12 views

NocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams)

Summary The request-filtering-agent SSRF protection was non-functional in the four notification webhook plugins Slack, Discord, Mattermost, Teams because httpAgent / httpsAgent were passed as part of the request body rather than the axios config. An authenticated user with hook-creation permissio...

4.3CVSS5.9AI score0.00176EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/21 7:29 p.m.5 views

CVE-2026-4843

The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the processajaxrestoreaction function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.8AI score0.00192EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/21 7:29 p.m.14 views

EUVD-2026-31333

The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the processajaxrestoreaction function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.8AI score0.00192EPSS
Exploits0References2
CVE
CVE
added 2026/05/21 7:29 p.m.21 views

CVE-2026-4843

The CVE-2026-4843 entry concerns the WordPress plugin “GSheet For Woo Importer.” All versions up to 2.3.1 are affected by a missing capability check in process_ajax_restore_action(), enabling authenticated users with Subscriber-level access or higher to delete the plugin’s Google Sheets API token...

4.3CVSS5.8AI score0.00192EPSS
Exploits0References2
Rows per page
Query Builder