Lucene search
K

225304 matches found

CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

ConnectWise Automate Agent 安全漏洞

ConnectWise Automate Agent is a remote monitoring and management software developed by the American company ConnectWise. There is a security vulnerability in ConnectWise Automate Agent, which stems from an incomplete verification of component authenticity. This vulnerability may affect plugin...

8.8CVSS5.8AI score0.00311EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

WordPress plugin GSheet For Woo Importer 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.8AI score0.00192EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/20 7:38 p.m.7 views

CVE-2026-9133 Arbitrary file read in rabbitmq-aws plugin

Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme arn:aws-debug:file accepted by the PUT /api/aws/arn/validate validation endpoint might allow remote authenticated users to perform arbitrary file reads on any file accessible to the...

8.3CVSS6AI score0.00344EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/20 7:38 p.m.39 views

CVE-2026-9133 Arbitrary file read in rabbitmq-aws plugin

Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme arn:aws-debug:file accepted by the PUT /api/aws/arn/validate validation endpoint might allow remote authenticated users to perform arbitrary file reads on any file accessible to the...

8.3CVSS0.00344EPSS
Exploits0References3
CVE
CVE
added 2026/05/20 7:38 p.m.20 views

CVE-2026-9133

CVE-2026-9133 affects the rabbitmq-aws plugin’s ARN resolver. Active debug code enables a debug ARN scheme (arn:aws-debug:file) that is accepted by PUT /api/aws/arn/validate, allowing remote authenticated users to perform arbitrary file reads on files accessible to the RabbitMQ process. This issu...

8.3CVSS6AI score0.00344EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/20 7:7 p.m.7 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the diagnostics endpoint. An attacker can obtain sensitive secret-backed plugin configuration data by accessing this endpoint. Remediation There is no fixed version for...

6.1CVSS5.8AI score
Exploits0References3
Snyk
Snyk
added 2026/05/20 7:7 p.m.4 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the diagnostics endpoint. An attacker can obtain sensitive secret-backed plugin configuration data by accessing this endpoint. Remediation Upgrade...

6.1CVSS5.8AI score
Exploits0References3
OSV
OSV
added 2026/05/20 7:7 p.m.9 views

GO-2026-5010 Kong Ingress Controller for Kubernetes (KIC): Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint in github.com/kong/kubernetes-ingress-controller

Kong Ingress Controller for Kubernetes KIC: Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint in github.com/kong/kubernetes-ingress-controller...

5.8AI score
Exploits0References1
Patchstack
Patchstack
added 2026/05/20 6:17 p.m.11 views

WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Evan NR in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions = 1.8.8...

7.1CVSS5.8AI score0.00142EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/05/20 6:0 p.m.29 views

CVE-2026-45444 WordPress Gift Cards For WooCommerce Pro plugin <= 4.2.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6...

10CVSS0.00282EPSS
Exploits0References1
CVE
CVE
added 2026/05/20 6:0 p.m.16 views

CVE-2026-45444

CVE-2026-45444 describes an arbitrary file upload vulnerability in the WordPress plugin Gift Cards For WooCommerce Pro (WP Swings Gift Cards For WooCommerce Pro) up to version 4.2.6. The issue is triggered by uploading a file of an unrestricted/ dangerous type, potentially enabling the attacker t...

10CVSS5.8AI score0.00282EPSS
In wildExploits0References1
NVD
NVD
added 2026/05/20 5:16 p.m.11 views

CVE-2026-7613

The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata0costofgoodsvalue' parameter in versions up to, and including, 1.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...

7.2CVSS0.00255EPSS
Exploits0References2
OSV
OSV
added 2026/05/20 4:57 p.m.6 views

CLSA-2026-1779296233 sos: Fix of CVE-2022-2806

CVE-2022-2806: ovirt plugin: filter out all password keys in answer files...

5.5CVSS5.8AI score0.00233EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/20 4:27 p.m.8 views

CVE-2026-7613

The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata0costofgoodsvalue' parameter in versions up to, and including, 1.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...

7.2CVSS6AI score0.00255EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/20 4:27 p.m.36 views

CVE-2026-7613 Cost of Goods by PixelYourSite <= 1.2.12 - Unauthenticated Stored Cross-Site Scripting via Cost of Goods Import

The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata0costofgoodsvalue' parameter in versions up to, and including, 1.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...

7.2CVSS0.00255EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/20 4:27 p.m.8 views

CVE-2026-7613 Cost of Goods by PixelYourSite <= 1.2.12 - Unauthenticated Stored Cross-Site Scripting via Cost of Goods Import

The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata0costofgoodsvalue' parameter in versions up to, and including, 1.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...

7.2CVSS6AI score0.00255EPSS
Exploits0References2
CVE
CVE
added 2026/05/20 4:27 p.m.18 views

CVE-2026-7613

CVE-2026-7613 affects the Cost of Goods by PixelYourSite plugin for WordPress. It allows unauthenticated Stored XSS via csvdata[0][cost_of_goods_value] in versions up to 1.2.12 due to insufficient input sanitization and output escaping, enabling arbitrary scripts to run on pages loaded by users. ...

7.2CVSS6AI score0.00255EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/20 4:27 p.m.9 views

EUVD-2026-31126

The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata0costofgoodsvalue' parameter in versions up to, and including, 1.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...

7.2CVSS6AI score0.00255EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/20 1:37 p.m.8 views

WordPress HT Contact Form 7 plugin <= 2.8.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin HT Contact Form 7 versions = 2.8.2...

7.1CVSS5.8AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/20 1:15 p.m.10 views

WordPress Broadstreet plugin <= 1.52.2 - Authenticated (Subscriber+) Private Post Meta Disclosure vulnerability

Authenticated Subscriber+ Private Post Meta Disclosure vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Broadstreet Ads versions = 1.52.2...

4.3CVSS5.8AI score0.00219EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder