Lucene search
K

225318 matches found

Vulnrichment
Vulnrichment
added 2026/05/20 12:13 p.m.10 views

CVE-2026-27424 WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Photo Gallery Final Tiles Grid: from n/a through 3.6.11...

4.3CVSS5.8AI score0.00206EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/20 12:13 p.m.14 views

CVE-2026-27424

Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Photo Gallery Final Tiles Grid: from n/a through 3.6.11...

4.3CVSS5.8AI score0.00206EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/20 12:13 p.m.13 views

EUVD-2026-31095

Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Photo Gallery Final Tiles Grid: from n/a through 3.6.11...

4.3CVSS5.8AI score0.00206EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/20 12:12 p.m.10 views

WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Que Thanh Tuan in WordPress Plugin Image Photo Gallery Final Tiles Grid versions = 3.6.11...

4.3CVSS5.8AI score0.00206EPSS
Exploits0Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 10:51 a.m.11 views

Malicious code in @spcsn/taro-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10e2baba3a5166ecf1196146e1b2a8771836b25bd7f8d56979e3e277a3de9625 The package's postinstall script probes https://taro.jd.com/ and then invokes its own CLI to run npm install...

6.1AI score
Exploits0References1
OSV
OSV
added 2026/05/20 10:51 a.m.11 views

MAL-2026-4447 Malicious code in @spcsn/taro-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10e2baba3a5166ecf1196146e1b2a8771836b25bd7f8d56979e3e277a3de9625 The package's postinstall script probes https://taro.jd.com/ and then invokes its own CLI to run npm install...

6.1AI score
Exploits0References1
NVD
NVD
added 2026/05/20 10:16 a.m.8 views

CVE-2026-6728

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.9 via the 'getstreamdata' function. This makes it possible for unauthenticated attackers to extract sensitive data including published password-protected post, page, an...

5.3CVSS0.00332EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/20 10:16 a.m.14 views

CVE-2026-44933

PluginScript attempts to chroot the plugin to the repoManagerRoot, this root is frequently / the system root in standard configurations or when using --root. If the chroot target is /, it is a no-op, allowing the traversed path to execute host binaries like /bin/bash with root privileges...

8.5CVSS5.9AI score0.00214EPSS
Exploits0References2
OSV
OSV
added 2026/05/20 10:16 a.m.9 views

UBUNTU-CVE-2026-44933

PluginScript attempts to chroot the plugin to the repoManagerRoot, this root is frequently / the system root in standard configurations or when using --root. If the chroot target is /, it is a no-op, allowing the traversed path to execute host binaries like /bin/bash with root privileges...

8.5CVSS5.9AI score0.00214EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/20 9:28 a.m.12 views

EUVD-2026-31089

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.9 via the 'getstreamdata' function. This makes it possible for unauthenticated attackers to extract sensitive data including published password-protected post, page, an...

5.3CVSS5.8AI score0.00332EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/20 9:28 a.m.71 views

CVE-2026-6728 Slider Revolution <= 7.0.9 - Unauthenticated Sensitive Information Exposure via 'sliders/stream'

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.9 via the 'getstreamdata' function. This makes it possible for unauthenticated attackers to extract sensitive data including published password-protected post, page, an...

5.3CVSS0.00332EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/20 9:28 a.m.12 views

CVE-2026-6728

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.9 via the 'getstreamdata' function. This makes it possible for unauthenticated attackers to extract sensitive data including published password-protected post, page, an...

5.3CVSS5.8AI score0.00332EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/20 9:28 a.m.27 views

CVE-2026-6728

The CVE concerns the WordPress Slider Revolution plugin (up to version 7.0.9). Affected component: get_stream_data() in sliders/stream, enabling unauthenticated attackers to exfiltrate sensitive content, including published password-protected posts, pages, and products. Root cause: Sensitive Info...

5.3CVSS5.8AI score0.00332EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/20 8:51 a.m.37 views

CVE-2026-44933 Path Traversal in Plugin Loading in libzypp

PluginScript attempts to chroot the plugin to the repoManagerRoot, this root is frequently / the system root in standard configurations or when using --root. If the chroot target is /, it is a no-op, allowing the traversed path to execute host binaries like /bin/bash with root privileges...

8.5CVSS0.00214EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/20 8:51 a.m.8 views

CVE-2026-44933

PluginScript attempts to chroot the plugin to the repoManagerRoot, this root is frequently / the system root in standard configurations or when using --root. If the chroot target is /, it is a no-op, allowing the traversed path to execute host binaries like /bin/bash with root privileges...

8.5CVSS5.9AI score0.00214EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2026/05/20 8:51 a.m.21 views

CVE-2026-44933

CVE-2026-44933 affects the libzypp component’s PluginScript during plugin loading. The vulnerability arises when a plugin is chrooted to repoManagerRoot; if the target is “/” (which is common in standard configurations or when using --root), the chroot becomes a no-op, but the traversed path can ...

8.5CVSS5.9AI score0.00214EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/20 8:51 a.m.7 views

CVE-2026-44933 Path Traversal in Plugin Loading in libzypp

PluginScript attempts to chroot the plugin to the repoManagerRoot, this root is frequently / the system root in standard configurations or when using --root. If the chroot target is /, it is a no-op, allowing the traversed path to execute host binaries like /bin/bash with root privileges...

8.5CVSS5.9AI score0.00214EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/20 8:51 a.m.15 views

EUVD-2026-31074

PluginScript attempts to chroot the plugin to the repoManagerRoot, this root is frequently / the system root in standard configurations or when using --root. If the chroot target is /, it is a no-op, allowing the traversed path to execute host binaries like /bin/bash with root privileges...

8.5CVSS5.9AI score0.00214EPSS
Exploits0References1
NVD
NVD
added 2026/05/20 8:16 a.m.15 views

CVE-2026-6405

The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF leading to Stored Cross-Site Scripting XSS in versions up to and including 0.3.6. This is due to missing nonce verification on the settings page handler and insufficient output...

4.3CVSS0.00168EPSS
Exploits0References7
NVD
NVD
added 2026/05/20 8:16 a.m.25 views

CVE-2026-5200

The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10.8.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. Thi...

8.8CVSS0.00336EPSS
Exploits0References2
Rows per page
Query Builder