Lucene search
K

225324 matches found

Vulnrichment
Vulnrichment
added 2026/05/20 8:51 a.m.7 views

CVE-2026-44933 Path Traversal in Plugin Loading in libzypp

PluginScript attempts to chroot the plugin to the repoManagerRoot, this root is frequently / the system root in standard configurations or when using --root. If the chroot target is /, it is a no-op, allowing the traversed path to execute host binaries like /bin/bash with root privileges...

8.5CVSS5.9AI score0.00214EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/20 8:51 a.m.15 views

EUVD-2026-31074

PluginScript attempts to chroot the plugin to the repoManagerRoot, this root is frequently / the system root in standard configurations or when using --root. If the chroot target is /, it is a no-op, allowing the traversed path to execute host binaries like /bin/bash with root privileges...

8.5CVSS5.9AI score0.00214EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/20 8:51 a.m.38 views

CVE-2026-44933 Path Traversal in Plugin Loading in libzypp

PluginScript attempts to chroot the plugin to the repoManagerRoot, this root is frequently / the system root in standard configurations or when using --root. If the chroot target is /, it is a no-op, allowing the traversed path to execute host binaries like /bin/bash with root privileges...

8.5CVSS0.00214EPSS
Exploits0References1
CVE
CVE
added 2026/05/20 8:51 a.m.22 views

CVE-2026-44933

CVE-2026-44933 affects the libzypp component’s PluginScript during plugin loading. The vulnerability arises when a plugin is chrooted to repoManagerRoot; if the target is “/” (which is common in standard configurations or when using --root), the chroot becomes a no-op, but the traversed path can ...

8.5CVSS5.9AI score0.00214EPSS
Exploits0References1
NVD
NVD
added 2026/05/20 8:16 a.m.15 views

CVE-2026-6405

The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF leading to Stored Cross-Site Scripting XSS in versions up to and including 0.3.6. This is due to missing nonce verification on the settings page handler and insufficient output...

4.3CVSS0.00168EPSS
Exploits0References7
NVD
NVD
added 2026/05/20 8:16 a.m.25 views

CVE-2026-5200

The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10.8.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. Thi...

8.8CVSS0.00336EPSS
Exploits0References2
NVD
NVD
added 2026/05/20 7:16 a.m.19 views

CVE-2026-7385

The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attackers to enumerate registered user email addresses...

5.8CVSS0.00271EPSS
Exploits0References1
NVD
NVD
added 2026/05/20 7:16 a.m.11 views

CVE-2026-6566

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...

4.3CVSS0.00264EPSS
Exploits0References2
NVD
NVD
added 2026/05/20 7:16 a.m.7 views

CVE-2026-5776

The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks...

6.1CVSS0.00213EPSS
Exploits0References1
NVD
NVD
added 2026/05/20 7:16 a.m.11 views

CVE-2026-2955

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

6.4CVSS0.00223EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/20 6:46 a.m.42 views

CVE-2026-5200 AcyMailing <= 10.8.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via 'acymailing_router'

The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10.8.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. Thi...

8.8CVSS0.00336EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/20 6:46 a.m.10 views

CVE-2026-5200 AcyMailing <= 10.8.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via 'acymailing_router'

The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10.8.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. Thi...

8.8CVSS5.8AI score0.00336EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/20 6:46 a.m.9 views

CVE-2026-5200

The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10.8.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. Thi...

8.8CVSS5.8AI score0.00336EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/20 6:46 a.m.12 views

EUVD-2026-31071

The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10.8.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. Thi...

8.8CVSS5.8AI score0.00336EPSS
Exploits0References2
CVE
CVE
added 2026/05/20 6:46 a.m.15 views

CVE-2026-6405

The CVE CVE-2026-6405 concerns the WordPress plugin Anomify AI – Anomaly Detection and Alerting (

4.3CVSS6AI score0.00168EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/20 6:46 a.m.13 views

EUVD-2026-31070

The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF leading to Stored Cross-Site Scripting XSS in versions up to and including 0.3.6. This is due to missing nonce verification on the settings page handler and insufficient output...

4.3CVSS6AI score0.00168EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/20 6:46 a.m.44 views

CVE-2026-6405 Anomify AI <= 0.3.6 - Cross-Site Request Forgery

The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF leading to Stored Cross-Site Scripting XSS in versions up to and including 0.3.6. This is due to missing nonce verification on the settings page handler and insufficient output...

4.3CVSS0.00168EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/20 6:46 a.m.9 views

CVE-2026-6405 Anomify AI <= 0.3.6 - Cross-Site Request Forgery

The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF leading to Stored Cross-Site Scripting XSS in versions up to and including 0.3.6. This is due to missing nonce verification on the settings page handler and insufficient output...

4.3CVSS6AI score0.00168EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/20 6:0 a.m.42 views

CVE-2026-7385 Decent Comments < 3.0.2 - Unauthenticated Email Address Disclosure

The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attackers to enumerate registered user email addresses...

0.00271EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/20 6:0 a.m.10 views

EUVD-2026-31067

The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attackers to enumerate registered user email addresses...

5.8CVSS5.8AI score0.00271EPSS
Exploits0References1
Rows per page
Query Builder