2818 matches found
EUVD-2026-37676
Unauthenticated PHP Object Injection in Mildhill = 1.5 versions...
CVE-2025-69170
Unauthenticated Local File Inclusion in Eventicity = 1.5 versions...
EUVD-2026-37690
Unauthenticated PHP Object Injection in SingleMalt = 1.5 versions...
EUVD-2025-210266
Unauthenticated Local File Inclusion in Eventicity = 1.5 versions...
CVE-2026-46884
Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM component: Marketing. Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Apps - Marketing. Successful attac...
CVE-2026-46857
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Oracle Management Service. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...
CVE-2026-46855
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Metadata Plugin. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle...
CVE-2026-46832
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Discovery Framework. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise...
CVE-2026-49079 WordPress JetSearch plugin <= 3.5.17 - SQL Injection vulnerability
Unauthenticated SQL Injection in JetSearch = 3.5.17 versions...
CVE-2026-48055
Streambert (Electron-based desktop app) has a Zip Slip vulnerability in its subtitle extraction logic affecting versions up to 2.4.0. The code concatenates raw archive entry names to a temporary directory, enabling path traversal and arbitrary file writes if a malicious ZIP with traversal sequenc...
EUVD-2026-37060
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and including, 5.5.1. The plugin chains three independent flaws that together allow an authenticated Agent Agent+ to overwrite a...
EUVD-2026-36972
Unauthenticated Cross Site Scripting XSS in Notification for Telegram = 3.5 versions...
CVE-2026-48872
Unauthenticated Sensitive Data Exposure in EmbedPress = 4.5.2 versions...
CVE-2026-40732
Unauthenticated Cross Site Scripting XSS in Notification for Telegram = 3.5 versions...
CVE-2026-49083 WordPress LatePoint plugin <= 5.5.1 - Privilege Escalation vulnerability
Contributor Privilege Escalation in LatePoint = 5.5.1 versions...
CVE-2026-49083
Summary: CVE-2026-49083 affects the WordPress LatePoint plugin and is a privilege-escalation vulnerability in versions ≤ 5.5.1. What’s affected: WordPress LatePoint plugin (versions up to and including 5.5.1). Impact (as per provided metrics): CVSS 3.1 base score 7.5 (High), with network attack v...
EUVD-2026-36871
Unauthenticated Privilege Escalation in Listdom = 5.5.0 versions...
CVE-2026-49063 WordPress Listdom plugin <= 5.5.0 - Privilege Escalation vulnerability
Unauthenticated Privilege Escalation in Listdom = 5.5.0 versions...
EUVD-2026-36866
Unauthenticated Broken Authentication in Really Simple SSL = 9.5.10 versions...
CVE-2026-48970 WordPress Really Simple SSL plugin <= 9.5.10 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in Really Simple SSL = 9.5.10 versions...