Lucene search
+L

13728 matches found

nuclei
nuclei
added 10 hours ago53 views

Mail Mint < 1.19.5 - Unauthenticated Email Disclosure

Mail Mint WordPress plugin 1.19.5 contains an information disclosure vulnerability caused by lack of authorization in a REST API endpoint, letting unauthenticated users retrieve email addresses of blog users, exploit requires no authentication. id: CVE-2026-2025 info: name: Mail Mint 1.19.5 -...

7.5CVSS6.1AI score0.01379EPSS
Exploits0References3
nuclei
nuclei
added 10 hours ago44 views

WP Directory Kit < 1.5.0 - Unauthenticated Email Exposure

WP Directory Kit plugin for WordPress = 1.4.9 contains a sensitive information exposure caused by improper access control in wdkpublicaction AJAX handler, letting unauthenticated attackers extract email addresses of users with Directory Kit-specific roles. id: CVE-2025-13920 info: name: WP...

5.3CVSS6.1AI score0.00669EPSS
Exploits0References3
nuclei
nuclei
added 10 hours ago59 views

Contest Gallery - Broken Access Control

Contest Gallery from n/a through 23.1.2 contains an exposure of sensitive information to an unauthorized actor caused by insufficient access controls, letting attackers access sensitive data, exploit requires no specific conditions. id: CVE-2024-43283 info: name: Contest Gallery - Broken Access...

7.5CVSS6.1AI score0.01104EPSS
Exploits0References2
nuclei
nuclei
added 10 hours ago10 views

Privacy Policy Genius - Cross-Site Scripting

Privacy Policy Genius WordPress plugin v2.0.4 contains a reflected cross-site scripting caused by unsanitized parameter output in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13219...

6.1CVSS7AI score0.0056EPSS
Exploits1References2
nuclei
nuclei
added 10 hours ago12 views

Fides Privacy Center ≤ 2.39.1 - Server-Side URL Disclosure

Fides versions 2.19.0 to before 2.39.2rc0 contain an information disclosure caused by unauthenticated HTTP GET request to the Privacy Center, letting attackers access the SERVERSIDEFIDESAPIURL, which may reveal server configuration details, exploit requires no authentication. id: CVE-2024-31223...

5.3CVSS6.1AI score0.01114EPSS
Exploits1References3
nuclei
nuclei
added 10 hours ago116 views

Dolibarr Unauthenticated Contacts Database Theft

An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists. id: CVE-2023-33568 info: name: Dolibarr Unauthenticated Contacts Database Theft...

7.5CVSS7AI score0.1494EPSS
Exploits2References5
euvd
euvd
added 14 hours ago5 views

EUVD-2026-44874

The AI Engine WordPress plugin before 3.5.5 does not verify that a user owns the chatbot conversation referenced by a client-supplied identifier, allowing users with subscriber-level access to read other users' private conversations and take over their conversation records when the discussions...

5.9CVSS6.1AI score
Exploits0References1
cve
cve
added 19 hours ago107 views

CVE-2026-48863

The CVE-2026-48863 issue is a stack-based buffer overflow in libsolv’s EdDSA verification when copying the EdDSA 's' MPI, caused by length handling. An adversary could craft an Ed25519 PGP signature with mismatched MPI lengths to trigger a denial of service in automated package/repo processing wo...

7.5CVSS6.2AI score
Exploits0References4
attackerkb
attackerkb
added 19 hours ago6 views

CVE-2026-48863

A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processin...

7.5CVSS6.2AI score
Exploits0References4Affected Software1
cvelist
cvelist
added 19 hours ago12 views

CVE-2026-48863 Libsolv: stack-based buffer overflow in libsolv eddsa pgp signature verification allows denial of service

A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processin...

7.5CVSS
Exploits0References3
cvelist
cvelist
added 3 days ago30 views

CVE-2026-12397 WP Job Portal < 2.5.5 - Subscriber+ Employer Email Disclosure via IDOR

The WP Job Portal WordPress plugin before 2.5.5 does not verify ownership when returning an employer's contact email for a given job, allowing authenticated users with a subscriber-level self-registerable account to read other employers' private account email addresses by enumerating job...

0.00162EPSS
Exploits0References1
cvelist
cvelist
added 6 days ago31 views

CVE-2026-14475 Cookie Banner for GDPR / CCPA <= 4.3.6 - Authenticated (Administrator+) SQL Injection via 'scan_id' Parameter

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

4.9CVSS0.00294EPSS
Exploits0References7
cve
cve
added last week14 views

CVE-2026-49256

CVE-2026-49256 (Discourse) concerns a leakage vulnerability where restricted tag names and tag-group names attached to publicly readable categories could be exposed to anonymous/unauthorized users via category and group endpoints. Affected versions include prior to 2026.6.0, 2026.5.1, 2026.4.2, a...

7.5CVSS5.9AI score0.00373EPSS
Exploits0References5Affected Software1
patchstack
patchstack
added 2026/07/09 7:8 p.m.5 views

WordPress Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin <= 4.3.6 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin WP Cookie Notice for GDPR, CCPA & ePrivacy Consent versions = 4.3.6...

4.9CVSS6.1AI score0.00294EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2026/07/09 7:7 p.m.5 views

WordPress Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin <= 4.3.6 - Missing Authorization to Authenticated (Subscriber+) Scan Schedule Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Scan Schedule Modification vulnerability discovered by PRISM in WordPress Plugin WP Cookie Notice for GDPR, CCPA & ePrivacy Consent versions = 4.3.6...

4.3CVSS6.1AI score0.00196EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2026/07/09 5:17 p.m.8 views

CVE-2026-59213

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.27 before 0.10.0, getallmodels handlers in routers/openai.py and routers/ollama.py passed a lambda to aiocache key instead of keybuilder, causing permission-filtered per-user model lists to share a stat...

5CVSS0.00273EPSS
Exploits1References4
redhatcve
redhatcve
added 2026/07/09 2:57 p.m.8 views

CVE-2026-42505

A flaw was found in the crypto/tls package in Go. Handshakes utilizing Encrypted Client Hello ECH could lead to de-anonymization by a passive network observer. This is due to the disclosure of pre-shared key identities within the unencrypted client hello, allowing an attacker to potentially link...

5.3CVSS5.8AI score0.00413EPSS
Exploits0References7
wired
wired
added 2026/07/09 1:55 p.m.8 views

A Majority of European Lawmakers Voted Against Letting Big Tech Read Our Messages. They’re Going to Anyway

Companies will once again be allowed to scan citizens’ personal texts, emails, and social media messages via the “Chat Control” bill to find child abuse material online...

5.9AI score
Exploits0
nvd
nvd
added 2026/07/09 11:16 a.m.8 views

CVE-2026-4298

The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is due to the dsgvoresetpolicyservicefunc function lacking both capability checks and nonce verification while processing user-supplied parameters to reset plugin...

4.3CVSS0.00204EPSS
Exploits0References6
cvelist
cvelist
added 2026/07/09 9:31 a.m.32 views

CVE-2026-4298 DSGVO All in one for WP <= 4.9 - Missing Authorization to Authenticated (Subscriber+) Settings Reset

The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is due to the dsgvoresetpolicyservicefunc function lacking both capability checks and nonce verification while processing user-supplied parameters to reset plugin...

4.3CVSS0.00204EPSS
Exploits0References6
Rows per page
Query Builder