Lucene search
K

20070 matches found

BDU FSTEC
BDU FSTEC
added yesterday15 views

The vulnerability of the Directum HR Pro system, which exists due to insufficient verification of input data, allows a perpetrator to disclose protected information.

The vulnerability of the Directum HR Pro system exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to disclose protected information by sending a specially crafted POST request...

7.7CVSS5.7AI score
Exploits0Affected Software1
NVD
NVD
added yesterday3 views

CVE-2026-57710

Unrestricted Upload of File with Dangerous Type vulnerability in quantumcloud WoowBot Pro Max woowbot-pro-max allows Using Malicious Files.This issue affects WoowBot Pro Max: from n/a through = 14.1.7...

9.9CVSS0.00479EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57719

Unrestricted Upload of File with Dangerous Type vulnerability in CodeRevolution Aimogen Pro aimogen-pro allows Using Malicious Files.This issue affects Aimogen Pro: from n/a through = 2.8.3...

10CVSS0.00522EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-57707

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows SQL Injection.This issue affects Simple Business Directory Pro: from n/a through = 15.9.4...

9.3CVSS0.004EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57398

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebCodingPlace Real Estate Manager Pro real-estate-manager-pro allows Reflected XSS.This issue affects Real Estate Manager Pro: from n/a through = 12.8.3...

7.1CVSS0.00251EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-57707

The CVE-2026-57707 entry concerns WordPress Plugin Simple Business Directory Pro (versions up to 15.9.4) affected by an SQL Injection vulnerability. Affected component is the Simple Business Directory Pro plugin; root cause indicated as improper neutralization of special elements used in SQL comm...

9.3CVSS6.1AI score0.004EPSS
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-57719

CVE-2026-57719 affects the WordPress plugin Aimogen Pro (versions up to and including 2.8.3). The vulnerability is described as Unrestricted Upload of File with Dangerous Type (Arbitrary File Upload) in Aimogen Pro, allowing attackers to upload malicious files. The CVSS v3.1 metrics indicate a ba...

10CVSS6.1AI score0.00522EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-57710

Summary: The WordPress plugin WoowBot Pro Max (woowbot-pro-max) up to version 14.1.7 is affected by an Unrestricted/Arbitrary File Upload vulnerability. The issue allows uploading dangerous files, classified as a Critical risk (CVSS v3.1: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). The affected line is...

9.9CVSS6.1AI score0.00479EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday16 views

CVE-2026-57398 WordPress Real Estate Manager Pro plugin <= 12.8.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebCodingPlace Real Estate Manager Pro real-estate-manager-pro allows Reflected XSS.This issue affects Real Estate Manager Pro: from n/a through = 12.8.3...

7.1CVSS0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday16 views

CVE-2026-57710 WordPress WoowBot Pro Max plugin <= 14.1.7 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in quantumcloud WoowBot Pro Max woowbot-pro-max allows Using Malicious Files.This issue affects WoowBot Pro Max: from n/a through = 14.1.7...

9.9CVSS0.00479EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday15 views

CVE-2026-57719 WordPress Aimogen Pro plugin <= 2.8.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in CodeRevolution Aimogen Pro aimogen-pro allows Using Malicious Files.This issue affects Aimogen Pro: from n/a through = 2.8.3...

10CVSS0.00522EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added yesterday4 views

gimp: gimp: Heap buffer overflow in read_channel_data()

A flaw was found in GIMP's Paint Shop Pro PSP file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary code execution or a denial of service DoS by tricking a user into opening a specially crafted PSP image file. The vulnerability occurs because the...

7.3CVSS6.6AI score0.00233EPSS
Exploits0References6
Nuclei
Nuclei
added yesterday66 views

Ads Pro Plugin <= 4.88 - Unauthenticated SQL Injection

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the 'aid' parameter in all versions up to, and including, 4.88 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

7.5CVSS7AI score0.01566EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday20 views

WordPress ShowBiz Pro <= 1.7.1 - Authenticated Arbitrary File Upload to RCE

The WordPress ShowBiz Pro plugin version = 1.7.1 allows arbitrary PHP file upload via the admin-ajax.php endpoint.This leads to unauthenticated remote code execution. id: CVE-2015-9499 info: name: WordPress ShowBiz Pro = 1.7.1 - Authenticated Arbitrary File Upload to RCE author:...

9.8CVSS7.2AI score0.14775EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday79 views

SEH utnserver Pro/ProMAX/INU-100 20.1.22 - Cross-Site Scripting

A vulnerability was found in utnserver Pro, utnserver ProMAX, and INU-100 version 20.1.22 and earlier, affecting the device description parameter in the web interface. This flaw allows stored cross-site scripting XSS, enabling attackers to inject JavaScript code. The attack can be executed remote...

8.3CVSS6AI score0.055EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday98 views

Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure

The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the backups-dup-lite/tmp directory or the backups-dup-pro/tmp directory in the Pro version, which temporarily stores files containing sensitive data. When directory listing is...

7.5CVSS7AI score0.30894EPSS
Exploits5References4
Nuclei
Nuclei
added yesterday40 views

WordPress Custom 404 Pro <= 3.11.1 - Reflected XSS

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Kunal Nagar Custom 404 Pro allows Reflected XSS.This issue affects Custom 404 Pro: from n/a through 3.11.1. id: CVE-2024-39646 info: name: WordPress Custom 404 Pro = 3.11.1 - Reflected XSS...

7.1CVSS6.1AI score0.00624EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday16 views

The Opal Estate Pro – Property Management <= 1.7.5 - Unauthenticated Privilege Escalation

The Opal Estate Pro plugin ≤ 1.7.5 is vulnerable to privilege escalation. Due to missing role restrictions in the onregisteruser function, users can register with any role. This allows unauthenticated attackers to create administrator accounts. id: CVE-2025-6934 info: name: The Opal Estate Pro –...

9.8CVSS6.1AI score0.22334EPSS
Exploits12References2
Nuclei
Nuclei
added yesterday143 views

Dokan Pro <= 3.10.3 - SQL Injection

The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. id: CVE-2024-3922 info: name: Dokan Pro...

10CVSS6.1AI score0.56209EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday40 views

WordPress Ad Inserter <2.7.10 - Cross-Site Scripting

WordPress Ad Inserter plugin before 2.7.10 contains a cross-site scripting vulnerability. It does not sanitize and escape the htmlelementselection parameter before outputting it back in the page. id: CVE-2022-0288 info: name: WordPress Ad Inserter 2.7.10 - Cross-Site Scripting author: DhiyaneshDK...

6.1CVSS6.4AI score0.02389EPSS
Exploits2References4
Rows per page
Query Builder