Lucene search
K

112913 matches found

Nuclei
Nuclei
added 10 hours ago13 views

WordPress Bookit < 2.5.1 - Unauthenticated Stripe Settings Update

Bookit WordPress plugin 2.5.1 contains a broken access control vulnerability caused by a publicly accessible REST endpoint allowing unauthenticated update of Stripe payment options, letting remote attackers modify payment settings without authentication. id: CVE-2025-12841 info: name: WordPress...

5.3CVSS5.8AI score0.00654EPSS
Exploits0References3
Nuclei
Nuclei
added 10 hours ago6 views

YMC Filter WordPress - Unauthenticated Post Disclosure

YMC Filter WordPress plugin 3.11.3 contains a broken access control vulnerability caused by improper authorization and lack of validation in a REST API endpoint, letting unauthenticated attackers retrieve private and non-public post content, exploit requires no authentication. id: CVE-2026-10823...

7.5CVSS5.8AI score0.00921EPSS
Exploits0References2
Nuclei
Nuclei
added 10 hours ago17 views

Emby Server - Authentication Bypass

Emby Server is a user-installable home media server which stores and organizes a user's media files of virtually any format and makes them available for viewing at home and abroad on a broad range of client devices. This vulnerability may allow administrative access to an Emby Server system,...

9.1CVSS7.1AI score0.01713EPSS
Exploits0References2
Nuclei
Nuclei
added 10 hours ago34 views

Vite Dev Server - Path Traversal

Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the server.fs settings. Only apps that explicitly expose the Vite dev server to the network using --host or...

5.3CVSS6AI score0.0118EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago82 views

KeyCloak - Information Exposure

A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients like client secret without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this...

6.5CVSS6.5AI score0.17943EPSS
Exploits0References4
Nuclei
Nuclei
added 10 hours ago13 views

Blinko <= 1.8.3 - User Information Leak

Blinko = 1.8.4 contains an information disclosure caused by a publicly accessible endpoint exposing user information including usernames, roles, and account creation dates, letting remote attackers access sensitive user data, exploit requires no special privileges. id: CVE-2026-23486 info: name:...

6.9CVSS5.8AI score0.00711EPSS
Exploits0References3
Nuclei
Nuclei
added 10 hours ago157 views

PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting

PKP Open Journal Systems 2.4.8 to 3.3 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary code via the X-Forwarded-Host Header. id: CVE-2022-24181 info: name: PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting author: lucasljm2001,ekrause severit...

6.1CVSS6.5AI score0.0608EPSS
Exploits3References5
EUVD
EUVD
added 12 hours ago3 views

EUVD-2026-41266

The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.14 via the 'vcal' parameter due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to...

5.3CVSS5.8AI score
Exploits0References14
Circl
Circl
added 12 hours ago3 views

CVE-2026-11578

creationtimestamp| type| source ---|---|--- 2026-07-02 08:30:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpnmjyq3om26...

2.7CVSS5.8AI score
Exploits0References1
Circl
Circl
added 12 hours ago4 views

CVE-2026-11965

creationtimestamp| type| source ---|---|--- 2026-07-02 08:15:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpnlp5dwuo2m...

6.5CVSS5.8AI score
Exploits0References1
CVE
CVE
added 14 hours ago11 views

CVE-2026-11781

The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration search features, allowing users with a low-privilege role Contributor to disclose non-public content that WordPress would not otherwise expose to them,...

2.7CVSS5.7AI score
Exploits0References1
Cvelist
Cvelist
added 14 hours ago12 views

CVE-2026-11781 Adminify < 4.2.10 - Contributor+ Sensitive Information Disclosure via Global Search AJAX

The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration search features, allowing users with a low-privilege role Contributor to disclose non-public content that WordPress would not otherwise expose to them,...

Exploits0References1
EUVD
EUVD
added 15 hours ago7 views

EUVD-2026-41245

The Request a Quote plugin for WordPress is vulnerable to Code Injection in versions up to, and including, 2.5.5 via the emddeletefile AJAX action. This is due to the emddeletefile handler deriving a PHP function name from the attacker-controlled $POST'path' parameter and invoking it dynamically...

7.5CVSS6AI score
Exploits0References6
EUVD
EUVD
added 15 hours ago3 views

EUVD-2026-41244

The Envo's Templates & Widgets for Elementor and WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing authorization check on the Envo Tabs and Off Canvas widget's template rendering in versions up to, and including, 1.4.26. The render method of the Tabs...

4.3CVSS5.7AI score
Exploits0References8
Circl
Circl
added 18 hours ago4 views

CVE-2026-13707

creationtimestamp| type| source ---|---|--- 2026-07-02 02:18:47+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmxqtgpwn2t 2026-07-02 06:28:45+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpnfpsguj62l...

5.8AI score
Exploits0References2
Circl
Circl
added 20 hours ago3 views

CVE-2026-58399

creationtimestamp| type| source ---|---|--- 2026-07-02 00:34:01+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmrvi6m252q...

8.7CVSS5.8AI score
Exploits0References1
Circl
Circl
added yesterday3 views

CVE-2026-14049

creationtimestamp| type| source ---|---|--- 2026-07-01 21:25:46+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmheuirk42q 2026-07-02 07:50:37+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260702...

5.3CVSS5.8AI score0.00205EPSS
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-14340

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App installation to perform certain write operations on public repositories outside the token's intended scope. This was possible because the authorization...

5.3CVSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-14340

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App installation to perform certain write operations on public repositories outside the token's intended scope. This was possible because the authorization...

5.3CVSS5.8AI score
Exploits0References7Affected Software1
EUVD
EUVD
added yesterday3 views

EUVD-2026-41145

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App installation to perform certain write operations on public repositories outside the token's intended scope. This was possible because the authorization...

5.3CVSS5.8AI score
Exploits0References6
Rows per page
Query Builder