Lucene search
K

2977 matches found

Nuclei
Nuclei
added yesterday10 views

WordPress Simple Job Board - Unauthorized Data Access

The Simple Job Board plugin for WordPress is vulnerable to unauthorized data access due to insufficient authorization checking in the fetchquickjob function in all versions up to and including 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be...

5.3CVSS6.8AI score0.00909EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday45 views

Quick Event Manager < 9.7.5 - Cross-Site Scripting

The Quick Event Manager WordPress Plugin, version 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qemajaxcalendar' action. id: CVE-2023-23491 info: name: Quick Event Manager 9.7.5 - Cross-Site Scripting author: ritikchaddha severity: medium...

6.1CVSS6.2AI score0.01179EPSS
Exploits2References4
NVD
NVD
added last week4 views

CVE-2026-56039

Unauthenticated Cross Site Scripting XSS in Quick Interest Slider = 3.1.6 versions...

7.1CVSS0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added last week31 views

CVE-2026-56039 WordPress Quick Interest Slider plugin <= 3.1.6 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Quick Interest Slider = 3.1.6 versions...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added last week9 views

CVE-2026-56039

The provided connected sources confirm a vulnerability in the WordPress Quick Interest Slider plugin, version

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
EUVD
EUVD
added last week5 views

EUVD-2026-39701

Unauthenticated Cross Site Scripting XSS in Quick Interest Slider = 3.1.6 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:12 p.m.4 views

EUVD-2026-39378

Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce = 1.6.2 versions...

5.4CVSS5.9AI score0.00203EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fixed a NULL dereference when deactivating an inactive aggregate in qfqreset. qfqclass-leafqdisc-q.qlen 0 does not imply that the class itself is active. Two qfqclass objects may point to the same leafqdisc. Th...

5.5CVSS5.9AI score0.00118EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/24 2:37 p.m.5 views

WordPress Quick Interest Slider plugin <= 3.1.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by hivesec in WordPress Plugin Quick Interest Slider versions = 3.1.6...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/19 4:23 p.m.27 views

EUVD-2026-38043

A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the virtiosndpcmincb function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730...

7.8CVSS7AI score0.00273EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: i2c: rtl9300 – ensure that the data length is within the supported range. A explicit check for the transfer length should be added to ‘rtl9300i2cconfigxfer’ to ensure that the data length is not within the supported range. In...

5.5CVSS5.3AI score0.00119EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/15 9:57 a.m.9 views

CVE-2026-11860 Insecure Deserialisation via Plaintext HTTP leading to Remote Code Execution in Quick.CMS

Quick.CMS deserializes user-controlled data received over plaintext HTTP without ensuring integrity or authenticity. This allows attackers to tamper with serialized payloads in transit and inject malicious objects. Because deserialization is performed without proper validation or class...

7.5CVSS6.2AI score0.00235EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:57 a.m.12 views

EUVD-2026-36703

Quick.CMS deserializes user-controlled data received over plaintext HTTP without ensuring integrity or authenticity. This allows attackers to tamper with serialized payloads in transit and inject malicious objects. Because deserialization is performed without proper validation or class...

7.5CVSS6.2AI score0.00235EPSS
Exploits0References2
CVE
CVE
added 2026/06/15 9:57 a.m.21 views

CVE-2026-11860

CVE-2026-11860 affects Quick.CMS. The issue is insecure deserialization of user-controlled data over plaintext HTTP, allowing an attacker to tamper serialized payloads and trigger gadget chains that enable arbitrary code execution when an administrator accesses the admin panel. The root cause is ...

7.5CVSS6.3AI score0.00235EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.9 views

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : Qt Declarative vulnerability (USN-8357-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8357-1 advisory. It was discovered that Qt Declarative did not properly validate the width and height attributes of image tags in the Text component of Qt...

8.7CVSS5.6AI score0.00273EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 10:17 p.m.10 views

CVE-2026-53634

Sharp is a content management framework built for Laravel as a package. From version 9.0.0 to before version 9.22.3, the create and store endpoints of the Quick Creation Command feature did not enforce any authorization check. An authenticated Sharp user without create permission on a given entit...

4.3CVSS0.00213EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/10 10:15 p.m.5 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the create and store functions in ApiEntityListQuickCreationCommandController.php. A user can create or submit new records on the Quick Creation Command endpoint for any entity with Quick Creation Command...

5.4CVSS5.4AI score0.00213EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 8:3 p.m.18 views

CVE-2026-53634

The CVE concerns Sharp (Laravel package) where the Quick Creation Command endpoints (create and store) from version 9.0.0 up to just before 9.22.3 failed to enforce authorization checks. An authenticated Sharp user lacking create permission on a target entity could access the creation form or sub...

4.3CVSS5.4AI score0.00213EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/10 8:3 p.m.29 views

CVE-2026-53634 Sharp: Missing Authorization Check in Quick Creation Command Endpoints

Sharp is a content management framework built for Laravel as a package. From version 9.0.0 to before version 9.22.3, the create and store endpoints of the Quick Creation Command feature did not enforce any authorization check. An authenticated Sharp user without create permission on a given entit...

4.3CVSS0.00213EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/10 8:3 p.m.9 views

CVE-2026-53634 Sharp: Missing Authorization Check in Quick Creation Command Endpoints

Sharp is a content management framework built for Laravel as a package. From version 9.0.0 to before version 9.22.3, the create and store endpoints of the Quick Creation Command feature did not enforce any authorization check. An authenticated Sharp user without create permission on a given entit...

4.3CVSS5.4AI score0.00213EPSS
Exploits0References4
Rows per page
Query Builder