Lucene search
K

536554 matches found

EUVD
EUVD
added 2 hours ago5 views

EUVD-2026-42782

A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUtils.unzipThemeTo of the file ThemeUtils.java of the component Theme Installation. Such manipulation of the argument metadata.name leads to path traversal. The attack may be launched remotely. The exploi...

5.1CVSS5.6AI score
Exploits0References7
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42780

A vulnerability was found in MyEMS up to 6.4.0. The affected element is the function onpost of the file myems-api/core/svg.py of the component Admin Backend. The manipulation of the argument newvalues'data' results in cross site scripting. The attack can be launched remotely. The exploit has been...

4.8CVSS4.3AI score
Exploits0References9
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-42784

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This is due to missing or incorrect nonce validation on the setCustomText function. This makes it possible for unauthenticated attackers to inje...

8.8CVSS6.7AI score
Exploits0References7
EUVD
EUVD
added 2 hours ago5 views

EUVD-2026-42785

The Post Export Import with Media plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.13.1 via the importmediafilesecure function. This is due to insufficient file extension validation caused by a trailing-dot filename bypass, where the extension...

7.2CVSS6.6AI score
Exploits0References8
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42793

The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formpageid' parameter in versions up to, and including, 51.1.62 This is due to insufficient input sanitization in the addtosubmissions function, which applies sanitizetextfield which preserves...

6.4CVSS6.1AI score
Exploits0References11
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42795

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to unauthorized post publication in all versions up to, and including, 3.5.32 due to a misconfigured capability check on the 'getitemspermissioncheck' function permission callback of the...

4.3CVSS5.9AI score
Exploits0References5
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-42779

The Super Forms – Drag & Drop Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 6.3.313 via the submitform function. This is due to missing file type validation and the absence of any capability check on the submitform nopriv AJAX...

9.8CVSS6.6AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-42783

A vulnerability was found in zhayujie CowAgent up to 2.1.0. This issue affects the function BrowserTool.donavigate of the file agent/tools/browser/browsertool.py of the component Browser Tool. Performing a manipulation results in information disclosure. The attack can be initiated remotely. The...

5.3CVSS5.6AI score
Exploits0References8
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42790

The Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'insappuploadimageasattachment' function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

9.8CVSS6.7AI score
Exploits0References5
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42794

The Plus Addons for Elementor plugin for WordPress was vulnerable to Authenticated Contributor+ Stored Cross-Site Scripting via the Button widget's customattributes setting in versions up to and including 6.4.11. The render function in modules/widgets/tpbutton.php passed the raw customattributes...

6.4CVSS5.9AI score
Exploits0References6
NVD
NVD
added 3 hours ago7 views

CVE-2026-15331

A vulnerability was identified in zhayujie CowAgent up to 2.1.0. The affected element is the function addurl/addpackage of the file agent/skills/service.py of the component Skill Installation Handler. The manipulation of the argument Name leads to path traversal. The attack may be initiated...

5.5CVSS
Exploits0References9
NVD
NVD
added 3 hours ago6 views

CVE-2026-15332

A security flaw has been discovered in zhayujie CowAgent up to 2.1.0. The impacted element is an unknown function of the file channel/channel.py of the component Message Endpoint. The manipulation results in missing authorization. The attack may be launched remotely. The exploit has been released...

6.5CVSS
Exploits0References6
NVD
NVD
added 3 hours ago4 views

CVE-2026-15330

A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function buildimagecontent/downloadtodataurl of the file agent/tools/vision/vision.py of the component Vision Tool. Executing a manipulation of the argument image can lead to server-side request forgery. The attack c...

7.5CVSS
Exploits0References9
NVD
NVD
added 3 hours ago6 views

CVE-2026-15299

The Animation Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'weatherstyle' and 'movedirection' parameters of the Weather widget in all versions up to, and including, 2.6.3. This is due to insufficient output escaping in the Weather widget's render...

6.4CVSS
Exploits0References4
NVD
NVD
added 3 hours ago4 views

CVE-2026-15285

The Plus Addons for Elementor plugin for WordPress was vulnerable to Authenticated Contributor+ Stored Cross-Site Scripting via the Button widget's customattributes setting in versions up to and including 6.4.11. The render function in modules/widgets/tpbutton.php passed the raw customattributes...

6.4CVSS
Exploits0References5
NVD
NVD
added 3 hours ago4 views

CVE-2026-15286

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to unauthorized post publication in all versions up to, and including, 3.5.32 due to a misconfigured capability check on the 'getitemspermissioncheck' function permission callback of the...

4.3CVSS
Exploits0References4
NVD
NVD
added 3 hours ago4 views

CVE-2026-15284

The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formpageid' parameter in versions up to, and including, 51.1.62 This is due to insufficient input sanitization in the addtosubmissions function, which applies sanitizetextfield which preserves...

6.4CVSS
Exploits0References10
NVD
NVD
added 3 hours ago4 views

CVE-2026-15282

The Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'insappuploadimageasattachment' function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

9.8CVSS
Exploits0References4
CVE
CVE
added 4 hours ago5 views

CVE-2026-15332

Technical details about CVE-2026-15332 are not publicly available in the provided documents; monitor for updates.

6.5CVSS6.2AI score
Exploits0References6
Cvelist
Cvelist
added 4 hours ago4 views

CVE-2026-15332 zhayujie CowAgent Message Endpoint channel.py authorization

A security flaw has been discovered in zhayujie CowAgent up to 2.1.0. The impacted element is an unknown function of the file channel/channel.py of the component Message Endpoint. The manipulation results in missing authorization. The attack may be launched remotely. The exploit has been released...

6.5CVSS
Exploits0References6
Rows per page
Query Builder