Lucene search
K

121662 matches found

Cvelist
Cvelist
added 2026/04/22 7:45 a.m.25 views

CVE-2026-6396 Fast & Fancy Filter – 3F <= 1.2.2 - Cross-Site Request Forgery to Settings Modification via fff_save_settins AJAX Action

The Fast & Fancy Filter – 3F plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is due to missing nonce verification in the saveFields function, which handles the fffsavesettins AJAX action. This makes it possible for unauthenticated...

4.3CVSS0.0018EPSS
Exploits0References5
CVE
CVE
added 2026/04/22 7:45 a.m.11 views

CVE-2026-4140

The Ni WooCommerce Order Export WordPress plugin (≤ version 3.1.6) is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the ni_order_export_action() AJAX handler. When the page parameter is 'nioe-order-settings', Ni_Order_Setting::page_ajax() calls update_option('ni_orde...

4.3CVSS5.6AI score0.00156EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/22 7:45 a.m.2 views

CVE-2026-4280

The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwpajaxform AJAX endpoint lacking both authorization checks and CSRF verification, combined with insufficient path validation when the brnwptheme option...

6.5CVSS5.8AI score0.00814EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/04/22 7:45 a.m.29 views

CVE-2026-4140 Ni WooCommerce Order Export <= 3.1.6 - Cross-Site Request Forgery to Settings Update via ni_order_export_action AJAX Action

The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.1.6. This is due to missing nonce validation in the niorderexportaction AJAX handler function. The handler processes settings updates when the 'page' parameter is...

4.3CVSS0.00156EPSS
Exploits0References5
CVE
CVE
added 2026/04/22 7:45 a.m.13 views

CVE-2026-4133

The TextP2P Texting Widget WordPress plugin (versions ≤ 1.7) is vulnerable to Cross-Site Request Forgery due to missing nonce validation in imTextP2POptionPage(). The settings form (line 314) lacks wp_nonce_field(), and the POST handler (line 7) does not call check_admin_referer() or wp_verify_no...

4.3CVSS5.7AI score0.00156EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/22 7:45 a.m.25 views

CVE-2026-4133 TextP2P Texting Widget <= 1.7 - Cross-Site Request Forgery to Settings Update

The TextP2P Texting Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.7. This is due to missing nonce validation in the imTextP2POptionPage function which processes settings updates. The form at line 314 does not include a wpnoncefield,...

4.3CVSS0.00156EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/22 7:45 a.m.3 views

CVE-2026-4140 Ni WooCommerce Order Export <= 3.1.6 - Cross-Site Request Forgery to Settings Update via ni_order_export_action AJAX Action

The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.1.6. This is due to missing nonce validation in the niorderexportaction AJAX handler function. The handler processes settings updates when the 'page' parameter is...

4.3CVSS5.6AI score0.00156EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/22 7:45 a.m.3 views

CVE-2026-4131 WP Responsive Popup + Optin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'wpo_image_url' Parameter

The WP Responsive Popup + Optin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.4. This is due to the settings form on the admin page wpoadminpage.php lacking nonce generation wpnoncefield and verification wpverifynonce/checkadminreferer. Thi...

6.1CVSS5.7AI score0.00181EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/04/22 7:45 a.m.2 views

CVE-2026-4131

The WP Responsive Popup + Optin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.4. This is due to the settings form on the admin page wpoadminpage.php lacking nonce generation wpnoncefield and verification wpverifynonce/checkadminreferer. Thi...

6.1CVSS5.7AI score0.00181EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/04/22 1:22 a.m.4 views

CVE-2026-33626

LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery SSRF vulnerability in LMDeploy's vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating...

7.5CVSS5.9AI score0.4525EPSS
Exploits2References1
NVD
NVD
added 2026/04/22 12:16 a.m.6 views

CVE-2026-40343

free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.2, a fail-open request handling flaw in the UDR service causes the /nudr-dr/v2/policy-data/subs-to-notify POST handler to continue...

6.9CVSS0.09955EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.7 views

PT-2026-34338

Name of the Vulnerable Software and Affected Versions Raindrop.io Bookmark Manager Web App version 5.6.76.0 Description Insufficient validation of Chrome extension identifiers allows attackers to obtain sensitive user data through a crafted request. Recommendations At the moment, there is no...

6.5CVSS5.8AI score0.00281EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.4 views

PT-2026-34418

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2cap ecred conn req Syzbot reported a KASAN stack-out-of-bounds read in l2cap build cmd that is triggered by a malformed Enhanced Credit Based Connection Request. The vulnerabili...

5.8AI score0.00252EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/22 12:0 a.m.3 views

CVE-2026-35548

An issue was discovered in guardsix formerly Logpoint ODBC Enrichment Plugins before 5.2.1 5.2.1 is used in guardsix 7.9.0.0. A logic flaw allowed stored database credentials to be reused after modification of the target Host, IP address, or Port. When editing an existing Enrichment Source,...

8.5CVSS5.7AI score0.00213EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.6 views

PT-2026-34310

Name of the Vulnerable Software and Affected Versions Fast & Fancy Filter – 3F plugin for WordPress versions prior to 1.2.3 Description Cross-Site Request Forgery occurs due to missing nonce verification in the saveFields function, which handles the 'fff save settins' AJAX action. This allows...

4.3CVSS5.8AI score0.0018EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the cyclic locking dependency between reqlock and the work queue in nciclosedevice, potentially...

5.5CVSS5.8AI score0.00095EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.8 views

Jellystat SQL注入漏洞

Jellystat is a free and open-source statistical application developed by Thegan Govender as an individual project. Versions of Jellystat prior to 1.1.10 contained a SQL injection vulnerability. This vulnerability stemmed from multiple API endpoints that constructed queries by directly inserting...

9.1CVSS6.2AI score0.0052EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of hcireqsynclock protection in the btintelhwerror function within the btintel driver...

7.8CVSS5.8AI score0.00126EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.10 views

Squidex 代码问题漏洞

Squidex is an open-source content management system developed by Squidex. Versions of Squidex prior to 7.23.0 had code vulnerabilities. These vulnerabilities were caused by a server-side request forgeing issue, allowing users with asset upload permissions to force the server to obtain arbitrary...

8.6CVSS6AI score0.00215EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/04/22 12:0 a.m.115 views

📄 Eclipse Che WebSocket Machine-Exec Remote Code Execution

This Python script is a WebSocket-based client designed to interact with an Eclipse Che / DevSpaces machine-exec service and test for an unauthenticated remote code execution vulnerability...

9CVSS6.4AI score0.01164EPSS
Exploits2
Rows per page
Query Builder