Lucene search
K

4331 matches found

CVE
CVE
added 2026/03/05 7:30 a.m.12 views

CVE-2026-1321

The CVE-2026-1321 entry affects the WordPress plugin “Membership Plugin – Restrict Content” (Restrict Content) and describes an unauthenticated privilege-escalation in all versions up to 3.2.20. The root cause is that rcp_setup_registration_init() accepts any membership level ID via the rcp_level...

8.1CVSS6AI score0.0035EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/03/05 7:6 a.m.5 views

WordPress Membership plugin - Restrict Content plugin <= 3.2.20 - Unauthenticated Privilege Escalation via 'rcp_level' vulnerability

WordPress Membership plugin - Restrict Content plugin = 3.2.20 - Unauthenticated Privilege Escalation via 'rcplevel' vulnerability discovered by shark3y in WordPress Plugin Restrict Content versions = 3.2.20...

8.1CVSS5.9AI score0.0035EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/02 10:43 p.m.15 views

GHSA-47Q7-97XP-M272 OpenClaw: Config writes could persist resolved ${VAR} secrets to disk

Summary OpenClaw hooks previously compared the provided hook token using a regular string comparison. Because this comparison is not constant-time, an attacker with network access to the hooks endpoint could potentially use timing measurements across many requests to gradually infer the token. In...

6.9CVSS5.9AI score0.00284EPSS
Exploits0References5
EUVD
EUVD
added 2026/02/26 3:14 p.m.8 views

EUVD-2026-8780

Fleet has an SQL Injection vulnerability via backtick escape in ORDER BY parameter...

7.2CVSS5.7AI score0.00301EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/26 4:22 a.m.8 views

CVE-2026-27799

A flaw was found in ImageMagick, a software suite used for editing and manipulating digital images. This vulnerability, a heap buffer over-read, exists within the component that handles DJVU image files. A local attacker could exploit this by processing a specially crafted DJVU image, leading to ...

4.4CVSS5.7AI score0.00123EPSS
Exploits0References6
NVD
NVD
added 2026/02/26 12:16 a.m.7 views

CVE-2026-26186

Fleet is open source device management software. A SQL injection vulnerability in versions prior to 4.80.1 allowed authenticated users to inject arbitrary SQL expressions via the orderkey query parameter. Due to unsafe use of goqu.I when constructing the ORDER BY clause, specially crafted input...

8.8CVSS0.00301EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/25 9:23 p.m.6 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection. An attacker can execute arbitrary code outside the intended sandbox boundary by creating or modifying workflows after authenticating with sufficient permissions. Workaround This vulnerability can be mitigated b...

9.9CVSS6.3AI score0.00596EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/24 6:11 a.m.39 views

CVE-2026-25982

A flaw was found in ImageMagick, a software suite for image manipulation. When processing specially crafted DICOM Digital Imaging and Communications in Medicine files, a vulnerability allows the software to read beyond its intended memory boundaries. This can lead to a Denial of Service, causing...

6.5CVSS5.5AI score0.0034EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/23 10:34 p.m.4 views

CVE-2026-21665

The Print Service component of Fiserv Originate Loans Peripherals formerly Velocity Services in unsupported version 2021.2.4 build 4.7.3155.0011 uses deprecated .NET Remoting TCP channels that allow unsafe deserialization of untrusted data. When these services are exposed to an untrusted network ...

7.7CVSS6.2AI score0.00447EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/19 7:28 a.m.7 views

CVE-2026-1304

The Membership Plugin – Restrict Content for WordPress is vulnerable to Stored Cross-Site Scripting via multiple invoice settings fields in all versions up to, and including, 3.2.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

4.4CVSS5.7AI score0.00308EPSS
Exploits0References1
NVD
NVD
added 2026/02/18 6:16 a.m.6 views

CVE-2026-1304

The Membership Plugin – Restrict Content for WordPress is vulnerable to Stored Cross-Site Scripting via multiple invoice settings fields in all versions up to, and including, 3.2.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

4.4CVSS0.00308EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2026/02/18 5:29 a.m.2 views

CVE-2026-1304 Membership Plugin – Restrict Content <= 3.2.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via Invoice Settings

The Membership Plugin – Restrict Content for WordPress is vulnerable to Stored Cross-Site Scripting via multiple invoice settings fields in all versions up to, and including, 3.2.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

4.4CVSS5.7AI score0.00308EPSS
Exploits0References12
CVE
CVE
added 2026/02/18 5:29 a.m.12 views

CVE-2026-1304

CVE-2026-1304 concerns the WordPress plugin “Membership Plugin – Restrict Content for WordPress.” The issue is a Stored Cross-Site Scripting (Stored XSS) in multiple invoice settings fields across all versions up to 3.2.18, caused by insufficient input sanitization and output escaping. The vulner...

4.4CVSS5.7AI score0.00308EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/02/18 5:29 a.m.30 views

CVE-2026-1304 Membership Plugin – Restrict Content <= 3.2.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via Invoice Settings

The Membership Plugin – Restrict Content for WordPress is vulnerable to Stored Cross-Site Scripting via multiple invoice settings fields in all versions up to, and including, 3.2.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

4.4CVSS0.00308EPSS
Exploits0References12
Patchstack
Patchstack
added 2026/02/17 11:52 p.m.6 views

WordPress Membership Plugin - Restrict Content plugin <= 3.2.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via Invoice Settings vulnerability

WordPress Membership Plugin - Restrict Content plugin = 3.2.18 - Authenticated Administrator+ Stored Cross-Site Scripting via Invoice Settings vulnerability discovered by Miguel Santareno in WordPress Plugin Restrict Content versions = 3.2.18...

4.4CVSS5.5AI score0.00308EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.6 views

PT-2026-20264

Name of the Vulnerable Software and Affected Versions jizhicms version 2.5.6 Description The software contains a SQL Injection issue in the 'Article/deleteAll' and 'Extmolds/deleteAll' functionalities. The issue is triggered through the data parameter. Recommendations Update to a newer version th...

7.2CVSS5.8AI score0.00311EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/02/13 1:30 a.m.2 views

CVE-2026-20680

The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. A sandboxed app may be able to access sensitive user data...

6.5CVSS5.8AI score0.00123EPSS
Exploits0References1
ICS
ICS
added 2026/02/10 8:0 a.m.4 views

Schneider Electric SCADAPack and RemoteConnect

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install physical controls so no unauthorized personnel can access...

6.1AI score
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.13 views

PT-2026-7003

Name of the Vulnerable Software and Affected Versions code-projects Online Student Management System version 1.0 Description A flaw exists in the Login component of the Online Student Management System. Specifically, a SQL injection issue is present in the accounts.php file due to manipulation of...

9.8CVSS5.4AI score0.00391EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.12 views

PT-2026-6705

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A flaw exists in itsourcecode Student Management System 1.0. The issue involves the manipulation of the ID argument within an unknown function of the...

9.8CVSS5.7AI score0.00326EPSS
Exploits1References9
Rows per page
Query Builder