Lucene search
K

5694 matches found

OSV
OSV
added 2026/07/06 6:27 a.m.4 views

OESA-2026-2840 nilfs-utils security update

Userspace utilities for creating and mounting NILFS v2 filesystems. Security Fixes: NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfssbisvalid function fails to validate slogblocksize field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images...

6.7CVSS5.9AI score0.00105EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 2:16 a.m.7 views

CVE-2026-12920

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 4.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00301EPSS
Exploits0References6
CVE
CVE
added 2026/07/03 1:28 a.m.20 views

CVE-2026-12920

The vulnerability affects the WordPress plugin GDPR Cookie Consent (WPLP Cookie Consent) for all versions up to and including 4.3.5. It is a generic SQL Injection via the 's' parameter caused by insufficient escaping and lack of proper SQL query preparation. Validated impact: authenticated attack...

4.9CVSS5.8AI score0.00301EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/03 1:28 a.m.38 views

CVE-2026-12920 Cookie Banner for GDPR / CCPA <= 4.3.5 - Authenticated (Administrator+) SQL Injection via 's' Parameter

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 4.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00301EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.12 views

PT-2026-55443

Name of the Vulnerable Software and Affected Versions Cookie Banner for GDPR / CCPA – WPLP Cookie Consent versions prior to 4.3.6 Description This issue is a generic SQL Injection, which occurs when an application fails to properly sanitize user input, allowing an attacker to interfere with the...

4.9CVSS6AI score0.00301EPSS
Exploits0References10
EUVD
EUVD
added 2026/07/02 9:32 a.m.8 views

EUVD-2026-41272

The Perfmatters plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.4 via the 's' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information...

7.5CVSS5.9AI score0.0082EPSS
Exploits0References3
CVE
CVE
added 2026/07/02 9:32 a.m.17 views

CVE-2026-13251

The CVE-2026-13251 entry concerns the WordPress Perfmatters plugin (

7.5CVSS5.9AI score0.0082EPSS
Exploits0References3
NVD
NVD
added 2026/07/01 10:16 a.m.10 views

CVE-2026-13454

The MotoPress Appointment Booking plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 2.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS0.00361EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/01 8:30 a.m.6 views

EUVD-2026-40938

The MotoPress Appointment Booking plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 2.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS5.8AI score0.00361EPSS
Exploits0References6
CVE
CVE
added 2026/07/01 8:30 a.m.16 views

CVE-2026-13454

CVE-2026-13454 affects MotoPress Appointment Booking for WordPress (

6.5CVSS5.8AI score0.00361EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/06/26 12:32 p.m.33 views

WordPress Email Marketing for WooCommerce by Omnisend plugin <= 1.19.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Vimalatithyan S. Technieum in WordPress Plugin Email Marketing for WooCommerce by Omnisend versions = 1.19.0...

5.4CVSS5.8AI score0.00275EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/26 8:28 a.m.7 views

WordPress User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin <= 5.2.0 - Missing Authorization to Unauthenticated Payment Bypass vulnerability

Missing Authorization to Unauthenticated Payment Bypass vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin User Registration versions = 5.2.0...

6.5CVSS5.8AI score0.0018EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/25 6:16 p.m.12 views

CVE-2026-6094

Heap buffer overread in wcPKCS7DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS...

9.1CVSS0.00294EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 4:35 p.m.6 views

EUVD-2026-39480

Heap buffer overread in wcPKCS7DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS...

6.3CVSS6AI score0.00294EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/16 12:46 p.m.14 views

openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

A flaw was found in OpenSSL. When processing a specially crafted PKCS7 or S/MIME Secure/Multipurpose Internet Mail Extensions signed message, a heap use-after-free vulnerability in the PKCS7verify function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an emp...

8.8CVSS5.8AI score0.02719EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-49898

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 12.2.1.4.0 Oracle WebCenter Content version 14.1.2.0.0 Description An issue exists in the Content Server component of Oracle WebCenter Content. A low privileged attacker with network access via HTTPS can...

7.6CVSS5.9AI score0.0027EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.25 views

PT-2026-49077

Name of the Vulnerable Software and Affected Versions WP Ticket versions prior to 6.0.5 Description The WP Ticket plugin for WordPress allows unauthenticated attackers to extract sensitive information from the database. The issue occurs during unauthenticated front-end searches when the plugin...

7.5CVSS5.5AI score0.0051EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.21 views

PT-2026-48469

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 27.3.4.12 Erlang OTP versions 28.x prior to 28.5.0.2 Erlang OTP versions 29.x prior to 29.0.2 erl interface versions 3.7.16 through 5.5.2.0 erl interface versions 5.7.x prior to 5.7.0.1 erl interface versions...

6.9CVSS6.3AI score0.00136EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/06/09 12:20 a.m.39 views

CVE-2026-44744 SQL Injection vulnerability in SAP S/4HANA

SAP S/4HANAOn-Premise contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized database queries.This flaw exposes sensitive information to which they should not otherwise have access...

6.5CVSS0.00224EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.11 views

CVE-2026-34264

During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the content shown, beyond their authorized scope. This leads to disclosure of sensitive information...

6.5CVSS5.4AI score0.00269EPSS
Exploits0References1
Rows per page
Query Builder