Lucene search
K

126306 matches found

CVE
CVE
added 1 hour ago7 views

CVE-2026-57753

Unauthenticated Sensitive Data Exposure in Kit formerly ConvertKit for WooCommerce = 2.1.5 versions...

5.3CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 1 hour ago2 views

CVE-2026-57753 WordPress Kit (formerly ConvertKit) for WooCommerce plugin <= 2.1.5 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Kit formerly ConvertKit for WooCommerce = 2.1.5 versions...

5.3CVSS
Exploits0References1
Cvelist
Cvelist
added 1 hour ago4 views

CVE-2026-57347 WordPress Hotel Booking Lite plugin <= 6.0.3 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in Hotel Booking Lite = 6.0.3 versions...

6.5CVSS
Exploits0References1
Nuclei
Nuclei
added 3 hours ago19 views

AntD Admin - Sensitive Information Disclosure

AntD Admin has a security vulnerability that stems from Antd-admin 5.5.0 being affected by an incorrect access control vulnerability. Attackers can exploit this vulnerability to gain unauthorized access to some front-end interfaces, resulting in the leakage of sensitive information such as user...

7.5CVSS7.1AI score0.04418EPSS
Exploits1References3
Nuclei
Nuclei
added 3 hours ago11 views

HT Mega < 3.0.7 - Sensitive Information Disclosure

The HT Mega plugin for WordPress is vulnerable to Sensitive Information Exposure via AJAX actions. This template dynamically extracts the security nonce before exploitation. id: CVE-2026-4106 info: name: HT Mega 3.0.7 - Sensitive Information Disclosure author: EFETR severity: high description: |...

5.3CVSS5.8AI score0.00742EPSS
Exploits1References2
Nuclei
Nuclei
added 3 hours ago13 views

PraisonAI AgentOS - Information Disclosure

PraisonAI's AgentOS FastAPI application server exposes an unauthenticated GET /api/agents endpoint that lists every registered agent's name, role and the opening of its instructions system prompt. No authentication is enforced on the route, allowing a remote attacker to enumerate agent...

7.3CVSS7.4AI score0.26799EPSS
Exploits4
Nuclei
Nuclei
added 3 hours ago17 views

WordPress Perfect Images (WP Retina 2x) < 6.4.6 - Sensitive Information Exposure

Jordy Meow Perfect Images Manage Image Sizes, Thumbnails, Replace, Retina versions up to 6.4.5 contain a vulnerability that exposes sensitive information to unauthorized actors, letting attackers access confidential data, exploit requires no specific conditions. id: CVE-2023-44982 info: name:...

7.5CVSS7.1AI score0.01437EPSS
Exploits0References1
Nuclei
Nuclei
added 3 hours ago20 views

All-in-One WP Migration < 7.87 - Unauthenticated Information Disclosure

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to unauthenticated information disclosure due to its error.log file being publicly accessible in versions before 7.87. id: CVE-2024-8852 info: name: All-in-One WP Migration 7.87 - Unauthenticated Information Disclosure...

5.3CVSS5.8AI score0.01175EPSS
Exploits0References2
Nuclei
Nuclei
added 3 hours ago11 views

Lokomedia CMS - Local File Inclusion

A Local File Inclusion LFI vulnerability exists in Lokomedia CMS. The application allows an attacker to include files on the server that should not be accessible, potentially exposing sensitive information. id: CVE-2010-2018 info: name: Lokomedia CMS - Local File Inclusion author: r3Y3r53 severit...

5CVSS5.8AI score0.03258EPSS
Exploits1References3
Nuclei
Nuclei
added 3 hours ago22 views

Trinity Audio <= 5.21.0 - Information Exposure

The Trinity Audio Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.21.0 via the /admin/inc/phpinfo.php file that gets created on install. This makes it possible for...

5.3CVSS5.8AI score0.00951EPSS
Exploits1References2
Nuclei
Nuclei
added 3 hours ago13 views

Vite Dev Server - Directory Traversal

Vite is a modern frontend build tool. In Vite prior to versions 6.4.3, 6.3.4, and 5.4.23, a directory traversal vulnerability affects the Vite development server. When the Vite dev server is launched with the --host or server.host option, an unauthenticated attacker can craft a request with a pat...

8.2CVSS5.9AI score0.02095EPSS
Exploits1References2
Nuclei
Nuclei
added 3 hours ago17 views

ListingPro < 2.6.1 - Sensitive Data Disclosure

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the /listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email...

5.3CVSS6AI score0.01608EPSS
Exploits1References2
Nuclei
Nuclei
added 3 hours ago14 views

Scoold < 1.64.0 - Authentication Bypass

Scoold is a Q&A and a knowledge sharing platform for teams. A semicolon path injection vulnerability was found on the /api;/config endpoint. By appending a semicolon in the URL, attackers can bypass authentication and gain unauthorised access to sensitive configuration data. Furthermore, PUT...

8.7CVSS5.7AI score0.01008EPSS
Exploits0References3
Nuclei
Nuclei
added 3 hours ago30 views

WordPress JobWP Plugin <= 2.3.9 - SQL Injection

The JobWP - Job Board, Job Listing, Career Page and Recruitment Plugin plugin for WordPress is vulnerable to SQL Injection via the 'jobwpuploadresume' parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

7.5CVSS7.3AI score0.01549EPSS
Exploits0References2
Nuclei
Nuclei
added 3 hours ago13 views

GeoServer Demo Request Endpoint - Server Side Request Forgery

It is possible to achieve Server Side Request Forgery SSRF via the Demo request endpoint if Proxy Base URL has not been set. An unauthenticated user can supply a request that will be issued by the server, allowing enumeration of internal networks and, in the case of cloud instances, access to...

8.2CVSS7AI score0.01923EPSS
Exploits0References4
Nuclei
Nuclei
added 3 hours ago23 views

Netgear R6850 - Information Disclosure

Netgear R6850 router firmware version V1.1.0.88 contains an information leakage vulnerability in the currentsetting.htm page.This hidden interface is not protected by authentication, allowing unauthenticated attackers to access sensitive informationsuch as firmware version, model details,...

7.5CVSS5.8AI score0.01923EPSS
Exploits1References3
Nuclei
Nuclei
added 3 hours ago23 views

WHMpress <= 6.3-revision-0 - Unauthenticated Local File Inclusion to Arbitrary Options Update

The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.3-revision-0 via the whmpressdomainsearchajaxextendedresults function. This makes it possible for unauthenticated attackers to include and execute...

9.8CVSS8.1AI score0.03111EPSS
Exploits0References3
Nuclei
Nuclei
added 3 hours ago19 views

DATAGERRY - Improper Access Control

The /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0 contains an Incorrect Access Control vulnerability. An attacker can remotely access this endpoint without authentication, leading to unauthorized disclosure of sensitive information. id: CVE-2024-50967 info: name: DATAGERRY -...

6.5CVSS5.8AI score0.01616EPSS
Exploits0References3
Nuclei
Nuclei
added 3 hours ago18 views

WordPress Events Manager <= 7.0.3 - SQL Injection

The Events Manager - Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the 'orderby' parameter in all versions up to, and including, 7.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

7.5CVSS5.8AI score0.55683EPSS
Exploits2References4
Nuclei
Nuclei
added 3 hours ago98 views

WP Umbrella Update Backup Restore & Monitoring <= 2.17.0 - Local File Inclusion

The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the 'filename' parameter of the 'umbrella-restore' action. This makes it possible for unauthenticated attackers to include and execute...

9.8CVSS8.1AI score0.15043EPSS
Exploits1References4
Rows per page
Query Builder