Lucene search
K

243 matches found

Cvelist
Cvelist
added 2026/07/02 11:15 a.m.35 views

CVE-2026-57687 WordPress Custom Field Template plugin <= 2.7.8 - SQL Injection vulnerability

Contributor SQL Injection in Custom Field Template = 2.7.8 versions...

8.5CVSS0.0022EPSS
Exploits0References1
Nuclei
Nuclei
added 2026/07/02 9:36 a.m.13 views

Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006)

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through...

9.8CVSS6.1AI score0.92161EPSS
Exploits1References4
EUVD
EUVD
added 2026/07/02 8:33 a.m.7 views

EUVD-2026-41265

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.7.8. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS5.9AI score0.00232EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/02 8:33 a.m.44 views

CVE-2026-12134 JoomSport <= 5.7.8 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Group Creation/Modification via season_groupedit AJAX action

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.7.8. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00232EPSS
Exploits0References8
NVD
NVD
added 2026/07/01 5:16 a.m.7 views

CVE-2026-12133

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Group Deletion in versions up to, and including, 5.7.8. This is due to a missing capability check in the joomsportseasongroupdel AJAX handler, which only...

4.3CVSS0.0025EPSS
Exploits0References10
NVD
NVD
added 2026/06/26 3:16 p.m.5 views

CVE-2026-57642

Contributor SQL Injection in Gallery = 4.7.8 versions...

8.5CVSS0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:53 p.m.5 views

EUVD-2026-39757

Contributor SQL Injection in Gallery = 4.7.8 versions...

8.5CVSS5.8AI score0.00211EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/26 12:30 p.m.6 views

WordPress Gallery plugin <= 4.7.8 - SQL Injection vulnerability

SQL Injection vulnerability discovered by dodoh4t in WordPress Plugin Gallery versions = 4.7.8...

8.5CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/06/24 6:0 a.m.9 views

CVE-2026-9709

The CVE-2026-9709 entry describes a vulnerability in the Premium Cornerstone page builder bundled with the X Theme (WordPress plugin) prior to version 7.8.9. The root cause is missing capability checks on one REST API route, allowing any authenticated user to disclose metadata of other users, inc...

7.7CVSS5.8AI score0.00219EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2026-37630

Subscriber SQL Injection in Cornerstone 7.8.8 versions...

8.5CVSS5.8AI score0.00342EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-54185

Subscriber SQL Injection in Cornerstone 7.8.8 versions...

8.5CVSS0.00342EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:51 a.m.32 views

CVE-2026-54185 WordPress Cornerstone plugin < 7.8.8 - SQL Injection vulnerability

Subscriber SQL Injection in Cornerstone 7.8.8 versions...

8.5CVSS0.00342EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:57 p.m.16 views

CVE-2026-49113

The CVE-2026-49113 entry concerns the WordPress Cornerstone plugin, affected versions earlier than 7.8.8. It describes a Subscriber-level Arbitrary Code Execution vulnerability, with CVSSv3.1 metrics indicating a NETWORK attack vector, HIGH impact on confidentiality, integrity, and availability, ...

8.5CVSS5.3AI score0.00371EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.8 views

CVE-2026-48874

Subscriber SQL Injection in GamiPress = 7.8.7 versions...

8.5CVSS0.00332EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:19 p.m.17 views

CVE-2026-49068

The CVE concerns the WordPress Coupon Affiliates plugin (versions

7.5CVSS5.2AI score0.00386EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:19 p.m.8 views

EUVD-2026-36867

Unauthenticated Cross Site Request Forgery CSRF in WP Migrate Lite = 2.7.8 versions...

4.7CVSS5.2AI score0.00116EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49421

Contributor Arbitrary File Deletion in Link Library = 7.8.8 versions...

7.7CVSS5.2AI score0.00327EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 6:21 p.m.30 views

CVE-2026-47248 Parse Server: GraphQL "Did you mean" validation suggestions disclose schema to unauthenticated callers

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.78 and 9.9.1-alpha.2, Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL...

6.9CVSS0.00291EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/10 2:37 p.m.10 views

WordPress WP Migrate Lite plugin <= 2.7.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WP Migrate Lite versions = 2.7.8...

4.7CVSS5.3AI score0.00116EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/09 12:45 p.m.9 views

WordPress Coupon Affiliates plugin <= 7.8.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Stefano in WordPress Plugin Coupon Affiliates versions = 7.8.1...

7.5CVSS5.5AI score0.00386EPSS
Exploits0Affected Software1
Rows per page
Query Builder