Lucene search
K

89 matches found

EUVD
EUVD
added 5 days ago4 views

EUVD-2026-41262

The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to OS Command Injection in all versions up to and including 7.11 via the wpdbexcludetable parameter. This is due to the direct concatenation of user-supplied $POST'wpdbexcludetable' valu...

7.2CVSS6.3AI score0.01588EPSS
Exploits0References8
Patchstack
Patchstack
added 6 days ago5 views

WordPress WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin <= 7.11 - Authenticated (Administrator+) OS Command Injection vulnerability

Authenticated Administrator+ OS Command Injection vulnerability discovered by Irwan Kusuma - wanjay in WordPress Plugin WP Database Backup versions = 7.11...

7.2CVSS5.8AI score0.01588EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.9 views

CVE-2026-3208

The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mppiximage' WooCommerce API endpoint in all versions up to, and including, 8.7.11. This makes it possible for unauthenticated attackers to retrieve...

5.3CVSS5.7AI score0.00499EPSS
Exploits0References1
CBLMariner
CBLMariner
added 2026/05/30 12:34 a.m.7 views

CVE-2026-46597 affecting package cf-cli for versions less than 8.7.11-6

CVE-2026-46597 affecting package cf-cli for versions less than 8.7.11-6. A patched version of the package is available...

7.5CVSS5.8AI score0.00359EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.43 views

Linux Distros Unpatched Vulnerability : CVE-2023-2905

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to a failure in validating the length of a provided MQTTCMDPUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server,...

8.8CVSS6AI score0.01014EPSS
Exploits1References2
HackRead
HackRead
added 2026/04/27 4:44 p.m.5 views

ShinyHunters Leaks Data of Udemy, Zara, 7-Eleven in Salesforce Linked Breach

ShinyHunters has leaked data linked to Udemy, Zara, and 7-Eleven, with claims of exposed Salesforce records and cloud-based systems...

5.3AI score
Exploits0
OSV
OSV
added 2026/04/14 10:31 p.m.7 views

GHSA-F24X-5G9Q-753F OAuth2 Proxy's session cookies are not cleared when rendering sign-in page

Impact A regression introduced in v7.11.0 is preventing OAuth2 Proxy from clearing the session cookie when rendering the sign-in page. This only impacts deployments that rely on the sign-in page as part of their logout flow. In those setups, a user may be shown the sign-in page while the existing...

3.5CVSS5.8AI score0.00183EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/14 10:10 p.m.2 views

CVE-2026-34454 OAuth2 Proxy: Session cookie not cleared when rendering sign-in page

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. A regression introduced in 7.11.0 prevents OAuth2 Proxy from clearing the session cookie when rendering the sign-in page. In deployments that rely on the sign-in page as part of their logout flow, a user may be...

3.5CVSS5.8AI score0.00183EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/24 6:4 a.m.8 views

CVE-2026-4755 CWE-20 in MolotovCherry Android-ImageMagick7

CWE-20 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11...

9.8CVSS5.8AI score0.00284EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/17 9:31 a.m.5 views

EUVD-2026-12550

Missing Authorization vulnerability in Pluggabl Booster for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a before 7.11.3...

5.3CVSS5.8AI score0.00225EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/17 8:24 a.m.3 views

CVE-2026-32586 WordPress Booster for WooCommerce plugin < 7.11.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through 7.11.3...

5.3CVSS5.1AI score0.00225EPSS
Exploits0References1
NVD
NVD
added 2026/03/11 4:16 p.m.7 views

CVE-2026-31892

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in...

9.9CVSS0.00413EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2026/03/09 9:11 p.m.3 views

CVE-2026-31802

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x...

8.2CVSS5.8AI score0.00253EPSS
Exploits4References2
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:52 p.m.3 views

CVE-2026-22470

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in FireStorm Plugins FireStorm Professional Real Estate fs-real-estate-plugin allows Blind SQL Injection.This issue affects FireStorm Professional Real Estate: from n/a through = 2.7.11...

7.6CVSS5.6AI score0.00279EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004650)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004650 advisory. An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions expanddownwards and expandupwards...

7CVSS6.5AI score0.0045EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004168)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004168 advisory. An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions expanddownwards and expandupwards...

7CVSS6.5AI score0.0045EPSS
Exploits1References9
OSV
OSV
added 2025/12/05 11:15 p.m.3 views

CVE-2025-14111

A security vulnerability has been detected in Rarlab RAR App up to 7.11 Build 127 on Android. This affects an unknown part of the component com.rarlab.rar. Such manipulation leads to path traversal. It is possible to launch the attack remotely. Attacks of this nature are highly complex. It is...

8.1CVSS5.2AI score0.00548EPSS
Exploits1References4
NVD
NVD
added 2025/12/05 11:15 p.m.8 views

CVE-2025-14111

A security vulnerability has been detected in Rarlab RAR App up to 7.11 Build 127 on Android. This affects an unknown part of the component com.rarlab.rar. Such manipulation leads to path traversal. It is possible to launch the attack remotely. Attacks of this nature are highly complex. It is...

8.1CVSS0.00548EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.7 views

PT-2025-49319

Name of the Vulnerable Software and Affected Versions Rarlab RAR App versions up to 7.11 Build 127 Description A security issue exists in the component com.rarlab.rar of Rarlab RAR App on Android. This allows for path traversal, potentially enabling remote attacks. Exploitation is considered high...

8.1CVSS4.9AI score0.00548EPSS
Exploits1References9
OSV
OSV
added 2025/11/12 5:15 p.m.5 views

UBUNTU-CVE-2025-52331

Cross-site scripting XSS vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user information such as the computer username, generated report directory, and IP address. The generate report command includes archived file names without validation i...

6.1CVSS5.7AI score0.00268EPSS
Exploits0References5
Rows per page
Query Builder