Lucene search
K

3121 matches found

Nuclei
Nuclei
added 5 hours ago91 views

WordPress Visitor Statistics <=5.7 - SQL Injection

WordPress Visitor Statistics plugin through 5.7 contains multiple unauthenticated SQL injection vulnerabilities. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-33965 info:...

9.8CVSS7.1AI score0.03413EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-57906

Name of the Vulnerable Software and Affected Versions 9Router versions prior to 0.4.42 Description An unauthenticated information disclosure issue exists where remote attackers can retrieve plaintext API keys for all connected AI provider accounts. This occurs due to missing authentication...

9.3CVSS6.2AI score
Exploits0References4
NVD
NVD
added 2 days ago6 views

CVE-2026-56281

Capgo before 12.128.2 contains a sql injection vulnerability in the POST /private/adminstats endpoint where the limit parameter is destructured from unvalidated request body and interpolated directly into Cloudflare Analytics Engine SQL queries via template literals. An attacker with platform adm...

5.1CVSS0.00197EPSS
Exploits0References2
OSV
OSV
added 2 days ago3 views

CVE-2026-56281 Capgo - SQL Injection via Unvalidated limit Parameter in Admin Stats Endpoint

Capgo before 12.128.2 contains a sql injection vulnerability in the POST /private/adminstats endpoint where the limit parameter is destructured from unvalidated request body and interpolated directly into Cloudflare Analytics Engine SQL queries via template literals. An attacker with platform adm...

5.1CVSS6.1AI score0.00197EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-43229

Capgo before 12.128.2 contains a sql injection vulnerability in the POST /private/adminstats endpoint where the limit parameter is destructured from unvalidated request body and interpolated directly into Cloudflare Analytics Engine SQL queries via template literals. An attacker with platform adm...

5.1CVSS6.1AI score0.00197EPSS
Exploits0References2
CVE
CVE
added 2 days ago14 views

CVE-2026-56281

Capgo before 12.128.2 contains a SQL injection in POST /private/admin_stats: the limit parameter is destructured from an unvalidated request body and interpolated directly into Cloudflare Analytics Engine SQL queries via template literals. An attacker with platform admin credentials can inject SQ...

5.1CVSS6.1AI score0.00197EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-56281 Capgo - SQL Injection via Unvalidated limit Parameter in Admin Stats Endpoint

Capgo before 12.128.2 contains a sql injection vulnerability in the POST /private/adminstats endpoint where the limit parameter is destructured from unvalidated request body and interpolated directly into Cloudflare Analytics Engine SQL queries via template literals. An attacker with platform adm...

5.1CVSS0.00197EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago10 views

EUVD-2026-43223

Capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST globalstats endpoint that allows unauthenticated attackers to read sensitive financial and operational metrics using only the public apikey. Remote attackers can query the /rest/v1/globalstats endpoin...

8.7CVSS6.1AI score0.00368EPSS
Exploits0References2
CVE
CVE
added 2 days ago12 views

CVE-2026-56238

Capgo before 12.128.2 is affected by an information-disclosure vulnerability in the Supabase PostgREST global_stats endpoint that allows unauthenticated attackers to read sensitive financial and operational metrics via /rest/v1/global_stats using only a public apikey. Risks include exposure of MR...

8.7CVSS6.1AI score0.00368EPSS
Exploits0References2
NVD
NVD
added 3 days ago5 views

CVE-2026-56240

Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the planvalid calculation that allows organizations with exhausted or expired usage credit grants to bypass billing gates. Attackers can exploit the divergence between the plugin hot-path planvalid expression and the...

5.3CVSS0.00182EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-43169

Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the planvalid calculation that allows organizations with exhausted or expired usage credit grants to bypass billing gates. Attackers can exploit the divergence between the plugin hot-path planvalid expression and the...

5.3CVSS6.1AI score0.00182EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-56240 Capgo - Billing Authorization Bypass via Exhausted Usage Credits

Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the planvalid calculation that allows organizations with exhausted or expired usage credit grants to bypass billing gates. Attackers can exploit the divergence between the plugin hot-path planvalid expression and the...

5.3CVSS0.00182EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 10:3 a.m.11 views

SUSE-SU-2026:2238-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-20585: x86/CPU: Fix FPDSS on Zen1 bsc1243603. - CVE-2025-54518: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache bsc1264013. -...

9.8CVSS6.9AI score0.03663EPSS
Exploits32References449
OSV
OSV
added 2026/06/29 5:40 a.m.3 views

BIT-ENVOY-2026-47204 Envoy: grpc_stats filter segfault on Connect protocol requests to direct_response routes

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpcstats filter crashes null pointer dereference / segfault when a Connect protocol request Content-Type: application/connect+proto...

7.5CVSS5.8AI score0.00448EPSS
Exploits1References2
NVD
NVD
added 2026/06/26 6:16 p.m.8 views

CVE-2026-47204

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpcstats filter crashes null pointer dereference / segfault when a Connect protocol request Content-Type: application/connect+proto...

7.5CVSS0.00448EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/26 5:37 p.m.36 views

CVE-2026-47204 Envoy: grpc_stats filter segfault on Connect protocol requests to direct_response routes

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpcstats filter crashes null pointer dereference / segfault when a Connect protocol request Content-Type: application/connect+proto...

6.5CVSS0.00448EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 5:37 p.m.5 views

CVE-2026-47204

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpcstats filter crashes null pointer dereference / segfault when a Connect protocol request Content-Type: application/connect+proto...

6.5CVSS5.8AI score0.00448EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/06/26 5:37 p.m.18 views

CVE-2026-47204

Envoy CVE-2026-47204 affects the envoy.filters.http.grpc_stats filter. From 1.26.0 up to 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a Connect protocol request (Content-Type: application/connect+proto or application/connect+json) hitting a direct_response route could crash the Envoy process due to a nul...

7.5CVSS5.8AI score0.00448EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/06/26 2:16 a.m.11 views

CVE-2026-50745

A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output of the Smarty custom helper function url was neither properly encoded nor sanitised, allowing user‑supplied input t...

6.1CVSS0.00224EPSS
Exploits1References1
CVE
CVE
added 2026/06/26 1:11 a.m.15 views

CVE-2026-50745

CVE-2026-50745 concerns Revive Adserver’s stats-video.php where user input is reflected due to missing sanitisation and unencoded URL parameters, arising from improper handling of the Smarty url helper. The HackerOne report confirms a reflected XSS vector in this script. No exploitation status or...

6.1CVSS5.8AI score0.00224EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder