Lucene search
+L

492 matches found

nvd
nvd
added 6 days ago5 views

CVE-2026-14475

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

4.9CVSS0.00294EPSS
Exploits0References7
cve
cve
added 6 days ago6 views

CVE-2026-14475

The CVE-2026-14475 entry relates to the WordPress plugin “WPLP Cookie Consent” (GDPR/CCPA banner) with a SQL Injection vulnerability via the scan_id parameter in all versions up to 4.3.6. The root cause is insufficient escaping of the user-supplied parameter and inadequate preparation of the exis...

4.9CVSS6.1AI score0.00294EPSS
Exploits0References7
patchstack
patchstack
added 2026/07/08 2:43 p.m.5 views

WordPress Events Manager plugin <= 7.3.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by dutafi in WordPress Plugin Events Manager versions = 7.3.6...

8.8CVSS6.1AI score0.00317EPSS
Exploits0Affected Software1
cvelist
cvelist
added 2026/06/18 6:50 a.m.32 views

CVE-2026-12137 SysBasics Customize My Account for WooCommerce <= 4.3.6 - Reflected Cross-Site Scripting via 'tab' Parameter

The SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 4.3.6 due to insufficient input sanitization and output escaping. Thi...

6.1CVSS0.00211EPSS
Exploits0References4
nvd
nvd
added 2026/06/17 10:16 p.m.15 views

CVE-2026-48997

e107 is a content management system CMS. Versions 2.3.5 and earlier contain a command injection vulnerability in the ImageMagick resize destination path. In resizeimage, the source path is escaped with escapeshellarg, but the destination path is inserted inside raw double quotes in the convert...

7.1CVSS0.00747EPSS
Exploits0References2
euvd
euvd
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37637

Subscriber Privilege Escalation in JetFormBuilder = 3.6.1 versions...

6.8CVSS5.2AI score0.00211EPSS
Exploits0References2
nvd
nvd
added 2026/06/17 1:20 p.m.9 views

CVE-2026-54196

Subscriber Privilege Escalation in JetFormBuilder = 3.6.1 versions...

6.8CVSS0.00211EPSS
Exploits0References1
nvd
nvd
added 2026/06/17 1:20 p.m.11 views

CVE-2026-49080

Unauthenticated SQL Injection in wpDataTables = 7.3.6 versions...

9.3CVSS0.00312EPSS
Exploits0References1
euvd
euvd
added 2026/06/15 9:30 p.m.9 views

EUVD-2025-210159

Subscriber Broken Access Control in bunny.net = 2.3.6 versions...

6.3CVSS5.1AI score0.00242EPSS
Exploits0References2
nvd
nvd
added 2026/06/15 9:17 p.m.8 views

CVE-2026-48838

Unauthenticated Cross Site Scripting XSS in Post SMTP = 3.6.2 versions...

7.1CVSS0.00237EPSS
Exploits0References1
cve
cve
added 2026/06/15 8:17 p.m.24 views

CVE-2025-68049

CVE-2025-68049 affects the WordPress bunny.net plugin, version up to 2.3.6, with a Broken Access Control flaw. The CVSS 3.1 base metrics indicate Low impact to confidentiality, integrity, and availability, and a network attack vector with low privileges required and no user interaction. The provi...

6.3CVSS5.1AI score0.00242EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/15 12:0 a.m.12 views

PT-2026-49422

Unauthenticated Broken Authentication in ReviewX = 2.3.6 versions...

7.5CVSS5.2AI score0.00294EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/15 12:0 a.m.11 views

PT-2026-49441

Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References2
cve
cve
added 2026/06/11 6:34 p.m.48 views

CVE-2026-46519

CVE-2026-46519 affects mcp-server-kubernetes (Model Context Protocol server) prior to version 3.6.0. The issue stems from access controls implemented via three environment variables (ALLOW_ONLY_READONLY_TOOLS, ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS, ALLOWED_TOOLS) being enforced only at the tool discov...

8.8CVSS5.6AI score0.00376EPSS
Exploits0References2
nvd
nvd
added 2026/06/11 9:16 a.m.15 views

CVE-2023-40200

Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Logo Showcase Responsive Slider and Carousel: from n/a through 3.6...

5.3CVSS0.00188EPSS
Exploits0References1
nvd
nvd
added 2026/06/09 5:16 a.m.14 views

CVE-2026-11623

A security vulnerability has been detected in tmux up to 3.6a. Affected is the function imagefree of the file image.c. Such manipulation leads to use after free. Local access is required to approach this attack. This attack is characterized by high complexity. The exploitability is told to be...

4.5CVSS0.00124EPSS
Exploits0References8
redhatcve
redhatcve
added 2026/06/09 2:58 a.m.13 views

CVE-2026-11469

A flaw has been found in jishenghua jshERP up to 3.6. Impacted is the function insertPlatformConfig of the file jshERP-boot/src/main/java/com/jsh/erp/service/PlatformConfigService.java of the component platformConfig Add Endpoint. Executing a manipulation of the argument platformValue can lead to...

5.8CVSS5AI score0.00232EPSS
Exploits0References1
packetstormnews
packetstormnews
added 2026/06/09 12:0 a.m.12 views

OpenSSL Toolkit 3.6.3

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 3.6 release...

9.8CVSS5.4AI score0.02719EPSS
Exploits0
redhatcve
redhatcve
added 2026/06/05 7:35 p.m.11 views

CVE-2026-49051

Missing Authorization vulnerability in Prasad Kirpekar WP Meta and Date Remover allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Meta and Date Remover: from n/a through 2.3.6...

4.3CVSS5.4AI score0.0022EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:32 p.m.11 views

CVE-2026-6891

Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8 or earlier may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of files for which they would not normally have...

5.1CVSS5.5AI score0.00123EPSS
Exploits0References1
Rows per page
Query Builder