Lucene search
K

162 matches found

NVD
NVD
added 4 days ago13 views

CVE-2026-15097

The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'heightslider' Slider Module Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00201EPSS
Exploits0References6
CVE
CVE
added 5 days ago13 views

CVE-2026-29519

CVE-2026-29519 affects Lucee CFML Server across 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines. It describes a reflected cross-site scripting vulnerability in URL path parsing, where unauthenticated remote attackers can cause arbitrary JavaScript to execute in a victim’s browser by embedding payloa...

8.2CVSS6.3AI score0.00386EPSS
Exploits1References2
CVE
CVE
added 6 days ago15 views

CVE-2026-47826

CVE-2026-47826 is a directory traversal vulnerability in the BOSH CLI (blobs.yaml path). Affected are BOSH CLI versions before v7.10.4; exploitation can allow an attacker to write arbitrary files and exfiltrate sensitive data via crafted input in blobs.yaml. Connected advisories from Snyk describ...

9.1CVSS7.3AI score0.00337EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/07/07 8:52 a.m.5 views

WordPress WPJAM Basic plugin <= 7.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by hhhai in WordPress Plugin WPJAM Basic versions = 7.0...

8.8CVSS5.9AI score0.00355EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/06/29 12:0 a.m.15 views

CVE-2026-31016

CVE-2026-31016 is a Cross Site Request Forgery vulnerability affecting Squidex.io Squidex CMS up to version 7.21.0 (and earlier). The issue enables a remote attacker to escalate privileges via the IdentityServer account profile endpoint. The vulnerability is documented with a CVSS v3.1 base score...

6.5CVSS5.8AI score0.00186EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.36 views

CVE-2026-56057 WordPress Uncanny Automator Pro plugin <= 7.3.0.6 - PHP Object Injection vulnerability

Subscriber PHP Object Injection in Uncanny Automator Pro = 7.3.0.6 versions...

9.8CVSS0.00426EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.6 views

EUVD-2026-39694

Unauthenticated PHP Object Injection in Uncanny Automator = 7.3.1.2 versions...

8.1CVSS5.8AI score0.00317EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.8 views

CVE-2026-40741

Unauthenticated Broken Access Control in Redsys for WooCommerce Light = 7.0.0 versions...

7.5CVSS0.00246EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.8 views

CVE-2026-27333

Unauthenticated Deserialization of untrusted data in Paid Videochat Turnkey Site = 7.3.23 versions...

8.1CVSS0.00317EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.30 views

CVE-2026-40741 WordPress Redsys for WooCommerce Light plugin <= 7.0.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Redsys for WooCommerce Light = 7.0.0 versions...

7.5CVSS0.00246EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 4:59 p.m.15 views

CVE-2026-33244

React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP Location header value can permit Cross-Site Scripting XSS in the statically generated HTML files if the redirect location comes from an...

5.4CVSS5.8AI score0.00144EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/27 5:5 a.m.5 views

SUSE CVE-2022-23708

A flaw was discovered in Elasticsearch 7.17.0's upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “” index permissions access to this index...

4.3CVSS5.8AI score0.00909EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/05/19 8:43 p.m.9 views

WordPress Slider Revolution plugin <= 7.0.9 - Unauthenticated Sensitive Information Exposure vulnerability

Unauthenticated Sensitive Information Exposure vulnerability discovered by Nos1x0 in WordPress Plugin Slider Revolution versions = 7.0.9...

5.3CVSS5.8AI score0.00332EPSS
Exploits0References1Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/08 8:20 p.m.10 views

aratinga (=0.1.0a0.dev3), coop (>=7.1.0 <=7.2.1) +7 more potentially affected by CVE-2026-44199 via wagtail (>=7.1.0 <=7.2.3)

wagtail PYPI version =7.1.0, =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.2.0b0 Source cves: CVE-2026-44199 Source advisory: OSV:GHSA-PWM3-7FV4-G6XX...

6.5CVSS5.8AI score0.00174EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.11 views

nbconvert 路径遍历漏洞

nbconvert is a format conversion library from the Jupyter organization. It converts Jupyter .ipynb notebook files into other static formats, including HTML, LaTeX, PDF, Markdown, etc. Version 6.5 to 7.17.0 of nbconvert has a path traversal vulnerability. This vulnerability stems from the improper...

6.5CVSS5.9AI score0.00266EPSS
Exploits0References2
CVE
CVE
added 2026/04/16 5:29 a.m.25 views

CVE-2026-5050

The CVE-2026-5050 entry details a vulnerability in the Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress. Affected versions are up to and including 7.0.0. The root cause is improper verification of cryptographic signatures: successful_request() handlers compute a local signature ...

7.5CVSS5.8AI score0.00206EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/13 9:48 p.m.4 views

Security Bulletin: vulerability in IBM Spectrum Symphony with IBM WebSphere Application Server Liberty

Summary vulerability in IBM Spectrum Symphony with IBM WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2024-56339 DESCRIPTION: IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass...

7.5CVSS5.9AI score0.004EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/04/13 4:34 p.m.20 views

CVE-2026-39940 ChurchCRM has an Open Redirect via the ‘linkBack’ URL Parameter in DonatedItemEditor.php

ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places across the ChurchCRM application to create a link that, when visited by an authenticated user, would redirect them to any URL chosen by an attacker if they clicked 'Cancel' button on the page. For...

5.3CVSS0.00269EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/08 5:48 a.m.21 views

CVE-2026-5082 Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id

Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id. The generatesessionid function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes using SHA-1 hash seeded with the built-in rand...

0.00405EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/30 12:31 a.m.11 views

EUVD-2025-209116

Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded password for the user account PROG used for CENTUM Authentication Mode within the system. Under the following conditions, there is a risk that an attacker could log in as the PROG user. The default...

2.1CVSS5.8AI score0.00165EPSS
Exploits0References2
Rows per page
Query Builder