Lucene search
K

1726 matches found

NVD
NVD
added yesterday3 views

CVE-2025-69153

Unauthenticated Cross Site Scripting XSS in Trendy Travel = 6.7 versions...

7.1CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday12 views

CVE-2025-69153 WordPress Trendy Travel theme <= 6.7 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Trendy Travel = 6.7 versions...

7.1CVSS
Exploits0References1
CVE
CVE
added yesterday4 views

CVE-2025-69153

Mode C: CVE-2025-69153 affects the WordPress Trendy Travel theme (≤ 6.7). The issue is an unauthenticated reflected XSS in the Trendy Travel theme, enabling injection of script via user interaction. Impact is listed as low for confidentiality, integrity, and availability, with a CVSS ~7.1 (NETWOR...

7.1CVSS5.8AI score
Exploits0References1
Nuclei
Nuclei
added yesterday6 views

WP Travel Engine <= 5.7.9 - SQL Injection

WP Travel Engine 5.7.9 and earlier contains a SQL injection caused by improper neutralization of special elements used in an SQL command, letting attackers execute arbitrary SQL queries, exploit requires user interaction. id: CVE-2024-30502 info: name: WP Travel Engine = 5.7.9 - SQL Injection...

9.8CVSS7.6AI score0.02267EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday57 views

WordPress AB Google Map Travel <=3.4 - Stored Cross-Site Scripting

WordPress AB Google Map Travel plugin through 3.4 contains multiple stored cross-site scripting vulnerabilities. The plugin allows an attacker to hijack the administrator authentication for requests via the 1 lat Latitude, 2 long Longitude, 3 mapwidth, 4 mapheight, or 5 zoom Map Zoom parameters i...

6.8CVSS5.6AI score0.03859EPSS
Exploits2References5
Patchstack
Patchstack
added 3 days ago3 views

WordPress Trendy Travel theme <= 6.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Trendy Travel versions = 6.7...

7.1CVSS5.8AI score
Exploits0Affected Software1
NVD
NVD
added last week8 views

CVE-2026-56059

Subscriber Arbitrary File Upload in Travel Booking = 2.2.5 versions...

9.9CVSS0.00362EPSS
Exploits0References1
Cvelist
Cvelist
added last week30 views

CVE-2026-56059 WordPress Travel Booking theme <= 2.2.5 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Travel Booking = 2.2.5 versions...

9.9CVSS0.00362EPSS
Exploits0References1
CVE
CVE
added last week12 views

CVE-2026-56059

The CVE-2026-56059 entry concerns the WordPress Travel Booking theme version up to 2.2.5, which is affected by an arbitrary file upload vulnerability in Subscriber context. The linked sources (NVD/CVE records) confirm the affected product and version range and classify the severity as critical wi...

9.9CVSS5.8AI score0.00362EPSS
Exploits0References1
EUVD
EUVD
added last week7 views

EUVD-2026-39713

Subscriber Arbitrary File Upload in Travel Booking = 2.2.5 versions...

9.9CVSS5.8AI score0.00362EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.12 views

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: um: time-travel: fix time corruption In the “basic” time-travel mode without =inf-cpu or =ext, we still encounter timer interrupts. These can occur at arbitrary times, for example, while inside the timerread function, which simpl...

5CVSS5.5AI score0.00228EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 2:17 p.m.10 views

CVE-2026-54808

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4...

9.3CVSS0.00317EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 1:51 p.m.10 views

EUVD-2026-37713

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4...

9.3CVSS5.6AI score0.00317EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.14 views

PT-2026-50416

Name of the Vulnerable Software and Affected Versions WP Travel Gutenberg Blocks versions prior to 3.9.4 Description Improper Neutralization of Special Elements used in an SQL Command allows Blind SQL Injection. Blind SQL Injection is a type of attack where the application does not return data...

9.3CVSS5.7AI score0.00317EPSS
Exploits0References4
NVD
NVD
added 2026/06/15 9:17 p.m.10 views

CVE-2026-49770

Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...

9.8CVSS0.00383EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.10 views

CVE-2026-49078

Unauthenticated Other Vulnerability Type in WP Travel Engine = 6.7.10 versions...

7.5CVSS0.00252EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:19 p.m.28 views

CVE-2026-49770 WordPress WP Travel Engine plugin <= 6.7.12 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...

9.8CVSS0.00383EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:19 p.m.19 views

CVE-2026-49770

CVE-2026-49770 affects the WordPress WP Travel Engine plugin (

9.8CVSS5.3AI score0.00383EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:19 p.m.6 views

CVE-2026-49770 WordPress WP Travel Engine plugin <= 6.7.12 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...

9.8CVSS5.3AI score0.00383EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:19 p.m.9 views

EUVD-2026-36893

Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...

9.8CVSS5.3AI score0.00383EPSS
Exploits0References1
Rows per page
Query Builder