Lucene search
K

45884 matches found

RedhatCVE
RedhatCVE
added 1 hour ago3 views

CVE-2026-8608

The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This is due to the capturepayment AJAX handler registered via wpajaxnoprivemcapturepayment trusting...

5.3CVSS5.6AI score0.00018EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 1 hour ago3 views

CVE-2026-7523

The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access...

4.3CVSS5.5AI score0.00039EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 1 hour ago3 views

CVE-2026-45779

OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows an unauthenticated remote attacker to execute arbitrary SQL statements. Exploitation requires no authentication or user interaction and...

9.3CVSS6AI score0.00892EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 1 hour ago4 views

CVE-2026-9290

The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the profile template scope function. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files...

7.5CVSS6.3AI score0.00447EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 1 hour ago3 views

CVE-2026-11420

Two path traversal vulnerabilities in the Network Installation Service NIS of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on the server filesystem and to read package archive files from the server. No authentication, session...

10CVSS6.4AI score0.00676EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added yesterday7 views

CVE-2026-50233

Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service TCP port 9090 and the HTTP JSON-RPC endpoint /jsonrpc.js. The query accepts a folder parameter and lists its contents with no restriction to the...

6.9CVSS5.6AI score0.00044EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added yesterday7 views

CVE-2026-46390

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 2.0.0 and prior to version 26.0.0, the gitlist plugin is exposed to unauthenticated users, allowing unauthenticated browsing of git repositories and git history. Version 26.0.0 patches the issue...

6.9CVSS5.5AI score0.0005EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added yesterday8 views

CVE-2026-46395

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the hmacBase64 function in the HAXcms Node.js backend contains two critical cryptographic implementation errors that together allow any unauthenticated attacker to extract the system’s private signing ke...

9.3CVSS5.9AI score0.00037EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added yesterday7 views

CVE-2026-50234

Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory traversal in the web server context. Attackers can manipulate file path parameters to access sensitive files outside the intended directory...

8.7CVSS5.6AI score0.0045EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added yesterday8 views

CVE-2026-48907

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution...

10CVSS5.5AI score0.00111EPSS
Exploits0References1
GithubExploit
GithubExploit
added yesterday22 views

Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 !TIP If the setup does not start, add t...

9.8CVSS6.1AI score0.00095EPSS
Exploits28
GithubExploit
GithubExploit
added yesterday24 views

Exploit for Deserialization of Untrusted Data in Apache Activemq

CVE-2023-46604-RCE Python implementation of Apache ActiveMQ...

10CVSS7.3AI score0.94436EPSS
Exploits31
NVD
NVD
added yesterday10 views

CVE-2026-9016

The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable to Improper Output Neutralization for Logs in all versions up to, and including, 2.5.0. This is due to the logjserrors AJAX handler being registered for unauthenticated users via...

5.3CVSS0.00059EPSS
Exploits0References6
NVD
NVD
added yesterday8 views

CVE-2026-8839

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.96.6. This is due to missing ownership verification in the REST API routes registered via MappressApi::restapiinit, where the GET...

5.3CVSS0.00083EPSS
Exploits0References24
CVE
CVE
added yesterday19 views

CVE-2026-9016

The CVE concerns the WordPress plugin Debug Log Manager (

5.3CVSS5.6AI score0.00059EPSS
Exploits0References6
EUVD
EUVD
added yesterday7 views

EUVD-2026-34960

The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable to Improper Output Neutralization for Logs in all versions up to, and including, 2.5.0. This is due to the logjserrors AJAX handler being registered for unauthenticated users via...

5.3CVSS5.6AI score0.00059EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-9016

The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable to Improper Output Neutralization for Logs in all versions up to, and including, 2.5.0. This is due to the logjserrors AJAX handler being registered for unauthenticated users via...

5.3CVSS5.6AI score0.00059EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added yesterday6 views

CVE-2026-9016 Debug Log Manager <= 2.5.0 - Unauthenticated Improper Output Neutralization for Logs via log_js_errors AJAX Action

The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable to Improper Output Neutralization for Logs in all versions up to, and including, 2.5.0. This is due to the logjserrors AJAX handler being registered for unauthenticated users via...

5.3CVSS5.6AI score0.00059EPSS
Exploits0References6
Nuclei
Nuclei
added yesterday15 views

Budibase - Authentication Bypass

Budibase = 3.31.4 contains an authentication bypass caused by unanchored regex in authorized middleware matching webhook path patterns in query strings, letting unauthenticated remote attackers access any server-side API endpoint, exploit requires crafted request with webhook pattern in URL. id:...

9.1CVSS5.5AI score0.16947EPSS
Exploits2References2
NVD
NVD
added yesterday6 views

CVE-2026-8502

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the 'returntype' parameter. This makes it possible for unauthenticated attackers to extract sensitive data...

5.3CVSS0.00071EPSS
Exploits0References14
Rows per page
Query Builder