Lucene search
K

11428 matches found

NVD
NVD
added 2 hours ago4 views

CVE-2026-53516

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, Better Auth's OAuth callback auto-link gate in handleOAuthUserInfo accepts implicit account linking when the OAuth provider asserts emailverified: true without requiring the local user row's emailVerified...

8.3CVSS0.00019EPSS
Exploits0References4
CVE
CVE
added 11 hours ago11 views

CVE-2026-35152

The CVE covers a SQL Injection in Apache Fineract’s Report Execution API (runreports endpoint) affecting versions up to and including 1.14.0. The vulnerability arises because report parameter values are embedded into the generated SQL without sufficient validation, enabling an authenticated user ...

8.8CVSS6.2AI score
Exploits0References4
Nuclei
Nuclei
added 16 hours ago9 views

Cost Calculator Builder <= 3.2.15 - SQL Injection

The Cost Calculator Builder plugin for WordPress is vulnerable to SQL Injection via discount codes in versions up to, and including, 3.2.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

9.8CVSS6.1AI score0.02002EPSS
Exploits0References3
Nuclei
Nuclei
added 16 hours ago53 views

TileServer API - Cross Site Scripting

tileserver-gl up to v4.4.10 was discovered to contain a cross-site scripting XSS vulnerability via the component /data/v3/?key. id: CVE-2024-35627 info: name: TileServer API - Cross Site Scripting author: DhiyaneshDK severity: medium description: | tileserver-gl up to v4.4.10 was discovered to...

6.1CVSS5.9AI score0.00957EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-15749

A security flaw has been discovered in mastergo-design mastergo-magic-mcp up to 0.2.0. This issue affects the function execute of the file src/tools/get-c2d.ts of the component mcpC2d. Performing a manipulation of the argument filePath results in path traversal. The attack requires a local...

5.3CVSS
Exploits0References6
Cvelist
Cvelist
added yesterday22 views

CVE-2026-11390 News Kit Addons For Elementor <= 1.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Logo Title and Single Author Box Widgets

The News Kit Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Site Logo Title and Single Author Box Widgets in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00252EPSS
Exploits0References9
HPE Security Bulletins
HPE Security Bulletins
added yesterday7 views

HPESBHF05079 rev.1 - HPE Compute Scale-up Server 3200 and 3250 platforms, Multiple Vulnerabilities

Potential Security Impact: Remote: Arbitrary Code Execution, Compromise of System Integrity, Denial of Service DoS SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. HPE Compute Scale-up Server 3200 - Prior to v1.76.44 HPE Compute Scale-up Server 3250 - Prior to v1.02.48 CVSS Scores:...

8.8CVSS7AI score0.02719EPSS
Exploits0
NVD
NVD
added 2 days ago5 views

CVE-2026-61977

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetSearch jet-search allows Retrieve Embedded Sensitive Data.This issue affects JetSearch: from n/a through = 3.6.1.2...

5.3CVSS0.00197EPSS
Exploits0References1
NVD
NVD
added 2 days ago5 views

CVE-2026-61968

Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through = 3.1.2...

5.4CVSS0.0017EPSS
Exploits0References1
NVD
NVD
added 2 days ago6 views

CVE-2026-59518

Deserialization of Untrusted Data vulnerability in wpWax Directorist directorist allows Object Injection.This issue affects Directorist: from n/a through = 8.8.2...

9.8CVSS0.00313EPSS
Exploits0References1
NVD
NVD
added 2 days ago7 views

CVE-2026-57791

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Brook brook allows PHP Local File Inclusion.This issue affects Brook: from n/a through = 2.9.0...

7.5CVSS0.00496EPSS
Exploits0References1
NVD
NVD
added 2 days ago7 views

CVE-2026-57795

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in themelexus Kitchor kitchor allows PHP Local File Inclusion.This issue affects Kitchor: from n/a through = 1.4.3...

7.5CVSS0.00496EPSS
Exploits0References1
NVD
NVD
added 2 days ago7 views

CVE-2026-57798

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SaurabhSharma NewsPlus Shortcodes newsplus-shortcodes allows PHP Local File Inclusion.This issue affects NewsPlus Shortcodes: from n/a through = 4.2.0...

7.5CVSS0.00496EPSS
Exploits0References1
NVD
NVD
added 2 days ago3 views

CVE-2026-57783

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in merkulove Speaker speaker allows Stored XSS.This issue affects Speaker: from n/a through = 4.1.13...

6.5CVSS0.00218EPSS
Exploits0References1
NVD
NVD
added 2 days ago3 views

CVE-2026-57779

Missing Authorization vulnerability in themebeez Fascinate fascinate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fascinate: from n/a through = 1.1.5...

5.3CVSS0.00285EPSS
Exploits0References1
NVD
NVD
added 2 days ago3 views

CVE-2026-57710

Unrestricted Upload of File with Dangerous Type vulnerability in quantumcloud WoowBot Pro Max woowbot-pro-max allows Using Malicious Files.This issue affects WoowBot Pro Max: from n/a through = 14.1.7...

9.9CVSS0.00328EPSS
Exploits0References1
NVD
NVD
added 2 days ago4 views

CVE-2026-57707

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows SQL Injection.This issue affects Simple Business Directory Pro: from n/a through = 15.9.4...

9.3CVSS0.00291EPSS
Exploits0References1
NVD
NVD
added 2 days ago3 views

CVE-2026-57405

Missing Authorization vulnerability in themehunk Open Shop open-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Open Shop: from n/a through = 1.7.1...

7.1CVSS0.00226EPSS
Exploits0References1
NVD
NVD
added 2 days ago4 views

CVE-2026-57388

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themefic Hydra Booking hydra-booking allows Stored XSS.This issue affects Hydra Booking: from n/a through = 1.1.44...

7.1CVSS0.0018EPSS
Exploits0References1
NVD
NVD
added 2 days ago3 views

CVE-2026-57376

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows DOM-Based XSS.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.4.3...

7.1CVSS0.0018EPSS
Exploits0References1
Rows per page
Query Builder