Lucene search
K

8472 matches found

Nuclei
Nuclei
added 13 hours ago7 views

Cost Calculator Builder <= 3.2.15 - SQL Injection

The Cost Calculator Builder plugin for WordPress is vulnerable to SQL Injection via discount codes in versions up to, and including, 3.2.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

9.8CVSS6AI score0.02002EPSS
Exploits0References3
Nuclei
Nuclei
added 13 hours ago24 views

TileServer API - Cross Site Scripting

tileserver-gl up to v4.4.10 was discovered to contain a cross-site scripting XSS vulnerability via the component /data/v3/?key. id: CVE-2024-35627 info: name: TileServer API - Cross Site Scripting author: DhiyaneshDK severity: medium description: | tileserver-gl up to v4.4.10 was discovered to...

6.1CVSS5.7AI score0.00957EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-41656

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

10CVSS7.8AI score0.00777EPSS
Exploits3References1
CVE
CVE
added 3 days ago14 views

CVE-2026-14459

Vulnerability: TUBITAK BILGEM pardus-software suffers an argument injection due to improper neutralization of command delimiters. Affects pardus-software

8.8CVSS5.9AI score0.00198EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 3 days ago6 views

CVE-2026-11778

The The CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.2.14. This is due to the software allowing users to execute an action that does not properly validate a value...

5.4CVSS6.3AI score0.00255EPSS
Exploits0References5
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41486

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aboutme' parameter in all versions up to, and including, 2.11.4 due to insufficient input sanitization and...

6.4CVSS5.9AI score0.00241EPSS
Exploits0References11
NVD
NVD
added 4 days ago6 views

CVE-2026-57763

Contributor Cross Site Scripting XSS in Structured Content = 1.7.0 versions...

6.5CVSS0.00139EPSS
Exploits0References1
NVD
NVD
added 4 days ago6 views

CVE-2026-57751

Unauthenticated Cross Site Request Forgery CSRF in Heateor Social Login = 1.1.39 versions...

8.1CVSS0.00139EPSS
Exploits0References1
NVD
NVD
added 4 days ago6 views

CVE-2026-57684

Contributor Cross Site Scripting XSS in TheFox = 3.9.70 versions...

6.5CVSS0.00171EPSS
Exploits0References1
NVD
NVD
added 4 days ago6 views

CVE-2026-57685

Subscriber Broken Access Control in Martfury - WooCommerce Marketplace WordPress Theme = 3.2.8 versions...

4.3CVSS0.00254EPSS
Exploits0References1
NVD
NVD
added 4 days ago6 views

CVE-2026-57687

Contributor SQL Injection in Custom Field Template = 2.7.8 versions...

8.5CVSS0.0022EPSS
Exploits0References1
NVD
NVD
added 4 days ago11 views

CVE-2026-57621

Unauthenticated PHP Object Injection in Booktics = 1.0.21 versions...

9.8CVSS0.00336EPSS
Exploits0References1
NVD
NVD
added 4 days ago4 views

CVE-2026-57623

Unauthenticated Arbitrary Code Execution in W3 Total Cache = 2.9.4 versions...

9CVSS0.00332EPSS
Exploits0References1
NVD
NVD
added 4 days ago3 views

CVE-2026-57670

Unauthenticated Cross Site Scripting XSS in Google Maps CP = 1.2.5 versions...

7.1CVSS0.00191EPSS
Exploits0References1
NVD
NVD
added 4 days ago4 views

CVE-2026-57356

Unauthenticated Cross Site Scripting XSS in MC Woocommerce Wishlist = 1.9.19 versions...

7.1CVSS0.00191EPSS
Exploits0References1
NVD
NVD
added 4 days ago5 views

CVE-2025-69132

Subscriber Sensitive Data Exposure in Corpkit = 1.0.5 versions...

6.5CVSS0.00355EPSS
Exploits0References1
NVD
NVD
added 4 days ago5 views

CVE-2025-58902

Unauthenticated Local File Inclusion in Lighthouse = 1.2.12 versions...

8.1CVSS0.00282EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago38 views

CVE-2026-57765 WordPress WP EasyCart plugin <= 5.9.0 - SQL Injection vulnerability

Contributor SQL Injection in WP EasyCart = 5.9.0 versions...

8.5CVSS0.0022EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-57762 WordPress Simple URLs plugin <= 151 - Cross Site Scripting (XSS) vulnerability

Author Cross Site Scripting XSS in Simple URLs = 151 versions...

5.9CVSS0.00148EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago8 views

CVE-2026-57762

Author Cross Site Scripting XSS in Simple URLs = 151 versions...

5.9CVSS5.8AI score0.00148EPSS
Exploits0References2
Rows per page
Query Builder