Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

254206 matches found

NVD
NVDadded 2026/05/29 8:16 a.m.9 views

CVE-2025-11262

The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the userid parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS0.00108EPSS
Exploits1References3
RedhatCVE
RedhatCVEadded 2026/05/29 8:13 a.m.9 views

CVE-2026-32997

A vulnerability allowing an authenticated user with the Backup Administrator role to write arbitrary files on Linux-based Veeam Backup & Replication server...

8.6CVSS7.4AI score0.00052EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/29 7:59 a.m.6 views

CVE-2026-10052

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...

4.1CVSS5.8AI score0.0003EPSS
Exploits0References3
CVE
CVEadded 2026/05/29 7:29 a.m.12 views

CVE-2026-49322

The CVE describes weak authentication in the Wireless Control Module (WCM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year. An adjacent-network attacker with read access to the in-vehicle network can recover the user-set unlock PIN by passively observing a single PIN authentication e...

4.3CVSS5.8AI score0.00009EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/29 6:58 a.m.32 views

CVE-2026-4776

An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query parameters, an authenticated API user can bypass input filtering and inject arbitrary SQL commands...

7.1CVSS0.00033EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/29 6:58 a.m.7 views

CVE-2026-4776

An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query parameters, an authenticated API user can bypass input filtering and inject arbitrary SQL commands...

7.1CVSS6AI score0.00033EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/29 6:58 a.m.9 views

EUVD-2026-33256

An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query parameters, an authenticated API user can bypass input filtering and inject arbitrary SQL commands...

7.1CVSS6AI score0.00033EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/05/29 6:49 a.m.13 views

CVE-2026-41075

A flaw was found in RT, an open-source issue and ticket tracking system. An authenticated user can exploit an SQL injection vulnerability by crafting malicious input. This input is then incorporated into database queries without proper validation, potentially allowing the attacker to read or modi...

8.8CVSS5.8AI score0.00032EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/05/29 6:49 a.m.11 views

CVE-2026-41074

A flaw was found in RT, an open-source issue and ticket tracking system. This Cross-Site Request Forgery CSRF vulnerability allows a remote attacker to trick a logged-in user into visiting a malicious web page. If successful, the attacker can then perform arbitrary state-changing actions within R...

7.1CVSS5.9AI score0.00016EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/29 6:43 a.m.5 views

CVE-2025-11262 Link Whisper Free <= 0.9.0 - Unauthenticated Stored Cross-Site Scripting

The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the userid parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS6AI score0.00108EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/05/29 6:43 a.m.30 views

CVE-2025-11262 Link Whisper Free <= 0.9.0 - Unauthenticated Stored Cross-Site Scripting

The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the userid parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS0.00108EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2026/05/29 6:43 a.m.6 views

CVE-2025-11262

The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the userid parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS6AI score0.00108EPSS
Exploits1References4
EUVD
EUVDadded 2026/05/29 6:43 a.m.7 views

EUVD-2026-33255

The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase verification flow in the lwpajaxregister AJAX handler not binding the Firebase session to the phone number supplied in the...

9.8CVSS5.8AI score0.00314EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/05/29 5:32 a.m.35 views

CVE-2025-14042 Automotive Car Dealership Business WordPress Theme <= 13.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Portfolio Project Details

The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Project Details' custom field in Portfolio Items in all versions up to, and including, 13.4.1. This is due to insufficient input sanitization and output escaping on...

6.4CVSS0.00026EPSS
Exploits0References2
NVD
NVDadded 2026/05/29 4:17 a.m.9 views

CVE-2026-8995

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 6.3.7. This is due to insufficient access controls on the 'ayspollgetuserinformation' AJAX action, which serializes and returns the...

4.3CVSS0.0005EPSS
Exploits0References9
Nuclei
Nucleiadded 2026/05/29 3:59 a.m.29 views

SaltStack <=3002 - Shell Injection

SaltStack Salt through 3002 allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt-API using the SSH client. id: CVE-2020-16846 info: name: SaltStack =3003 to mitigate this vulnerability. reference: -...

9.8CVSS7.3AI score0.94387EPSS
Exploits5References5
Nuclei
Nucleiadded 2026/05/29 3:59 a.m.48 views

Cacti 1.2.24 - SQL Injection

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graphview.php. Since guest users can access graphview.php without authentication by default, if guest users are being utilized in an enabled state, there...

9.8CVSS7.7AI score0.92641EPSS
Exploits2References5
CVE
CVEadded 2026/05/29 2:27 a.m.18 views

CVE-2026-8995

The affected product is the Poll Maker plugin for WordPress (by AYS), vulnerable in versions up to 6.3.7. The flaw resides in the AJAX action ays_poll_get_user_information, which lacks proper access controls and returns the full WP_User object (including password hash, email, login, registration ...

4.3CVSS5.8AI score0.0005EPSS
Exploits0References9
Vulnrichment
Vulnrichmentadded 2026/05/29 2:27 a.m.9 views

CVE-2026-8995 Poll Maker by AYS <= 6.3.7 - Authenticated (Subscriber+) Sensitive Information Exposure in 'ays_poll_get_user_information' AJAX Action

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 6.3.7. This is due to insufficient access controls on the 'ayspollgetuserinformation' AJAX action, which serializes and returns the...

4.3CVSS5.8AI score0.0005EPSS
Exploits0References9
Cvelist
Cvelistadded 2026/05/29 2:27 a.m.36 views

CVE-2026-8995 Poll Maker by AYS <= 6.3.7 - Authenticated (Subscriber+) Sensitive Information Exposure in 'ays_poll_get_user_information' AJAX Action

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 6.3.7. This is due to insufficient access controls on the 'ayspollgetuserinformation' AJAX action, which serializes and returns the...

4.3CVSS0.0005EPSS
Exploits0References9
Rows per page
Query Builder