Lucene search
K

79808 matches found

Nuclei
Nuclei
added 4 hours ago110 views

WordPress Redux Framework <=4.2.11 - Information Disclosure

WordPress Redux Framework plugin through 4.2.11 is susceptible to information disclosure. The plugin registers several unique AJAX actions available to unauthenticated users in the includes function in redux-core/class-redux-core.php. These are predictable, given that they are based on an md5 has...

5.3CVSS6.2AI score0.28961EPSS
Exploits6References5
Nuclei
Nuclei
added 4 hours ago76 views

3DPrint Lite < 1.9.1.5 - Arbitrary File Upload

The plugin does not have any authorisation and does not check the uploaded file in its p3dlitehandleupload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as Apache. id:...

9.8CVSS7.2AI score0.06646EPSS
Exploits2References3
Nuclei
Nuclei
added 4 hours ago51 views

Rukovoditel <= 3.2.1 - Cross Site Scripting

A stored cross-site scripting XSS vulnerability in the Users Alerts feature /index.php?module=usersalerts/usersalerts of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add". id:...

5.4CVSS6.3AI score0.00929EPSS
Exploits1References3
Nuclei
Nuclei
added 4 hours ago69 views

Users Ultra <= 3.1.0 - SQL Injection

The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the datatarget parameter before it is being interpolated in an SQL statement and then executed via the ratingvote AJAX action available to both unauthenticated and authenticated users, leading to an SQL Injection...

9.8CVSS7.1AI score0.0854EPSS
Exploits2References5
Nuclei
Nuclei
added 4 hours ago84 views

Multiple Shipping Address Woocommerce < 2.0 - SQL Injection

The Multiple Shipping Address Woocommerce plugin before 2.0 does not properly sanitize and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections. id: CVE-2022-0783 info: name: Multiple...

9.8CVSS7.1AI score0.07866EPSS
Exploits2References2
Nuclei
Nuclei
added 4 hours ago53 views

WordPress Events Calendar <1.4.5 - Cross-Site Scripting

WordPress Events Calendar plugin before 1.4.5 contains multiple cross-site scripting vulnerabilities. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the...

6.1CVSS6.4AI score0.00891EPSS
Exploits2References2
Nuclei
Nuclei
added 4 hours ago43 views

WordPress Copyright Proof <=4.16 - Cross-Site-Scripting

WordPress Copyright Proof plugin 4.16 and prior contains a cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users when a specific setting is enabled. id: CVE-2022-1906...

6.1CVSS6.4AI score0.00955EPSS
Exploits2References4
Nuclei
Nuclei
added 4 hours ago73 views

ARMember < 3.4.8 - Unauthenticated Admin Account Takeover

The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover even the administrator due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username. id:...

8.1CVSS7.1AI score0.0852EPSS
Exploits1References5
EUVD
EUVD
added 5 hours ago7 views

EUVD-2026-43625

The SureForms WordPress plugin before 2.11.1 does not properly validate the payment amount on forms that use a dynamically-sourced variable/hidden payment amount, allowing unauthenticated users to underpay for the configured product or subscription. Forms using a fixed configured price are not...

6.1AI score
Exploits0References1
EUVD
EUVD
added 11 hours ago4 views

EUVD-2026-43575

Cockpit CMS contains a missing authorization vulnerability in the Bucket file storage API /system/buckets/api. The api method in modules/System/Controller/Buckets.php executes bucket commands ls, upload, removefiles, rename, createfolder without performing any ACL or role check. Any authenticated...

8.8CVSS6.1AI score
Exploits0References5
NVD
NVD
added yesterday5 views

CVE-2026-61463

Shiori contains a privilege escalation vulnerability in the account update endpoint that allows authenticated users to modify the owner field without authorization checks. Attackers can escalate to administrator by submitting a crafted PATCH request with owner: true, then re-authenticate to obtai...

8.8CVSS
Exploits0References4
CVE
CVE
added yesterday7 views

CVE-2026-61463

CVE-2026-61463 : Shiori contains a privilege escalation in the account update endpoint. An authenticated user can modify the owner field without authorization checks by submitting a crafted PATCH request with owner: true, then re-authenticate to obtain an admin JWT token that grants full system a...

8.8CVSS6.1AI score
Exploits0References4
EUVD
EUVD
added yesterday6 views

EUVD-2026-43316

This vulnerability is a critical Server-Side Template Injection SSTI in Centreon's centreon-open-tickets module that leads to Remote Code Execution. The messageconfirm field is stored without sanitization and rendered via Smarty with no security policy enabled, allowing any authenticated user, to...

9.6CVSS6.4AI score0.00478EPSS
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-43287

The Tutor LMS WordPress plugin before 3.9.13 does not verify ownership of the targeted quiz attempt before writing to it, allowing authenticated users with subscriber-level access and above to modify and force-complete other students' quiz attempts, overwriting their recorded marks and pass/fail...

5.4CVSS6.1AI score0.00132EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday22 views

CVE-2026-14453 A user with low privileges can inject SSTI templates that can lead to RCE in open-tickets

This vulnerability is a critical Server-Side Template Injection SSTI in Centreon's centreon-open-tickets module that leads to Remote Code Execution. The messageconfirm field is stored without sanitization and rendered via Smarty with no security policy enabled, allowing any authenticated user, to...

9.6CVSS0.00478EPSS
Exploits0References1
NVD
NVD
added yesterday8 views

CVE-2026-14165

An Authorization Bypass Through User-Controlled Key vulnerability affecting Tuleap Enterprise Edition from 17.0 through 17.5 could allow an attacker to access data of other users without authorization...

7.5CVSS0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday22 views

CVE-2026-10106 Unauthorized users can trigger interactive post actions in private channels via action cookie channel mismatch in Mattermost

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to verify that the channel referenced in an action cookie matches the channel of the target post, which allows an authenticated user without access to a private channel to trigger interactive post actions on posts in th...

6.5CVSS0.00174EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday18 views

CVE-2026-11963 User Registration & Membership < 5.2.2 - Subscriber+ Cross-User Role and Membership Tier Modification via IDOR

The User Registration & Membership WordPress plugin before 5.2.2 does not perform an authorization check on a membership-upgrade action and derives the user to modify from a caller-supplied identifier instead of the current user, allowing any authenticated user such as a subscriber to change...

0.00132EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday103 views

MagnusBilling Alarm Module - Cross-Site Scripting

Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling Alarm Module modules allows authenticated stored cross-site scripting. This vulnerability is associated with program files protected/components/MagnusLog.Php.This issue affects MagnusBilling-...

7.6CVSS5.8AI score0.00888EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday28 views

LiteLLM - Arbitrary File Read

LiteLLM 1.83.0 contains a broken access control vulnerability caused by lack of admin role enforcement on /config/update endpoint, letting authenticated users modify configurations, execute code, read files, and take over accounts. id: CVE-2026-35029 info: name: LiteLLM - Arbitrary File Read...

8.8CVSS6.2AI score0.26409EPSS
Exploits2References3
Rows per page
Query Builder