Lucene search
K

663 matches found

NVD
NVD
added 6 days ago4 views

CVE-2026-54838

Subscriber SQL Injection in WC Vendors Marketplace = 2.6.8 versions...

8.5CVSS0.0027EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago28 views

CVE-2026-54838 WordPress WC Vendors Marketplace plugin <= 2.6.8 - SQL Injection vulnerability

Subscriber SQL Injection in WC Vendors Marketplace = 2.6.8 versions...

8.5CVSS0.0027EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago4 views

EUVD-2026-39368

Subscriber SQL Injection in WC Vendors Marketplace = 2.6.8 versions...

8.5CVSS5.9AI score0.0027EPSS
Exploits0References1
CVE
CVE
added 6 days ago14 views

CVE-2026-54838

CVE-2026-54838 affects WordPress WC Vendors Marketplace plugin up to version 2.6.8. The description documents a subscriber SQL injection vulnerability (no explicit root cause details provided). CVSS 3.1 base score 8.5 (HIGH) with network attack vector, low attack complexity, privileges required: ...

8.5CVSS5.9AI score0.0027EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/18 9:44 a.m.7 views

WordPress WC Vendors Marketplace plugin <= 2.6.8 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hhhai in WordPress Plugin WC Vendors Marketplace versions = 2.6.8...

8.5CVSS6AI score0.0027EPSS
Exploits0Affected Software1
Lenovo
Lenovo
added 2026/05/12 6:13 p.m.13 views

Multi-Vendor BIOS Security Vulnerabilities (May 2026) - Lenovo Support US

No description provided...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/05 12:0 a.m.4 views

Firmware Distribution As Attack Surface: A Security Study of ASIC Cryptocurrency Miners

ASIC cryptocurrency miners are a core component of blockchain infrastructures, directly converting computation and energy into monetary value. Despite their economic im- portance, their security is rarely evaluated in a structured manner. In this paper, we show that the firmware distribution...

5.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/05/04 11:10 a.m.16 views

The 2026 World Cup scam economy is already running before the first whistle

The FIFA World Cup 2026 is scheduled to begin June 11 across the US, Canada, and Mexico. The web is filling with sites impersonating ticket vendors, telecoms, sticker publishers, toy manufacturers, immigration services, and crypto projects, all linked to the World Cup brand. Together, they map ou...

5.7AI score
Exploits0
hivepro
hivepro
added 2026/04/29 11:36 p.m.4 views

Supply Chain Cybersecurity Risk Management Guide

Your organization's security is only as strong as its weakest vendor. A single compromised supplier, an unpatched software dependency, or a breached managed service provider can give attackers a direct path into your environment, bypassing every control you have built internally. The SolarWinds...

5.9AI score
Exploits0
Lenovo
Lenovo
added 2026/04/15 3:7 a.m.7 views

Multi-Vendor BIOS Security Vulnerabilities (April 2026) - Lenovo Support US

No description provided...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/08 12:0 a.m.8 views

ARuleCon: Agentic Security Rule Conversion

Security Information and Event Management SIEM systems make it possible for detecting intrusion anomalies in real-time manner by their applied security rules. However, the heterogeneity of vendor-specific rules e.g., Splunk SPL, Microsoft KQL, IBM AQL, Google YARA-L, and RSA ESA makes...

6AI score
Exploits0
HackRead
HackRead
added 2026/03/19 1:7 p.m.3 views

CISO Whisperer Names 11 Vendors Leading the Shift from Tools to Outcomes at RSA Conference 2026

Austin, United States, 19th March 2026, CyberNewswire...

5.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/02/23 12:45 p.m.5 views

Password managers keep your passwords safe, unless…

I’m a big advocate of password managers. Granted, there are better alternatives for passwords like passkeys, but if a provider offers nothing but password options, which many do, you can’t do much about that. So, for the time being we seem to be stuck with passwords. Every reputable password...

5.6AI score
Exploits0
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.60 views

The Events Calendar <= 6.15.2 - Information Disclosure

The Events Calendar WordPress plugin = 6.15.2 contains an information disclosure vulnerability caused by REST endpoint exposure, letting unauthenticated attackers extract data about password-protected vendors or venues, exploit requires no authentication. id: CVE-2025-9808 info: name: The Events...

5.3CVSS6.2AI score0.00771EPSS
Exploits0References5
Schneier on Security
Schneier on Security
added 2026/01/21 12:5 p.m.3 views

Internet Voting is Too Insecure for Use in Elections

No matter how many times we say it, the idea comes back again and again. Hopefully, this letter will hold back the tide for at least a while longer. Executive summary: Scientists have understood for many years that internet voting is insecure and that there is no known or foreseeable technology...

5.6AI score
Exploits0
CERT
CERT
added 2025/12/17 12:0 a.m.21 views

Vulnerability in UEFI firmware modules prevents IOMMU initialization on some UEFI-based motherboards

Overview A newly identified vulnerability in some UEFI-supported motherboard models leaves systems vulnerable to early-boot DMA attacks across architectures that implement UEFI and IOMMU. Although the firmware indicates that DMA protection is active, it fails to correctly initialize the IOMMU...

7CVSS7.1AI score0.00314EPSS
Exploits0References7
Lenovo
Lenovo
added 2025/12/09 3:52 p.m.5 views

Multi-Vendor BIOS Security Vulnerabilities (December, 2025) - Lenovo Support US

No description provided...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/06 7:56 a.m.9 views

CVE-2025-12130

The WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.4. This is due to missing or incorrect nonce validation on the /vendordashboard/product/delete/ endpoint...

4.3CVSS5.3AI score0.00102EPSS
Exploits0References1
NVD
NVD
added 2025/12/05 8:15 a.m.3 views

CVE-2025-12130

The WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.4. This is due to missing or incorrect nonce validation on the /vendordashboard/product/delete/ endpoint...

4.3CVSS0.00102EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/05 7:26 a.m.1 views

CVE-2025-12130 WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors <= 2.6.4 - Cross-Site Request Forgery to Vendor Product Deletion

The WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.4. This is due to missing or incorrect nonce validation on the /vendordashboard/product/delete/ endpoint...

4.3CVSS4.9AI score0.00102EPSS
Exploits0References2
Rows per page
Query Builder