Lucene search
K

532 matches found

EUVD
EUVD
added 2026/06/15 9:30 p.m.9 views

EUVD-2026-36978

Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi Save Entries, File Upload & Country Code Field = 1.0.6 versions...

8.6CVSS5.3AI score0.00442EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.4 views

CVE-2026-40769

Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi Save Entries, File Upload & Country Code Field = 1.0.6 versions...

8.6CVSS0.00442EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:18 p.m.7 views

CVE-2026-45437 WordPress Product Filter Widget for Elementor plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Product Filter Widget for Elementor = 1.0.6 versions...

7.1CVSS5.2AI score0.00175EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 8:16 p.m.9 views

CVE-2026-50880

An issue in the sendmail transport integration component of YouTransfer v1.0.6 allows attackers to execute arbitrary code via supplying a crafted request...

9.8CVSS0.00476EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.7 views

PT-2026-49413

Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi Save Entries, File Upload & Country Code Field = 1.0.6 versions...

8.6CVSS5.3AI score0.00442EPSS
Exploits0References2
CVE
CVE
added 2026/06/15 12:0 a.m.13 views

CVE-2026-50880

CVE-2026-50880 affects YouTransfer v1.0.6, specifically the sendmail transport integration component. The issue allows an attacker to execute arbitrary code by sending a crafted request. The cybersecurity metadata indicates a critical impact (CVSS 3.1: 9.8, AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). C...

9.8CVSS5.9AI score0.00476EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.28 views

CVE-2026-50880

An issue in the sendmail transport integration component of YouTransfer v1.0.6 allows attackers to execute arbitrary code via supplying a crafted request...

0.00476EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 1:50 p.m.7 views

CVE-2026-6853 OTP Bypass in Başbelen Group's Pause+ Mobile App

Improper restriction of excessive authentication attempts vulnerability in Başbelen Group Food Cafe Businesses Industry and Trade Ltd. Co. Pause+ Mobile App allows Authentication Bypass. This issue affects Pause+ Mobile App: from v1.0.6 before v1.5...

9.8CVSS5.2AI score0.00346EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 1:50 p.m.12 views

CVE-2026-6853

CVE-2026-6853 describes an authentication bypass in Başbelen Group Pause+ Mobile App caused by improper restriction of excessive authentication attempts. Affected versions are Pause+ Mobile App prior to 1.5 (v1.0.6 up to, but not including, 1.5). The CVSS 3.1 base score is 9.8 (CRITICAL), with NE...

9.8CVSS5.3AI score0.00346EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:16 a.m.9 views

CVE-2026-11603

The Product Filter Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 'argsfilterFormArray' Parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS0.00205EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 3:41 a.m.10 views

EUVD-2026-35316

The Product Filter Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 'argsfilterFormArray' Parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS5.7AI score0.00205EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.14 views

WordPress plugin Product Filter Widget for Elementor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

6.1CVSS5.2AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.9 views

CVE-2026-5715

The Voyage Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'post-content' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

6.4CVSS5.7AI score0.00187EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.10 views

CVE-2026-40979

In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

6.1CVSS5.4AI score0.00105EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.9 views

CVE-2026-40978

SQL injection vulnerability in Spring AI's CosmosDBVectorStore allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

8.8CVSS6AI score0.00338EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.10 views

CVE-2026-39371

RedwoodSDK is a server-first React framework. From 1.0.0-beta.50 to 1.0.5, erver functions exported from "use server" files could be invoked via GET requests, bypassing their intended HTTP method. In cookie-authenticated applications, this allowed cross-site GET navigations to trigger...

8.1CVSS5.3AI score0.0021EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.6 views

@diogoxiang/utils (=1.0.0) potentially affected by unknown CVE via @antv/torch (=1.0.6)

@antv/torch NPM version =1.0.6 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/torch and may be impacted: - @diogoxiang/utils =1.0.0 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVTORCH-16754422...

5.5AI score
Exploits0
EUVD
EUVD
added 2026/05/12 9:31 a.m.10 views

EUVD-2026-29400

The Voyage Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'post-content' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

6.4CVSS6AI score0.00187EPSS
Exploits0References4
NVD
NVD
added 2026/05/12 9:16 a.m.17 views

CVE-2026-5715

The Voyage Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'post-content' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

6.4CVSS0.00187EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/12 7:48 a.m.43 views

CVE-2026-5715 Voyage Plus <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'post-content' Shortcode

The Voyage Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'post-content' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

6.4CVSS0.00187EPSS
Exploits0References3
Rows per page
Query Builder