Lucene search
K

799 matches found

NVD
NVD
added 3 days ago9 views

CVE-2026-12349

The Premium Addons for KingComposer plugin for WordPress is vulnerable to unauthorized modification and loss of data in versions up to, and including, 1.1.1. This is due to missing authorization and capability checks on the addcustomsidebar and removecustomsidebar AJAX handlers, both of which are...

5.3CVSS0.00239EPSS
Exploits0References6
CVE
CVE
added 3 days ago13 views

CVE-2026-12349

The CVE-2026-12349 entry concerns the WordPress plugin Premium Addons for KingComposer (versions up to and including 1.1.1). It describes missing authorization and capability checks on two AJAX handlers, add_custom_sidebar() and remove_custom_sidebar(), which are exposed via wp_ajax_nopriv_* and ...

5.3CVSS5.9AI score0.00239EPSS
Exploits0References6
EUVD
EUVD
added 3 days ago3 views

EUVD-2026-40252

The Premium Addons for KingComposer plugin for WordPress is vulnerable to unauthorized modification and loss of data in versions up to, and including, 1.1.1. This is due to missing authorization and capability checks on the addcustomsidebar and removecustomsidebar AJAX handlers, both of which are...

5.3CVSS5.9AI score0.00239EPSS
Exploits0References6
Patchstack
Patchstack
added 4 days ago5 views

WordPress Premium Addons for KingComposer plugin <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Custom Sidebar Creation and Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Custom Sidebar Creation and Deletion vulnerability discovered by Eason - The University of Sydney in WordPress Plugin Premium Addons for KingComposer versions = 1.1.1...

5.3CVSS5.8AI score0.00239EPSS
Exploits0References1Affected Software1
OSV
OSV
added 4 days ago4 views

PYSEC-2026-371 Open Source Kubectl MCP Server vulnerable to arbitrary code execution via user interaction with crafted HTML page

An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page...

9.8CVSS6.2AI score0.00578EPSS
Exploits0References6
EUVD
EUVD
added last week8 views

EUVD-2026-38060

js-toml vulnerable to CPU exhaustion via On^2 BigInt construction on radix-prefixed integer literals...

7.5CVSS5.8AI score0.00415EPSS
Exploits1References4
NVD
NVD
added 2026/06/19 7:16 p.m.13 views

CVE-2026-49293

js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. Versions up to and including 1.1.0 parse hexadecimal / octal / binary integer literals via a hand-written parseBigInt loop that multiplies a BigInt accumulator by the radix once per input digit. Each iteration...

7.5CVSS0.00415EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/19 6:14 p.m.4 views

CVE-2026-49293

js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. Versions up to and including 1.1.0 parse hexadecimal / octal / binary integer literals via a hand-written parseBigInt loop that multiplies a BigInt accumulator by the radix once per input digit. Each iteration...

7.5CVSS5.8AI score0.00415EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2026-37601

Subscriber Arbitrary File Upload in Charity Zone = 1.1.1 versions...

9.9CVSS5.2AI score0.00434EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 2:17 p.m.9 views

CVE-2026-40752

Unauthenticated PHP Object Injection in Manufaktur Solutions = 1.1.1 versions...

8.1CVSS0.00308EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.8 views

EUVD-2026-37695

Unauthenticated PHP Object Injection in Manufaktur Solutions = 1.1.1 versions...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.17 views

CVE-2026-40752 WordPress Manufaktur Solutions theme <= 1.1.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Manufaktur Solutions = 1.1.1 versions...

8.1CVSS0.00308EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:51 a.m.27 views

CVE-2026-40749 WordPress Charity Zone theme <= 1.1.1 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Charity Zone = 1.1.1 versions...

9.9CVSS0.00434EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:51 a.m.14 views

CVE-2026-40749

The CVE covers the WordPress Charity Zone theme (versions &lt;= 1.1.1) with a Subscriber Arbitrary File Upload vulnerability. The underlying issue enables arbitrary files to be uploaded due to insecure handling in Charity Zone

9.9CVSS5.2AI score0.00434EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 11:35 p.m.21 views

CVE-2026-48797 Backpropagate: backprop ui --auth and backprop ui --share do not enforce authentication

Backpropagate is a Python library for fine-tuning large language models on a single GPU. In versions 1.1.0 and 1.1.1, the optional Reflex web UI exposes a training control plane without authentication: dataset upload, model load, training start/stop, multi-run orchestration, GGUF export, and...

9.3CVSS0.00324EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-50132

Name of the Vulnerable Software and Affected Versions Backpropagate versions 1.1.0 through 1.1.1 Description The optional Reflex web UI exposes a training control plane without authentication, despite CLI flags --auth and --share suggesting that security controls are active. The Reflex backend...

9.3CVSS6AI score0.00324EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/15 9:30 p.m.8 views

EUVD-2026-36908

Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms = 1.1.1 versions...

9.8CVSS5.3AI score0.00476EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.7 views

EUVD-2025-210163

Subscriber Broken Access Control in Bookify = 1.1.1 versions...

6.5CVSS5.1AI score0.00326EPSS
Exploits0References2
CVE
CVE
added 2026/06/15 8:17 p.m.17 views

CVE-2026-9691

The WordPress plugin “Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms” (vendor: WordPress ecosystem; affected component: PHP object injection vulnerability) is vulnerable in versions

9.8CVSS5.3AI score0.00476EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.25 views

CVE-2025-69332 WordPress Bookify plugin <= 1.1.1 - Broken Access Control vulnerability

Subscriber Broken Access Control in Bookify = 1.1.1 versions...

6.5CVSS0.00326EPSS
Exploits0References1
Rows per page
Query Builder