Lucene search
+L

926 matches found

OSV
OSV
added 5 days ago9 views

JLSEC-2026-687 With TLS 1.2 connections a client can use any digest, specifically a weaker digest that is...

With TLS 1.2 connections a client can use any digest, specifically a weaker digest that is supported, rather than those in the CertificateRequest...

5.4CVSS6.1AI score0.00127EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/11 12:31 a.m.5 views

EUVD-2026-43053

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Flag attendance field allows Object Injection. This issue affects Flag attendance field versions: from 0.0.0 to 1.2...

6.1AI score0.00307EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/10 4:31 a.m.7 views

EUVD-2026-42790

The Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'insappuploadimageasattachment' function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

9.8CVSS6.7AI score0.00744EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.14 views

PT-2026-55051

Name of the Vulnerable Software and Affected Versions Surbma | Yoast SEO Breadcrumb Shortcode versions prior to 1.3 Description Cross Site Scripting XSS allows an attacker with contributor privileges to execute malicious scripts in the browser of other users. XSS is a security flaw where an...

6.5CVSS6AI score0.00139EPSS
Exploits0References4
NVD
NVD
added 2026/06/17 1:20 p.m.13 views

CVE-2026-40751

Unauthenticated PHP Object Injection in Ashtanga = 1.2 versions...

8.1CVSS0.0032EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-39578

Unauthenticated PHP Object Injection in Valiance = 1.2 versions...

5.5CVSS0.0027EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:57 p.m.20 views

CVE-2026-40751

CVE-2026-40751 affects WordPress Theme Ashtanga versions

8.1CVSS5.3AI score0.0032EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.27 views

CVE-2026-40751 WordPress Ashtanga theme <= 1.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Ashtanga = 1.2 versions...

8.1CVSS0.0032EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.27 views

CVE-2026-39578 WordPress Valiance theme <= 1.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Valiance = 1.2 versions...

5.5CVSS0.0027EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:16 a.m.11 views

CVE-2026-8883

The Global Body Mass Index Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gbmicalc' shortcode in versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes in the...

6.4CVSS0.00188EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/09 3:41 a.m.33 views

CVE-2026-8883 Global Body Mass Index Calculator <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Global Body Mass Index Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gbmicalc' shortcode in versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes in the...

6.4CVSS0.00188EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

WordPress plugin Global Body Mass Index Calculator 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.4AI score0.00188EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.11 views

CVE-2026-7659

The Advanced Social Media Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the social shortcode in all versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.7AI score0.00242EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 2:16 p.m.18 views

CVE-2019-25726

All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send requests to the admin interface with UNION-based SQL injection payloads in the id...

8.8CVSS0.0027EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/28 5:30 a.m.39 views

CVE-2026-9644 LiveSmart Video Chat <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The LiveSmart Video Chat Live Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'livesmartwidget' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00156EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/28 5:30 a.m.14 views

CVE-2026-9644 LiveSmart Video Chat <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The LiveSmart Video Chat Live Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'livesmartwidget' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS6AI score0.00156EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

WordPress plugin Genzel breadcrumbs 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

4.3CVSS5.8AI score0.00128EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/05/26 5:21 p.m.13 views

WordPress Genzel breadcrumbs plugin <= 1.2 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin Genzel breadcrumbs versions = 1.2...

4.3CVSS5.8AI score0.00128EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.11 views

Alloksoft Fast AVI MPEG Splitter 安全漏洞

Alloksoft Fast AVI MPEG Splitter is a multimedia processing tool developed by Alloksoft Corporation, capable of quickly splitting and trimming video files in formats such as AVI and MPEG. Version 1.2 of Alloksoft Fast AVI MPEG Splitter contains a security vulnerability. This vulnerability stems...

8.6CVSS6.4AI score0.00148EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.29 views

PT-2026-40787

Three CVEs CVE-2026-29774, CVE-2026-30015, CVE-2026-30221 exploited the fact that the protocol did not, in version 1.2, canonicalize tool names. Multiple servers in the same session could expose tools named, respectively: readfile the legitimate filesystem server…...

8.2CVSS5.8AI score0.00323EPSS
Exploits1References1
Rows per page
Query Builder