Lucene search
K

64 matches found

ATTACKERKB
ATTACKERKB
added last week8 views

CVE-2026-3462

The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'uploadcsv' and 'processbatch' functions in all versions up to, and including, 1.8.9. This makes it possible for authenticated attackers, with Subscriber-level access an...

6.5CVSS5.9AI score0.00276EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.11 views

PT-2026-53057

Name of the Vulnerable Software and Affected Versions Frisbii Pay versions prior to 1.9.0 Description Authenticated users with Subscriber-level access and above can perform unauthorized modification of data. This is caused by missing capability checks in the upload csv and process batch functions...

6.5CVSS5.9AI score0.00276EPSS
Exploits1References10
Cvelist
Cvelist
added 2026/06/26 12:0 a.m.21 views

CVE-2026-36908

A stack overflow in the AP4Array::EnsureCapacity component of axiomatic-systems Bento4 before v1.8.9allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

0.00142EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 11:16 a.m.17 views

CVE-2026-42762

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows DOM-Based XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through = 1.8.9...

7.1CVSS0.00142EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 11:16 a.m.13 views

CVE-2026-42737

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Path Traversal.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through = 1.8.9...

8.6CVSS0.00345EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 9:49 a.m.35 views

CVE-2026-42762 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows DOM-Based XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through = 1.8.9...

7.1CVSS0.00142EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 9:49 a.m.14 views

EUVD-2026-32209

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows DOM-Based XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through = 1.8.9...

7.1CVSS5.8AI score0.00142EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 9:49 a.m.17 views

CVE-2026-42737

CVE-2026-42737 affects the WordPress VikBooking Hotel Booking Engine & PMS plugin (≤1.8.9). The issue is an improper limitation of a pathname to a restricted directory (path traversal), enabling potential arbitrary file deletion. The CVSS 3.1 base score is 8.6 (HIGH) with Network attack, no user ...

8.6CVSS5.8AI score0.00345EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 9:49 a.m.9 views

CVE-2026-42737 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.9 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Path Traversal.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through = 1.8.9...

8.6CVSS5.8AI score0.00345EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 9:49 a.m.35 views

CVE-2026-42737 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.9 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Path Traversal.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through = 1.8.9...

8.6CVSS0.00345EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:49 a.m.9 views

CVE-2026-42737

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Path Traversal.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through = 1.8.9...

8.6CVSS5.8AI score0.00345EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/27 6:20 a.m.9 views

WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.10 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by dodoh4t in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions = 1.8.10...

8.6CVSS5.8AI score0.00345EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

WordPress plugin VikBooking Hotel Booking Engine & PMS 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.6CVSS5.8AI score0.00345EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

WordPress plugin VikBooking Hotel Booking Engine & PMS 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5.7AI score0.00142EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.14 views

PT-2026-43670

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows DOM-Based XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through = 1.8.9...

7.1CVSS5.8AI score0.00142EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.10 views

PT-2026-43649

Name of the Vulnerable Software and Affected Versions VikBooking Hotel Booking Engine & PMS versions prior to 1.9.0 Description An improper limitation of a pathname to a restricted directory, known as Path Traversal, allows access to files outside of the intended directory. Recommendations Update...

8.6CVSS5.8AI score0.00345EPSS
Exploits0References4
NVD
NVD
added 2025/12/24 1:16 p.m.4 views

CVE-2025-67622

Cross-Site Request Forgery CSRF vulnerability in titopandub Evergreen Post Tweeter evergreen-post-tweeter allows Stored XSS.This issue affects Evergreen Post Tweeter: from n/a through = 1.8.9...

7.1CVSS0.00097EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.10 views

PT-2025-53240

Name of the Vulnerable Software and Affected Versions titopandub Evergreen Post Tweeter versions through 1.8.9 Description A Cross-Site Request Forgery CSRF issue exists in titopandub Evergreen Post Tweeter, potentially allowing for Stored Cross-Site Scripting XSS. The issue affects the...

8.8CVSS5.6AI score0.00097EPSS
Exploits0References3
Snyk
Snyk
added 2025/12/02 6:44 a.m.3 views

Command Injection

Overview rxiv-maker is a Write scientific preprints in Markdown. Generate publication-ready PDFs efficiently. Affected versions of this package are vulnerable to Command Injection due to improper handling of shell commands. The upgrade command uses shell=True, which allows shell injection...

9.8CVSS7.3AI score
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-0832

Malware in sbrugna...

7.5CVSS6.4AI score0.01063EPSS
Exploits0References5
Rows per page
Query Builder