Lucene search
K

255 matches found

NVD
NVD
added 2026/06/19 6:17 a.m.17 views

CVE-2026-7547

The Woosa – Marktplaats for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in versions up to and including 2.0.4. This is due to insufficient path sanitization in the renderlogsui function, which accepts a base64-encoded file name from the 'logfile' GET...

4.9CVSS0.00397EPSS
Exploits0References8
NVD
NVD
added 2026/06/09 9:16 a.m.13 views

CVE-2026-8599

The MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Campaign HTML Content Field in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This makes...

6.4CVSS0.00234EPSS
Exploits0References11
CVE
CVE
added 2026/06/09 7:49 a.m.24 views

CVE-2026-8599

The CVE covers the WordPress plugin MailerPress (Email Marketing, Newsletter, Email Automation & WooCommerce Emails) with stored XSS in Campaign HTML Content Field across versions up to 2.0.4. Exploitation requires author-level access (authenticated, Author+), and affects pages loaded in the admi...

6.4CVSS5.7AI score0.00234EPSS
Exploits0References11
EUVD
EUVD
added 2026/06/09 3:41 a.m.12 views

EUVD-2026-35308

The AJAX Report Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation on the rcoptionspage function. This makes it possible for unauthenticated attackers to modify plugin settings...

4.3CVSS5.4AI score0.00124EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/08 7:47 p.m.8 views

WordPress MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin <= 2.0.4 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Faizan Shaik in WordPress Plugin MailerPress versions = 2.0.4...

6.4CVSS5.4AI score0.00234EPSS
Exploits0References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/24 11:5 a.m.13 views

Malicious code in power-apps (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f68653eed66e7343973bc919788864990337f7645072d32a9d7465d4bf4ff4e7 On npm install, postinstall.js executes whoami, id, and reads os.hostname, os.platform, process.cwd, and CI/GitHub environment variables, then sends...

5.8AI score
Exploits0References3
NVD
NVD
added 2026/05/21 8:16 a.m.14 views

CVE-2026-44048

A stack-based buffer overflow via UCS-2 type confusion in convertcharset in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service...

8.8CVSS0.00418EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/11 4:2 p.m.12 views

Malicious code in @cplace-workflow-fe/cf-workflow (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa219c5fdaf0ec8e6e0467fb1f23bfde9a07c18276187464062943e612848781 The package @cplace-workflow-fe/cf-workflow was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2026/04/12 12:0 a.m.5 views

CowAgent 访问控制错误漏洞

CowAgent is an intelligent assistant and scalable agent framework developed by zhayujie’s individual developer. Version 2.0.4 of CowAgent contains a vulnerability related to access control. This vulnerability stems from the lack of authentication in the Administrative HTTP Endpoint component, whi...

7.5CVSS7.2AI score0.00397EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.6 views

CowAgent 路径遍历漏洞

CowAgent is an intelligent assistant and scalable agent framework developed by zhayujie’s individual developer. Versions of CowAgent 2.0.4 and earlier had a path traversal vulnerability. This vulnerability stemmed from incorrect handling of the parameter filename in the file...

6.9CVSS6.1AI score0.00632EPSS
Exploits0References7
EUVD
EUVD
added 2026/03/25 6:31 p.m.2 views

EUVD-2026-15776

Use of Hard-coded Credentials vulnerability in Addi Addi Cuotas que se adaptan a ti buy-now-pay-later-addi allows Password Recovery Exploitation.This issue affects Addi Cuotas que se adaptan a ti: from n/a through = 2.0.4...

5.8AI score0.00238EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.3 views

PT-2026-27973

Name of the Vulnerable Software and Affected Versions Addi – Cuotas que se adaptan a ti versions n/a through 2.0.4 Description A flaw exists in Addi – Cuotas que se adaptan a ti buy-now-pay-later-addi that allows for exploitation of the password recovery function due to the use of hard-coded...

7.5CVSS5.9AI score0.00238EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.6 views

Drupal Material Icons 安全漏洞

Drupal Material Icons is a module provided by the Drupal company that offers interface icon display and management functions. Versions of Drupal Material Icons prior to 2.0.4 contained security vulnerabilities, which were caused by improper authorization and could lead to forced browsing...

5.3CVSS5.8AI score0.00223EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/10 11:21 a.m.5 views

WordPress Addi – Cuotas que se adaptan a ti plugin <= 2.0.4 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Addi Cuotas que se adaptan a ti versions = 2.0.4...

7.5CVSS5.8AI score0.00238EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/06 12:19 p.m.3 views

CVE-2018-25176 Alive Parish 2.0.4 SQL Injection and Arbitrary File Upload

Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the key parameter in the search endpoint. Attackers can also upload arbitrary files via the person photo upload functionality to th...

8.8CVSS6.3AI score0.00204EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.8 views

PT-2026-23688

Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the key parameter in the search endpoint. Attackers can also upload arbitrary files via the person photo upload functionality to th...

8.8CVSS6.3AI score0.00204EPSS
Exploits0References3
OSV
OSV
added 2026/02/26 7:54 p.m.6 views

GHSA-R5MX-6WC6-7H9W dottie is vulnerable to Prototype Pollution bypass via non-first path segments in set() and transform()

Summary dottie versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The prototype pollution guard introduced in commit 7d3aee1 only validates the first segment of a dot-separated path, allowing an attacker to bypass the protection by placing proto at any position other than...

6.3CVSS7.1AI score0.00303EPSS
Exploits2References5
Cvelist
Cvelist
added 2026/02/26 12:19 a.m.26 views

CVE-2026-27837 Dottie vulnerable to prototype pollution bypass via non-first path segments in set() and transform()

Dottie provides nested object access and manipulation in JavaScript. Versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The prototype pollution guard introduced in commit 7d3aee1 only validates the first segment of a dot-separated path, allowing an attacker to bypass the...

6.3CVSS0.00303EPSS
Exploits2References3
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.10 views

dottie 安全漏洞

Dottie is an application developed by Mick Hansen that allows for easy searching of nested keys. Versions 2.0.4 to 2.0.6 of Dottie contain security vulnerabilities, which stem from incomplete prototype pollution protection mechanisms. These vulnerabilities could lead to bypassing the protection...

9.8CVSS7.3AI score0.00303EPSS
Exploits2References3
NVD
NVD
added 2026/01/22 5:16 p.m.3 views

CVE-2025-66135

Missing Authorization vulnerability in merkulove Imager for Elementor imager-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Imager for Elementor: from n/a through = 2.0.4...

5.4CVSS0.0022EPSS
Exploits0References1
Rows per page
Query Builder