Lucene search
K

536 matches found

NVD
NVD
added 3 days ago7 views

CVE-2026-7517

The Custom Payment Gateways for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'algwccpginputfields' parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS0.00247EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/26 11:2 p.m.8 views

EUVD-2026-36600

Nezha Monitoring: Stored future DDNS profile ID allows unauthorized use of another user's DDNS profile context...

6.4CVSS5.8AI score0.00227EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2026-57638

Contributor Cross Site Scripting XSS in Fluent Booking = 2.1.0 versions...

6.5CVSS0.00161EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:12 p.m.10 views

CVE-2026-54844

The CVE-2026-54844 entry concerns WordPress CheckView Automated Testing plugin (versions

7.5CVSS5.8AI score0.00238EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.6 views

PT-2026-52421

Name of the Vulnerable Software and Affected Versions CheckView Automated Testing versions prior to 2.1.1 Description An unauthenticated broken access control issue exists, allowing unauthorized users to bypass security restrictions. Recommendations Update CheckView Automated Testing to version...

7.5CVSS5.8AI score0.00238EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 12:16 a.m.8 views

CVE-2026-6458

Missing cryptographic step in Caliptra Core Firmware aes256gcmupdate module results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardware GHASH accumulator state is not saved after the first update call, causing the final tag to exclude th...

5.1CVSS0.00128EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 11:50 p.m.10 views

CVE-2026-5818

The CVE-2026-5818 entry concerns the Caliptra Core Runtime Firmware and describes an incorrect return-value check in ActivateFirmwareCmd::activate_fw modules, which allows bypassing the Core’s verification of MCU firmware during a hitless update. Affected versions are Core Runtime Firmware 2.0.0 ...

7.2CVSS5.8AI score0.00155EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 11:49 p.m.31 views

CVE-2026-6458 AES-256-GCM Authentication Tag Does Not Cover First Ciphertext Blocks When AAD Is Empty

Missing cryptographic step in Caliptra Core Firmware aes256gcmupdate module results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardware GHASH accumulator state is not saved after the first update call, causing the final tag to exclude th...

5.1CVSS0.00128EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 10:16 p.m.12 views

CVE-2026-53521

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, PATCH /server/id accepts and persists nonexistent ddnsprofiles IDs for a member-owned server. If another user later creates a DDNS profile with one of those...

6.4CVSS0.00227EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 9:4 p.m.27 views

CVE-2026-53521 Nezha Monitoring: Stored future DDNS profile ID allows unauthorized use of another user's DDNS profile context

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, PATCH /server/id accepts and persists nonexistent ddnsprofiles IDs for a member-owned server. If another user later creates a DDNS profile with one of those...

6.4CVSS0.00227EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 9:4 p.m.18 views

CVE-2026-53521

CVE-2026-53521 affects Nezha Monitoring. From versions 2.0.14 up to before 2.1.0, PATCH /server/{id} accepts and persists nonexistent ddns_profiles IDs for a member-owned server. If another user later creates a DDNS profile with one of those IDs, the DDNS worker resolves the stored ID and dispatc...

6.4CVSS5.3AI score0.00227EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 9:3 p.m.43 views

CVE-2026-53520

Nezha Monitoring before 2.1.0 (vulnerable 2.0.14–pre-2.1.0) allows authenticated users to claim the dashboard Host via NAT and preempt all dashboard routing. CVSS 3.1 base score 6.5 (I: None, A: High). Patch: upgrade to 2.1.0. If upgrading is not feasible, apply the vendor advisory guidance from ...

6.5CVSS5.3AI score0.00282EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/05 11:28 p.m.9 views

CVE-2026-8608 Event Monster <= 2.1.0 - Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass via em_capture_payment AJAX Action

The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This is due to the capturepayment AJAX handler registered via wpajaxnoprivemcapturepayment trusting...

5.3CVSS5.6AI score0.00165EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.10 views

CVE-2026-48877

Insertion of Sensitive Information Into Sent Data vulnerability in Tom GenerateBlocks allows Retrieve Embedded Sensitive Data. This issue affects GenerateBlocks: from n/a through 2.1.0...

6.5CVSS5.4AI score0.00298EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

WordPress plugin GenerateBlocks 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

6.5CVSS5.8AI score0.00298EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.17 views

PT-2026-43118

Name of the Vulnerable Software and Affected Versions Apache Shiro versions 1.0 through 2.1.0 Apache Shiro version 3.0.0-alpha-1 Description Default configurations contain a session fixation issue. In the affected versions, when a session already exists, it is not invalidated upon successful logi...

6.5CVSS5.8AI score0.00412EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/21 7:34 a.m.41 views

CVE-2026-44067 EA header parsing heap over-read

A heap over-read in extended attribute EA header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause a minor service disruption via crafted EA data...

4.2CVSS0.00292EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/21 7:34 a.m.41 views

CVE-2026-44052 LDAP simple-bind password exposure in log output

Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials...

7.5CVSS0.00245EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.13 views

PT-2026-42419

Name of the Vulnerable Software and Affected Versions Netatalk versions 2.1.0 through 4.4.2 Description An LDAP injection allows a remote authenticated attacker to manipulate LDAP queries. By providing crafted filter input, an attacker can obtain limited information or modify LDAP entries. LDAP...

4.2CVSS5.8AI score0.00213EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.6 views

SUSE CVE-2026-44312

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

5.8CVSS5.8AI score0.00146EPSS
Exploits0References3
Rows per page
Query Builder