Lucene search
K

383 matches found

CVE
CVE
added 2 days ago11 views

CVE-2026-12734

The weDocs WordPress plugin (Authenticated access level: Contributor+) is vulnerable to Stored XSS via the connectorWidth Block Attribute in all versions up to and including 2.3.0. The root cause is insufficient input sanitization and output escaping. Impact: injected scripts can execute when use...

6.4CVSS5.9AI score0.00206EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-41467

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'connectorWidth' Block Attribute in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes i...

6.4CVSS5.9AI score0.00206EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in libcue

Libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and earlier are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a CUE sheet from a malicious webpage. Since the file is saved to /Downloads, it...

8.8CVSS7.3AI score0.1657EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/18 5:34 a.m.10 views

EUVD-2026-37845

The PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.3.0 via the 'ruleid' parameter due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS5.1AI score0.0026EPSS
Exploits0References16
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2025-210257

Unauthenticated Local File Inclusion in Fortius = 2.3.0 versions...

8.1CVSS5.1AI score0.00348EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/17 4:50 p.m.7 views

WordPress PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin plugin <= 2.3.0 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Modification vulnerability

Insecure Direct Object Reference to Authenticated Custom+ Arbitrary Modification vulnerability discovered by Truong Tran in WordPress Plugin PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin versions = 2.3.0...

4.3CVSS5.3AI score0.0026EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/15 8:18 p.m.10 views

CVE-2026-40782

CVE-2026-40782 : Unauthenticated Broken Access Control in WordPress WPAdverts plugin (versions

6.5CVSS5.1AI score0.00242EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.10 views

PT-2026-49423

Unauthenticated Broken Access Control in WPAdverts = 2.3.0 versions...

6.5CVSS5.1AI score0.00242EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 12:0 a.m.33 views

CVE-2026-36719

An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, via enumerating user IDs...

0.00321EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.8 views

CVE-2026-35599

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the addRepeatIntervalToTime function uses an On loop that advances a date by the task's RepeatAfter duration until it exceeds the current time. By creating a repeating task with a 1-second interval and a due date far ...

6.5CVSS5.4AI score0.00347EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.9 views

CVE-2026-39885

FrontMCP is a TypeScript-first framework for the Model Context Protocol MCP. Prior to 2.3.0, the mcp-from-openapi library uses @apidevtools/json-schema-ref-parser to dereference $ref pointers in OpenAPI specifications without configuring any URL restrictions or custom resolvers. A malicious OpenA...

7.5CVSS5.4AI score0.00319EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.6 views

Cactus Image Viewer 安全漏洞

Cactus Image Viewer is a Windows single-file image viewing tool developed by Wassim Alhajomar. Version 2.3.0 of Cactus Image Viewer has a security vulnerability caused by DLL hijacking, which may allow attackers to elevate privileges and execute arbitrary code through a specially crafted DLL...

7.8CVSS5.9AI score0.00137EPSS
Exploits0References4
CVE
CVE
added 2026/06/03 12:0 a.m.20 views

CVE-2026-36574

CVE-2026-36574 describes a DLL hijacking vulnerability in Wassimulator’s CactusViewer v2.3.0. The issue, rooted in DLL loading, enables local privilege escalation and arbitrary code execution. The CVSS details indicate LOCAL attack vector, no privileges required, but user interaction is required,...

7.8CVSS6.2AI score0.00137EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/05/26 5:46 a.m.10 views

WordPress Fortius theme <= 2.3.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Fortius versions = 2.3.0...

5.8AI score0.00348EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/05/25 10:18 p.m.21 views

CVE-2026-45438 WordPress Smart Coupons for WooCommerce plugin < 2.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in WebToffee Smart Coupons for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Smart Coupons for WooCommerce: from n/a before 2.3.0...

7.5CVSS0.00289EPSS
Exploits0References1
CVE
CVE
added 2026/05/25 10:18 p.m.34 views

CVE-2026-45438

CVE-2026-45438 affects the WordPress plugin Smart Coupons for WooCommerce : versions before 2.3.0. The issue is a Missing Authorization / Broken Access Control vulnerability where access control is incorrectly configured, allowing bypass of authorization checks and potential unauthorized actions....

7.5CVSS5.8AI score0.00289EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/01 9:16 a.m.6 views

WordPress Restrict – membership, site, content and user access restrictions for WordPress plugin <= 2.3.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Restrict versions = 2.3.0...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/14 7:23 p.m.4 views

CVE-2026-35600

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, task titles are embedded directly into Markdown link syntax in overdue email notifications without escaping Markdown special characters. When rendered by goldmark and sanitized by bluemonday which allows and tags,...

5.4CVSS5.8AI score0.00195EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/14 7:23 p.m.4 views

CVE-2026-35602

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the Vikunja file import endpoint uses the attacker-controlled Size field from the JSON metadata inside the import zip instead of the actual decompressed file content length for the file size enforcement check. By...

7.1CVSS5.7AI score0.00338EPSS
Exploits1References1
CVE
CVE
added 2026/04/13 12:45 a.m.8 views

CVE-2026-6141

The CVE-2026-6141 entry affects danielmiessler Personal_AI_Infrastructure up to version 2.3.0, targeting an unknown function in Skills/Parser/Tools/parse_url.ts. The vulnerability allows remote OS command injection via manipulation of that function. The exploit has been publicly disclosed, and a ...

6.5CVSS6.3AI score0.0111EPSS
Exploits0References7
Rows per page
Query Builder