Lucene search
K

185 matches found

Patchstack
Patchstack
added 2026/06/25 8:40 a.m.6 views

WordPress Elementor Website Builder plugin <= 4.1.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Steven Julian in WordPress Plugin Elementor Website Builder versions = 4.1.3...

6.5CVSS5.8AI score0.0027EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52439

Contributor Sensitive Data Exposure in Elementor Website Builder = 4.1.3 versions...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/20 3:46 p.m.11 views

Weak Password Recovery Mechanism for Forgotten Password

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password via the updatePassword process. An attacker can gain unauthorized access to any user account,...

8.8CVSS5.8AI score0.00324EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/05/19 10:51 a.m.11 views

WordPress Presto Player plugin <= 4.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Presto Player versions = 4.1.3...

4.3CVSS5.8AI score0.00238EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.6 views

Helm 路径遍历漏洞

Helm is a Kubernetes package manager offered by the CNCF foundation. Versions of Helm prior to 4.1.3 have a path traversal vulnerability. This vulnerability arises because custom Helm plugins may write their content to any position in the file system...

8.6CVSS5.8AI score0.00158EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.1 views

CVE-2026-24993 WordPress Advanced WooCommerce Product Sales Reporting plugin <= 4.1.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-statistics allows Blind SQL Injection.This issue affects Advanced WooCommerce Product Sales Reporting: fro...

9.3CVSS5.9AI score0.00283EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.27 views

CVE-2026-24993 WordPress Advanced WooCommerce Product Sales Reporting plugin <= 4.1.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-statistics allows Blind SQL Injection.This issue affects Advanced WooCommerce Product Sales Reporting: fro...

9.3CVSS0.00283EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.5 views

PT-2026-27878

Name of the Vulnerable Software and Affected Versions WPFactory Advanced WooCommerce Product Sales Reporting versions through 4.1.3 Description The software contains a flaw due to improper neutralization of special elements within SQL commands, leading to a Blind SQL Injection condition. This...

9.3CVSS5.9AI score0.00283EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/03/18 11:6 a.m.3 views

WordPress Advanced WooCommerce Product Sales Reporting plugin <= 4.1.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Que Thanh Tuan in WordPress Plugin Advanced WooCommerce Product Sales Reporting versions = 4.1.3...

9.3CVSS5.9AI score0.00283EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/03/05 6:16 a.m.7 views

CVE-2026-27984

Improper Control of Generation of Code 'Code Injection' vulnerability in Marketing Fire Widget Options widget-options allows Code Injection.This issue affects Widget Options: from n/a through = 4.1.3...

9CVSS0.0027EPSS
Exploits0References1
CVE
CVE
added 2026/03/05 5:54 a.m.14 views

CVE-2026-27984

CVE-2026-27984 is a code injection (RCE) vulnerability in the Widget Options: Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin (Widget Options) affecting versions up to 4.1.3. The issue stems from improper control of code generation, enabling remote code execution. Th...

9CVSS6AI score0.0027EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.15 views

WordPress plugin Widget Options 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

9CVSS5.9AI score0.0027EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.5 views

PT-2026-23274

Improper Control of Generation of Code 'Code Injection' vulnerability in Marketing Fire Widget Options widget-options allows Code Injection.This issue affects Widget Options: from n/a through = 4.1.3...

6AI score0.0027EPSS
Exploits0References2
OSV
OSV
added 2026/03/04 10:5 p.m.10 views

CVE-2026-26002 OnDemand susceptible to malicious input when navigating to a directory.

Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain susceptible...

8.7CVSS5.8AI score0.00533EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.8 views

Open OnDemand 注入漏洞

Open OnDemand is an open-source software developed by the Ohio Supercomputer Center, designed for open-ended interactive HPC through web-based interfaces. Versions of Open OnDemand prior to 4.0.9 and 4.1.3 contained a vulnerability due to improper handling of malicious inputs by the Files...

9.8CVSS5.8AI score0.00533EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.10 views

PT-2026-23070

Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain susceptible...

8.7CVSS5.8AI score0.00533EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 12:34 p.m.7 views

CVE-2023-45903

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/label/delete...

8.8CVSS7.5AI score0.00324EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.4 views

WordPress plugin WordPress plugin Kerge 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plug...

5.4CVSS6.9AI score0.00176EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-8823

Malware in sbrugna...

8.8CVSS8.8AI score0.01138EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-26940

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00202EPSS
Exploits0References1
Rows per page
Query Builder