Lucene search
K

938 matches found

Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-56292 Joomla Extension - acymailing.com - SQL Injection in AcyMailing extension < 10.11.1

A SQLi vulnerability in AcyMailing component 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage...

9.2CVSS0.00263EPSS
Exploits1References2
EUVD
EUVD
added 2026/07/03 10:19 a.m.8 views

EUVD-2026-41530

A vulnerability exists in the Kong Konnect Model Context Protocol MCP server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests...

7.4CVSS6.1AI score0.00258EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.6 views

Mozilla Thunderbird < 152.0.1

The version of Thunderbird installed on the remote Windows host is prior to 152.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-63 advisory. - An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content, phishing...

6.5CVSS6.2AI score0.00203EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/28 6:37 p.m.11 views

CVE-2026-49048 Joomla Extension - joomcoder.com - Unauthenticated SQL Injection in JoomCCK extension for Joomla < 6.4.1

The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation...

8.7CVSS5.8AI score0.00505EPSS
Exploits1References1
CVE
CVE
added 2026/06/26 2:52 p.m.11 views

CVE-2026-56045

The CVE-2026-56045 entry applies to the WordPress Automatic plugin versions earlier than 3.135.1, with an unauthenticated Cross Site Scripting (XSS) vulnerability. Affected software: WordPress Automatic plugin (

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.21 views

CVE-2025-68064

CVE-2025-68064 concerns a Local File Inclusion vulnerability in the WordPress Goya Core plugin, versions earlier than 1.0.9.4. The issue arises from a faulty file path handling in the plugin, enabling an attacker to access sensitive files. The CVSS 3.1 vector indicates remote access with high imp...

7.5CVSS5.8AI score0.0032EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 6:0 a.m.36 views

CVE-2026-9709 Themeco Cornerstone < 7.8.9 (Premium, bundled with X Theme) - Subscriber+ Arbitrary User Meta Disclosure

The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST API routes, allowing any authenticated user to disclose the metadata of any other user, including roles, session token previews and stored billing/shipping fields. This affects the premium co...

0.00219EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.39 views

CVE-2026-8705 ClearSale Total <= 3.4.2 - Unauthenticated SQL Injection

The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the pagsegurometodo POST parameter of the clearsaletotalpush AJAX action in all versions up to, and including, 3.4.2. The handler is registered for unauthenticated users wpajaxnoprivclearsaletotalpush, and although a...

7.5CVSS0.00505EPSS
Exploits0References6
CBLMariner
CBLMariner
added 2026/06/24 1:46 a.m.6 views

CVE-2026-39821 affecting package golang for versions less than 1.25.11-2

CVE-2026-39821 affecting package golang for versions less than 1.25.11-2. A patched version of the package is available...

9.6CVSS5.8AI score0.00478EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/06/22 9:21 p.m.6 views

CVE-2026-45839 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-45839 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

7.8CVSS5.8AI score0.0012EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/06/22 9:21 p.m.10 views

CVE-2026-46064 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-46064 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

7.1CVSS5.8AI score0.00126EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/06/22 9:21 p.m.8 views

CVE-2026-46108 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-46108 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS5.8AI score0.00123EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/06/22 9:21 p.m.4 views

CVE-2026-46286 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-46286 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS5.8AI score0.00122EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/06/22 9:21 p.m.8 views

CVE-2026-46075 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-46075 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

7.8CVSS5.8AI score0.00129EPSS
Exploits0
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2025-210212

Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sending crafted IOCTL requests to the driver. A successful exploit can result in the bypassing of all...

6.8CVSS5.3AI score0.00163EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.15 views

EUVD-2025-210211

Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing the NSClient Tamper Protections due to weak Discretionary Access Control List DACLs on the service object and related registry keys,. Produc...

6.8CVSS5.3AI score0.00143EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 5:7 p.m.16 views

CVE-2026-20265 Insecure Default Domain Allowlist in Splunk AI Toolkit

In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration. The vulnerability exists...

4.3CVSS0.00217EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:51 a.m.29 views

CVE-2026-41557 WordPress Kapee theme < 1.7.1 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Kapee 1.7.1 versions...

7.1CVSS0.0023EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:50 a.m.11 views

CVE-2026-22338

CVE-2026-22338 : WordPress EcoBlue theme

8.1CVSS5.2AI score0.00338EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50501

Name of the Vulnerable Software and Affected Versions Splunk AI Toolkit versions prior to 5.7.4 Description A low-privileged user without "admin" or "power" Splunk roles can force the application to make outbound HTTP requests to an attacker-controlled server, potentially leading to data...

4.3CVSS5.9AI score0.00217EPSS
Exploits0References6
Rows per page
Query Builder