Lucene search
K

7978 matches found

NVD
NVD
added 12 hours ago4 views

CVE-2026-57772

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Inventory WP Inventory Manager wp-inventory-manager allows Blind SQL Injection.This issue affects WP Inventory Manager: from n/a through = 2.4.0...

8.5CVSS
Exploits0References1
NVD
NVD
added 12 hours ago4 views

CVE-2026-57702

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Melograno Venture Studio Amelia ameliabooking allows Blind SQL Injection.This issue affects Amelia: from n/a through = 2.4.2...

9.3CVSS
Exploits0References1
Cvelist
Cvelist
added 14 hours ago8 views

CVE-2026-57744 WordPress RT-Theme 18 | Extensions plugin <= 2.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Object Injection.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...

9.8CVSS
Exploits0References1
CVE
CVE
added 14 hours ago8 views

CVE-2026-61971

The CVE covers the WordPress plugin Metronet Profile Picture (Cozmoslabs User Profile Picture) insecure direct object references affecting versions

2.7CVSS6.1AI score
Exploits0References1
CVE
CVE
added 14 hours ago13 views

CVE-2026-57772

CVE-2026-57772 concerns WP Inventory Manager (WordPress plugin) with an SQL Injection issue in the wp-inventory-manager component. The vulnerability is described as Blind SQL Injection and affects WP Inventory Manager versions up to and including 2.4.0 (and from an unspecified starting version). ...

8.5CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 14 hours ago6 views

CVE-2026-57802 WordPress Struktur theme <= 2.5.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affects Struktur: from n/a through = 2.5.1...

7.5CVSS
Exploits0References1
Cvelist
Cvelist
added 14 hours ago5 views

CVE-2026-57790 WordPress Billey theme <= 2.1.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Billey billey allows PHP Local File Inclusion.This issue affects Billey: from n/a through = 2.1.8...

7.5CVSS
Exploits0References1
Cvelist
Cvelist
added 14 hours ago5 views

CVE-2026-57379 WordPress FormyChat plugin <= 2.15.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPPOOL FormyChat social-contact-form allows Stored XSS.This issue affects FormyChat: from n/a through = 2.15.3...

7.1CVSS
Exploits0References1
Nuclei
Nuclei
added 18 hours ago11 views

Giga Messenger WordPress - Cross-Site Scripting

Giga Messenger WordPress plugin = 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

6.1CVSS7AI score0.00567EPSS
Exploits1References2
CVE
CVE
added yesterday13 views

CVE-2026-15496

SonicCloudOrg sonic-agent (up to version 2.7.2) contains a remote os command injection in GroovyScriptImpl.evalIsFailed within Groovy Script Handler. The vulnerable function is in sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScriptImpl.java. Exploitation is public and report...

6.5CVSS6.3AI score
Exploits0References5
Cvelist
Cvelist
added yesterday33 views

CVE-2026-15496 SonicCloudOrg sonic-agent Groovy Script GroovyScriptImpl.java evalIsFailed os command injection

A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2. The impacted element is the function evalIsFailed of the file sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScriptImpl.java of the component Groovy Script Handler. The manipulation results in os command...

6.5CVSS
Exploits0References5
CVE
CVE
added 2 days ago13 views

CVE-2026-11901

Affected software: WordPress WP Hotel Booking plugin (versions ≤ 2.3.1). Vulnerability: Insufficient Verification of Data Authenticity in the PayPal IPN handler (web_hook_process_paypal_standard). The IPN validation endpoint can be chosen from attacker-controlled test_ipn, permitting force-upgrad...

5.3CVSS6.1AI score0.00177EPSS
Exploits0References10
NVD
NVD
added 3 days ago7 views

CVE-2026-59161

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on the row r attribute, allowing a small XLSX file with a row number above 1048576 and no cell...

8.7CVSS0.00524EPSS
Exploits0References4
CVE
CVE
added 3 days ago6 views

CVE-2026-59193

Grav CMS is a file-based web platform. Before version 2.0.0, an authenticated admin.super user could trigger a denial of service by uploading a specially crafted ZIP via the Direct Install tool, because Installer::unZip uses ZipArchive::extractTo without limits on uncompressed size, entry count, ...

6.9CVSS6.1AI score0.0039EPSS
Exploits1References3Affected Software1
NVD
NVD
added 3 days ago7 views

CVE-2026-54149

MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chatpipeline/step/chatstep/impl/basechatstep.py do not consistently validate MCP transport type, allowing an...

8.8CVSS0.00384EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-42937

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, Excelize parses shared-string cell values with strconv.Atoi and checks only the upper bound before indexing the shared string slice, allowing an XLSX file containing a shared-string cell with ...

6.9CVSS6.1AI score0.00524EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-42809

A security flaw has been discovered in zhayujie CowAgent up to 2.1.0. The impacted element is an unknown function of the file channel/channel.py of the component Message Endpoint. The manipulation results in missing authorization. The attack may be launched remotely. The exploit has been released...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 3 days ago7 views

CVE-2026-15330

A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function buildimagecontent/downloadtodataurl of the file agent/tools/vision/vision.py of the component Vision Tool. Executing a manipulation of the argument image can lead to server-side request forgery. The attack c...

7.5CVSS6.6AI score0.00352EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-9028

The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.7.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers t...

5.3CVSS6AI score0.00288EPSS
Exploits0References9
NVD
NVD
added 4 days ago8 views

CVE-2026-6910

The Bookero.pl – system rezerwacji online plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the bookeroproducts shortcode's hideproducts and filterproducts attributes in versions up to and including 2.2. This is due to insufficient input sanitization and output escaping in the...

6.4CVSS0.00212EPSS
Exploits0References6
Rows per page
Query Builder