Lucene search
K

1103494 matches found

Cvelist
Cvelist
added 1 hour ago1 views

CVE-2026-13128 Foxit PDF Editor/Reader Doc Object Use-After-Free Remote Code Execution Vulnerability

Embedding JavaScript within a PDF file will cause the page to be deleted. Subsequent scripts will continue to access the relevant properties of the document view, eventually leading to the crash of the application...

7.8CVSS
Exploits0References1
CVE
CVE
added 1 hour ago5 views

CVE-2026-13128 Foxit PDF Editor/Reader Doc Object Use-After-Free Remote Code Execution Vulnerability

Embedding JavaScript within a PDF file will cause the page to be deleted. Subsequent scripts will continue to access the relevant properties of the document view, eventually leading to the crash of the application...

7.8CVSS5.9AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 1 hour ago1 views

CVE-2026-13128

Embedding JavaScript within a PDF file will cause the page to be deleted. Subsequent scripts will continue to access the relevant properties of the document view, eventually leading to the crash of the application...

7.8CVSS
Exploits0References2Affected Software2
NVD
NVD
added 1 hour ago4 views

CVE-2026-12378

The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin through 1.1.28 does not validate data before passing it to a PHP deserialization function, allowing unauthenticated attackers to inject arbitrary PHP objects; where a suitable gadget chain is present on the site this c...

Exploits0References1
NVD
NVD
added 1 hour ago3 views

CVE-2026-9695

An Improper Authentication vulnerability affecting DELMIA Apriso from Release 2020 through Release 2026 could allow an attacker to gain privileged access to the server...

9.8CVSS
Exploits0References1
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-42166

Incorrect default permissions issue exists in Pupsman versions prior to 3.9.0. An attacker can place a malicious executable in the installation folder, which results in arbitrary code execution with SYSTEM privilege...

8.5CVSS6.5AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-42171

The Chatra Live Chat + ChatBot + Cart Saver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS6AI score
Exploits0References4
NVD
NVD
added 2 hours ago3 views

CVE-2026-9731

The Wp Js Detect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.9. This is due to missing or incorrect nonce validation on the pluginsettings function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS
Exploits0References5
NVD
NVD
added 2 hours ago3 views

CVE-2026-9700

The Eventer plugin for WordPress is vulnerable to time-based SQL Injection via the ‘code’ parameter in all versions up to, and including, 4.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS
Exploits0References2
NVD
NVD
added 2 hours ago4 views

CVE-2026-14495

The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because dologin\s::rrand seeds the Mersenne Twister with mtsranddouble microtime 1000000 — discarding the integer-second...

8.8CVSS
Exploits0References5
NVD
NVD
added 2 hours ago3 views

CVE-2026-56437

Uncontrolled search path element issue exists in Pupsman versions prior to 3.9.0. If a crafted DLL file is placed in the same folder as the affected installer and the installer is executed, arbitrary code may be executed with SYSTEM privilege...

8.4CVSS
Exploits0References2
NVD
NVD
added 2 hours ago3 views

CVE-2026-12097

The User Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to modify the plugin's...

5.3CVSS
Exploits0References5
NVD
NVD
added 2 hours ago4 views

CVE-2026-14489

The WHMCS Bridge plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the connect function in all versions up to, and including, 6.9. This makes it possible for authenticated attackers, with Custom-level access and above, to upload arbitrary files on...

8.8CVSS
Exploits0References6
NVD
NVD
added 2 hours ago4 views

CVE-2026-12153

The WP Learn Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.8. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to install and activat...

9.8CVSS
Exploits0References5
NVD
NVD
added 2 hours ago4 views

CVE-2026-14500

The Bulk Order Update for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 1.6. This is due to the bouwfetchcsvdata AJAX handler being registered on the wpajaxnopriv hook with no capability or nonce check, and passing the attacker-supplied...

5.3CVSS
Exploits0References4
NVD
NVD
added 2 hours ago3 views

CVE-2026-57895

Incorrect default permissions issue exists in Pupsman versions prior to 3.9.0. An attacker can place a malicious executable in the installation folder, which results in arbitrary code execution with SYSTEM privilege...

8.5CVSS
Exploits0References2
NVD
NVD
added 2 hours ago3 views

CVE-2026-12041

The Chatra Live Chat + ChatBot + Cart Saver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS
Exploits0References3
NVD
NVD
added 2 hours ago3 views

CVE-2026-11798

The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'heateormastodonshare' parameter in all versions up to, and including, 7.14.5 due to insufficient input sanitization and output escaping. This...

6.1CVSS
Exploits0References3
NVD
NVD
added 2 hours ago3 views

CVE-2026-10570

The Sympl Repeater for ACF and Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ACF repeater field values in all versions up to, and including, 2.3. This is due to insufficient input sanitization and output escaping in the symparfereplacecontent function, which uses...

6.4CVSS
Exploits0References3
CVE
CVE
added 2 hours ago5 views

CVE-2026-12378

CVE-2026-12378 affects BookingPress-related WordPress plugins (Appointment Booking Calendar Plugin and Scheduling Plugin) up to version 1.1.28. The issue arises because user input is not validated before passing to a PHP deserialization function, enabling unauthenticated attackers to inject arbit...

6.2AI score
Exploits0References1
Rows per page
Query Builder