Lucene search
+L

113627 matches found

EUVD
EUVD
added 2026/07/12 8:15 a.m.9 views

EUVD-2026-43208

A vulnerability has been found in TRENDnet TEW-821DAP 1.11B03. This affects the function sub42026C of the file /goform/toolsddns of the component Firmware Update Handler. Such manipulation of the argument hostname/username/password leads to os command injection. The attack can be launched remotel...

6.5CVSS6.4AI score0.0105EPSS
Exploits0References5
CVE
CVE
added 2026/07/11 1:1 p.m.15 views

CVE-2026-61465

ImageMagick before 7.1.2-26 and 6.9.13-51 lacks a check for the allowed memory allocation limit in matrix-backed operations (e.g., -canny). A crafted image can cause ImageMagick to allocate more memory than policy permits, resulting in a denial of service. Affected components: ImageMagick's memor...

6.5CVSS6.1AI score0.00173EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/11 5:35 a.m.37 views

CVE-2026-15155 Essential Addons for Elementor <= 6.6.10 - Authenticated (Contributor+) Account Takeover via Email Header Injection

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Authenticated Account Takeover via Email Header Injection in all versions up to, and including, 6.6.10 This is due to insufficient server-side validation of a Login/Register widget...

8.8CVSS0.00367EPSS
Exploits0References9
CVE
CVE
added 2026/07/11 5:35 a.m.16 views

CVE-2026-11591

CVE-2026-11591 affects the WordPress plugin Widgets for Google Reviews up to version 13.3. It is a Stored Cross‑Site Scripting (XSS) vulnerability triggered via admin settings, caused by insufficient input sanitization and output escaping in the parameters fomo-title and fomo-text . Exploitation ...

4.4CVSS6.2AI score0.00251EPSS
Exploits0References10
CVE
CVE
added 2026/07/11 5:35 a.m.16 views

CVE-2026-12738

CVE-2026-12738 affects WP Easy Pay

4.3CVSS6.1AI score0.00213EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/11 3:44 a.m.36 views

CVE-2026-15335 Booking Package <= 1.7.20 - Unauthenticated SQL Injection via 'email' Form Parameter

The Booking Package plugin for WordPress is vulnerable to generic SQL Injection via 'email' Form Parameter form in all versions up to, and including, 1.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.5CVSS0.00481EPSS
Exploits0References10
EUVD
EUVD
added 2026/07/11 3:44 a.m.7 views

EUVD-2026-43143

The Booking Package plugin for WordPress is vulnerable to generic SQL Injection via 'email' Form Parameter form in all versions up to, and including, 1.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.5CVSS6.1AI score0.00481EPSS
Exploits0References10
CVE
CVE
added 2026/07/11 2:31 a.m.14 views

CVE-2026-15073

KiviCare – Clinic & Patient Management System (WordPress)

6.5CVSS6.1AI score0.00249EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/11 2:31 a.m.30 views

CVE-2026-5743 Mixed Media Gallery Blocks <= 3.3.3.1 - Authenticated (Author+) Stored Cross-Site Scripting via sliderMaxHeight Block Attribute

The SimpLy Gallery Block & Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block attributes in all versions up to, and including, 3.3.3.2. This is due to insufficient input sanitization and output escaping on the sliderMaxHeight block attribute in the...

6.4CVSS0.00259EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/07/11 1:29 a.m.2 views

CVE-2026-13756

The WP Grid Builder plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.3.3. This is due to missing authorization and meta key validation in the update handler for the /wp-json/wpgb/v2/metadata REST endpoint. This makes it possible for authenticated...

8.8CVSS6.1AI score0.00309EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/11 12:31 a.m.9 views

EUVD-2026-43073

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Colorbox allows Cross-Site Scripting XSS. This issue affects Colorbox versions: from 0.0.0 to 2.1.5, from 0.0.0 to 2.2.0...

6.1AI score0.00228EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/11 12:31 a.m.6 views

EUVD-2026-43084

Server-Side Request Forgery SSRF vulnerability in Drupal Drupal core allows Server Side Request Forgery. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0., from 0.0.0 to 11.1...

6.1AI score0.0014EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/11 12:31 a.m.5 views

EUVD-2026-43049

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Tagify allows Stored XSS. This issue affects Tagify versions: from 0.0.0 to 1.2.52...

6.1AI score0.00162EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/11 12:0 a.m.9 views

PT-2026-57443

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-26 ImageMagick versions prior to 6.9.13-51 Description ImageMagick fails to verify the allowed memory allocation limit during matrix-backed operations, such as the -canny operation. A remote attacker can...

6.5CVSS6.1AI score0.00173EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2026/07/11 12:0 a.m.9 views

PT-2026-57393

Name of the Vulnerable Software and Affected Versions Booking Package versions prior to 1.7.21 Description Insufficient escaping of user-supplied parameters and lack of preparation in SQL queries allow unauthenticated attackers to perform SQL Injection. This occurs via the email parameter in the...

7.5CVSS6.1AI score0.00481EPSS
Exploits0References14
NVD
NVD
added 2026/07/10 10:16 p.m.10 views

CVE-2026-58591

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Colorbox allows Cross-Site Scripting XSS. This issue affects Colorbox versions: from 0.0.0 to 2.1.5, from 0.0.0 to 2.2.0...

5.4CVSS0.00228EPSS
Exploits0References1
NVD
NVD
added 2026/07/10 10:16 p.m.10 views

CVE-2026-58587

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting XSS. This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1...

6.1CVSS0.00253EPSS
Exploits0References1
NVD
NVD
added 2026/07/10 10:16 p.m.9 views

CVE-2026-55882

Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.19.5 through 0.37.3, the Tilt HUD server mounts Go net/http/pprof handlers under /debug with no access control. When the HUD or apiserver listener is network-exposed, an unauthenticated caller can read process memor...

8.3CVSS0.00384EPSS
Exploits0References4
NVD
NVD
added 2026/07/10 10:16 p.m.9 views

CVE-2026-15081

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Drupal Location Selector allows SQL Injection. This issue affects Location Selector versions: from 0.0.0 to 1.3.0...

7.4CVSS0.00257EPSS
Exploits0References1
NVD
NVD
added 2026/07/10 10:16 p.m.7 views

CVE-2026-13235

Missing Authorization vulnerability in Drupal AI Artificial Intelligence allows Forceful Browsing. This issue affects AI Artificial Intelligence versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3...

3.3CVSS0.00161EPSS
Exploits0References1
Rows per page
Query Builder