Lucene search
+L

306738 matches found

RedhatCVE
RedhatCVE
added 35 minutes ago0 views

CVE-2026-50144

A flaw was found in ncnn, a high-performance neural network inference framework. A remote attacker could craft a malicious model file that, when processed by a user, triggers an out-of-bounds heap write. This vulnerability in the ncnn::ParamDict::loadparam function is caused by insufficient...

7.1CVSS0.00018EPSS
Exploits0References2
NVD
NVD
added 1 hour ago3 views

CVE-2026-12978

The FunnelKit WordPress plugin before 3.15.0.6 does not escape a user-supplied parameter before reflecting it into the HTML response of one of its page-builder AJAX actions, allowing unauthenticated attackers to perform Reflected Cross-Site Scripting against logged-in users who open a crafted pag...

Exploits0References1
NVD
NVD
added 1 hour ago4 views

CVE-2026-12395

The WP Job Portal WordPress plugin before 2.5.5 does not properly sanitize and escape a parameter before using it in a SQL query, allowing authenticated users with a subscriber-level self-registerable account to perform SQL injection attacks...

Exploits0References1
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-44855

The Catch Themes Demo Import plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 3.3. This is due to the catchthemesdemoimportactivateplugin function, hooked on admininit when the activateplugin GET parameter is present, calling PluginUpgrader::install to...

4.3CVSS6.1AI score
Exploits0References11
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-44863

The Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 's' Search Parameter in all versions up to, and including, 7.6.1 due to insufficient input sanitization and output escaping. This makes it possible...

6.1CVSS6.2AI score
Exploits0References7
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-44866

The SAML Single Sign On – SSO Login plugin for WordPress is vulnerable to Authentication Bypass via SAML Signature Algorithm Confusion in all versions up to, and including, 5.4.3. The vulnerability exists because MoSAMLUtilities::mosamlcastkey reads the SignatureMethod Algorithm attribute directl...

9.8CVSS6AI score
Exploits0References8
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-44867

The SEO Booster plugin for WordPress is vulnerable to generic SQL Injection via the 'sortfield' parameter in all versions up to, and including, 7.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...

4.9CVSS6.1AI score
Exploits0References6
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-44864

The SEO Booster plugin for WordPress is vulnerable to time-based SQL Injection via the 'orderby' parameter in all versions up to, and including, 7.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

4.9CVSS6.1AI score
Exploits0References6
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-44857

The Advance Product Search- Voice & Ajax Search for WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 's' and 'match' parameter in all versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation ...

7.5CVSS6.1AI score
Exploits0References6
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-44860

The MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS6.1AI score
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2 hours ago1 views

CVE-2026-12978

The FunnelKit WordPress plugin before 3.15.0.6 does not escape a user-supplied parameter before reflecting it into the HTML response of one of its page-builder AJAX actions, allowing unauthenticated attackers to perform Reflected Cross-Site Scripting against logged-in users who open a crafted pag...

Exploits0References1
CVE
CVE
added 2 hours ago5 views

CVE-2026-12978

The FunnelKit WordPress plugin is vulnerable before version 3.15.0.6 to a Reflected XSS in a page-builder AJAX action when Divi builder is active. The issue arises from insufficient escaping of a user-supplied parameter reflected into the HTML response, enabling unauthenticated attackers to targe...

6.1AI score
Exploits0References1
Cvelist
Cvelist
added 2 hours ago4 views

CVE-2026-12978 FunnelKit < 3.15.0.6 - Reflected XSS via Divi Optin Form

The FunnelKit WordPress plugin before 3.15.0.6 does not escape a user-supplied parameter before reflecting it into the HTML response of one of its page-builder AJAX actions, allowing unauthenticated attackers to perform Reflected Cross-Site Scripting against logged-in users who open a crafted pag...

Exploits0References1
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-44881

The FunnelKit WordPress plugin before 3.15.0.6 does not escape a user-supplied parameter before reflecting it into the HTML response of one of its page-builder AJAX actions, allowing unauthenticated attackers to perform Reflected Cross-Site Scripting against logged-in users who open a crafted pag...

6.1AI score
Exploits0References1
CVE
CVE
added 2 hours ago4 views

CVE-2026-12395

Affected software: WP Job Portal WordPress plugin (vulnerable before 2.5.5). Vulnerability: Improper sanitization/escaping of a parameter used in a SQL query, enabling SQL injection. Impact/requirements: Authenticated users with a subscriber-level (self-registerable) account can exploit this vuln...

6.1AI score
Exploits0References1
Cvelist
Cvelist
added 2 hours ago4 views

CVE-2026-12395 WP Job Portal < 2.5.5 - Subscriber+ SQL Injection via Applied Resumes 'ta' Parameter

The WP Job Portal WordPress plugin before 2.5.5 does not properly sanitize and escape a parameter before using it in a SQL query, allowing authenticated users with a subscriber-level self-registerable account to perform SQL injection attacks...

Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 hours ago1 views

CVE-2026-12395

The WP Job Portal WordPress plugin before 2.5.5 does not properly sanitize and escape a parameter before using it in a SQL query, allowing authenticated users with a subscriber-level self-registerable account to perform SQL injection attacks...

Exploits0References1
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-44872

The WP Job Portal WordPress plugin before 2.5.5 does not properly sanitize and escape a parameter before using it in a SQL query, allowing authenticated users with a subscriber-level self-registerable account to perform SQL injection attacks...

6.1AI score
Exploits0References1
NVD
NVD
added 3 hours ago3 views

CVE-2026-15306

The Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 's' Search Parameter in all versions up to, and including, 7.6.1 due to insufficient input sanitization and output escaping. This makes it possible...

6.1CVSS
Exploits0References6
NVD
NVD
added 3 hours ago5 views

CVE-2026-15458

The SEO Booster plugin for WordPress is vulnerable to generic SQL Injection via the 'sortfield' parameter in all versions up to, and including, 7.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...

4.9CVSS
Exploits0References5
Rows per page
Query Builder