Lucene search
K

3735 matches found

CVE
CVE
added yesterday7 views

CVE-2026-57624

CVE-2026-57624 : Unauthenticated Remote Code Execution in WordPress Blocksy Companion Pro plugin (versions

10CVSS5.9AI score
In wildExploits0References1
CVE
CVE
added last week21 views

CVE-2026-56011

CVE-2026-56011 describes an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress plugin mapPress Maps for WordPress, affected versions are ≤ 2.97.3. The vulnerability is documented across multiple sources (NVD, CVE databases, and PatchStack) with consistent impact: XSS that c...

7.1CVSS5.8AI score0.00244EPSS
In wildExploits0References1
CVE
CVE
added 2026/06/24 8:33 p.m.13 views

CVE-2026-52813

Gogs prior to 0.14.3 is vulnerable: organization names containing path traversal sequences (../) cause repositories to be written to arbitrary filesystem locations. By creating nested Git repo structures, an attacker can overwrite a repository’s hooks (notably hooks/update) and trigger Remote Cod...

10CVSS6.1AI score0.01107EPSS
In wildExploits0References4
CVE
CVE
added 2026/06/24 6:0 a.m.73 views

CVE-2026-10735

CVE-2026-10735 concerns a supply‑chain compromise of ShapedPlugin Pro plugins (Product Slider Pro for WooCommerce, Real Testimonials Pro, Smart Post Show Pro) delivered via the vendor update server. Technical details show a stage 1 loader in src/Includes/LicenseLoader.php that runs on admin init ...

7.5CVSS6.2AI score0.00387EPSS
In wildExploits1References1
CVE
CVE
added 2026/06/23 4:28 p.m.49 views

CVE-2026-55255

Langflow4: CVE-2026-55255 describes an IDOR in POST /api/v1/responses that lets an authenticated user execute another user’s flow by supplying the victim’s flow ID. Root cause: get_flow_by_id_or_endpoint_name queries by UUID without verifying ownership in both UUID and endpoint_name paths, enabli...

9.9CVSS5.9AI score0.00233EPSS
In wildExploits2References2Affected Software1
CVE
CVE
added 2026/06/23 2:20 p.m.62 views

CVE-2026-28496

CVE-2026-28496 (FOSSBilling) affects versions prior to 0.8.0, where a Server-Side Template Injection (SSTI) in Twig template rendering allows an attacker with access to template-rendering features (email templates, mass mail campaigns, custom payment adapters, string_render API) to inject arbitra...

9.4CVSS6.4AI score0.01892EPSS
In wildExploits1References3
CVE
CVE
added 2026/06/19 5:33 a.m.42 views

CVE-2026-7515

CVE-2026-7515 affects the BetterDocs Pro WordPress plugin (

9.8CVSS6.5AI score0.00886EPSS
In wildExploits2References3
CVE
CVE
added 2026/06/18 12:11 a.m.488 views

CVE-2026-12569

This CVE affects PTC Windchill PDMlink and PTC FlexPLM (and CPS) with a critical remote code execution via deserialization of untrusted data. Affected versions are Windchill PDMlink and FlexPLM prior to 11.0 M030 (per multiple sources), with remediation to 11.0 M030 or later. The issue is exploit...

9.8CVSS6.4AI score0.01106EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2026/06/15 4:21 p.m.173 views

CVE-2026-20262

Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) exposes an Arbitrary File Write vulnerability in its web UI. An authenticated, lower-privileged user can craft requests to a file-upload API endpoint to create/overwrite files on the OS, with potential for root escalation. Cisco has released...

6.5CVSS5.5AI score0.07683EPSS
In wildExploits2References2Affected Software1
CVE
CVE
added 2026/06/15 12:58 p.m.24 views

CVE-2026-48969

CVE-2026-48969 describes a Broken Access Control vulnerability in the WordPress plugin Really Simple SSL prior to or equal to version 9.5.9 . The initial description and connected records confirm the affected product and version range; the CVSS metrics indicate a Network attack vector with Low pr...

6.5CVSS5.2AI score0.00223EPSS
In wildExploits0References1
CVE
CVE
added 2026/06/14 3:23 a.m.253 views

CVE-2026-54420

CVE-2026-54420 is a symlink-following vulnerability in LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM Plugin before 5.3.2.0). A user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS can abuse improperly validated symbolic links to access or ...

8.5CVSS5.3AI score0.01261EPSS
In wildExploits3References3Affected Software2
CVE
CVE
added 2026/06/12 5:7 p.m.194 views

CVE-2026-48558

Summary of vulnerability (CVE-2026-48558) : SimpleHelp versions 5.5.15 and earlier and 6.0 pre-release contain an authentication bypass in the OpenID Connect (OIDC) flow. When OIDC is configured, identity tokens are accepted without cryptographic signature verification, allowing a remote, unauthe...

10CVSS5.5AI score0.0116EPSS
In wildExploits1References5Affected Software1
CVE
CVE
added 2026/06/11 9:7 p.m.24 views

CVE-2026-42653

The CVE-2026-42653 vulnerability affects the WordPress SliceWP plugin (

7.1CVSS5.5AI score0.00142EPSS
In wildExploits0References1
CVE
CVE
added 2026/06/11 9:5 p.m.28 views

CVE-2026-39494

The CVE-2026-39494 entry concerns WordPress Product Filter by WBW plugin

9.3CVSS5.6AI score0.0039EPSS
In wildExploits0References1
CVE
CVE
added 2026/06/11 9:4 p.m.59 views

CVE-2026-42647

CVE-2026-42647 affects the WordPress plugin JoomSport

9.3CVSS5.6AI score0.01323EPSS
In wildExploits1References1
CVE
CVE
added 2026/06/11 9:2 p.m.56 views

CVE-2026-49060

The CVE-2026-49060 entry concerns the WordPress plugin Hippoo Mobile App for WooCommerce. Affected: Hippoo Mobile App for WooCommerce plugin versions up to 1.9.4. Issue: Incorrect Privilege Assignment leading to Privilege Escalation. Impact: high risk across confidentiality, integrity, and availa...

9.8CVSS5.4AI score0.00514EPSS
In wildExploits1References1
CVE
CVE
added 2026/06/11 5:34 a.m.291 views

CVE-2026-10795

UpdraftPlus (WordPress plugin)

8.1CVSS6.1AI score0.03578EPSS
In wildExploits3References4
CVE
CVE
added 2026/06/11 2:25 a.m.1208 views

CVE-2026-35273

CVE-2026-35273 is a remote, unauthenticated RCE in Oracle PeopleSoft Enterprise PeopleTools Updates Environment Management (PSEMHUB) affecting PeopleTools 8.61 and 8.62. Vendor advisories describe the flaw as a high-severity, network-exposed vulnerability with CVSS v3.1 score 9.8. Exploitation ha...

9.8CVSS5.5AI score0.9233EPSS
In wildExploits3References2Affected Software1
CVE
CVE
added 2026/06/10 5:16 p.m.302 views

CVE-2026-20253

Summary: CVE-2026-20253 affects Splunk Enterprise and Splunk Cloud Platform due to an unauthenticated PostgreSQL sidecar service endpoint that can create or truncate arbitrary files when exposed on the network. Affected software/versions (per sources): Splunk Enterprise < 10.2.4 and < 10.0....

9.8CVSS5.8AI score0.88171EPSS
In wildExploits5References3Affected Software1
CVE
CVE
added 2026/06/10 1:5 p.m.207 views

CVE-2026-53435

CVE-2026-53435 affects Jenkins 2.567 and earlier, including LTS 2.555.2 and earlier. The root cause is unsafe deserialization due to a deserialization sink that bypasses a ClassFilter, allowing an attacker who can POST a config.xml to deserialize arbitrary core/plugin types and reach them via HTT...

8.8CVSS5.7AI score0.14907EPSS
In wildExploits2References4Affected Software1
Rows per page
Query Builder