Lucene search
K

761 matches found

CVE
CVE
added 4 days ago5 views

CVE-2026-6802

The CVE-2026-6802 entry concerns the WordPress plugin Easy Upload Files During Checkout, affected up to version 3.0.1. The vulnerability stems from missing authorization checks in the ufdc_custom_init() function, which processes the eufdc-delete parameter without nonce verification, capability ch...

5.3CVSS6.2AI score0.00243EPSS
Exploits0References8
Cvelist
Cvelist
added 5 days ago26 views

CVE-2026-15192 mettle sendportal APIv1 Webhooks mailjet missing authentication

A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function sendgrid/postmark/postal/mailjet of the component APIv1 Webhooks. The manipulation leads to missing authentication. The attack is possible to be carried out remotely. The exploit has been disclosed to...

6.9CVSS0.00572EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/06 6:30 a.m.37 views

CVE-2026-14802 react create-react-app react-dev-utils openBrowser.js startBrowserProcess os command injection

A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the function startBrowserProcess of the file openBrowser.js of the component react-dev-utils. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The...

7.5CVSS0.01324EPSS
Exploits0References6
OSV
OSV
added 2026/07/05 5:19 a.m.8 views

ROOT-OS-UBUNTU-2404-CVE-2025-40156 CVE-2025-40156 in rootio-linux - Patched by Root

Root has patched CVE-2025-40156 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

5.4AI score0.00183EPSS
Exploits0
Nuclei
Nuclei
added 2026/07/02 9:36 a.m.14 views

Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006)

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through...

9.8CVSS6.1AI score0.92161EPSS
Exploits1References4
CVE
CVE
added 2026/07/01 4:32 a.m.24 views

CVE-2026-6070

The WP-BusinessDirectory WordPress plugin (versions up to and including 4.0.1) is vulnerable to unauthenticated arbitrary file deletion via path traversal. The issue stems from insufficient path validation in the remove() method of JBusinessDirectoryControllerUpload. The task=upload.remove endpoi...

9.1CVSS5.8AI score0.00409EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/26 2:53 p.m.7 views

CVE-2026-57631

Administrator SQL Injection in Popup box = 6.0.1 versions...

7.6CVSS5.8AI score0.00279EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 2:53 p.m.6 views

EUVD-2026-39747

Administrator SQL Injection in Popup box = 6.0.1 versions...

7.6CVSS5.8AI score0.00279EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 2:53 p.m.7 views

CVE-2026-57628

Administrator SQL Injection in WP All Import = 4.0.1 versions...

7.6CVSS5.8AI score0.00279EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 2:53 p.m.4 views

EUVD-2026-39744

Administrator SQL Injection in WP All Import = 4.0.1 versions...

7.6CVSS5.8AI score0.00279EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.33 views

CVE-2026-56027 WordPress Booster for WooCommerce plugin <= 8.0.1 - Arbitrary File Upload vulnerability

Customer Arbitrary File Upload in Booster for WooCommerce = 8.0.1 versions...

9.9CVSS0.00328EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/26 12:18 p.m.5 views

WordPress WP All Import plugin <= 4.0.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WP All Import versions = 4.0.1...

7.6CVSS5.8AI score0.00279EPSS
Exploits0Affected Software1
Circl
Circl
added 2026/06/24 4:7 p.m.6 views

CVE-2021-25149

creationtimestamp| type| source ---|---|--- 2026-06-24 16:07:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mp2ccmccga2q...

9.8CVSS5.8AI score0.01634EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:16 p.m.6 views

CVE-2026-48510

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, when MessagePack-CSharp decompresses Lz4Block or Lz4BlockArray payloads, it reads declared uncompressed lengths from the wire and allocates output buffers based on those lengths before validating that the compressed...

7.5CVSS5.9AI score0.00236EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/19 6:32 p.m.24 views

CVE-2026-12238 WP Go Maps <= 10.1.01 - Unauthenticated Arbitrary Record Creation

The WP Go Maps – Most Popular Map Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 10.1.01. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers ...

5.3CVSS0.00205EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.13 views

EUVD-2026-37647

Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...

7.5CVSS5.2AI score0.00467EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 8:16 p.m.12 views

CVE-2026-50882

An issue in the /api/v0/pastes endpoint of anna-is-cute paste v0.1.1 allows attackers to cause a Denial of Service DoS via a crafted POST request...

7.5CVSS0.00324EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 6:17 a.m.5 views

Security Bulletin: IBM Engineering Systems Design Rhapsody was affected by CVE-2025-11143

Summary IBM Engineering Systems Design Rhapsody was affected by CVE-2025-11143. Although the vulnerability is generally rated low to medium severity due to the specific conditions required for exploitation, it can become more impactful in complex multi-layered architectures where consistent URL...

6.5CVSS6.8AI score0.00159EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48929

Name of the Vulnerable Software and Affected Versions NanaZip versions 3.0.1000.0 through 6.0.1697.0 Description A heap out-of-bounds read exists in the Android Verified Boot AVB vbmeta image parser via the upstream 7-Zip AvbHandler. An unsigned integer underflow in a bounds check allows an...

5.4CVSS5.2AI score0.0017EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.12 views

CVE-2026-45328

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, the esptee component exposes secure-service wrappers in espsecureservices.c and espsecureservicesiram.c that bridge calls from the user application i.e. the REE to TEE-protected hardware peripherals...

9.3CVSS5.3AI score0.00126EPSS
Exploits0References1
Rows per page
Query Builder