364911 matches found
CVE-2026-22340 WordPress WPJobster theme <= 6.3.5 - SQL Injection vulnerability
Unauthenticated SQL Injection in WPJobster = 6.3.5 versions...
CVE-2026-22339 WordPress WPJobster theme <= 6.3.5 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in WPJobster = 6.3.5 versions...
CVE-2026-22338 WordPress EcoBlue theme <= 1.15 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in EcoBlue = 1.15 versions...
CVE-2026-22334 WordPress Woocommerce Book Price plugin <= 1.3 - Arbitrary File Download vulnerability
Subscriber Arbitrary File Download in Woocommerce Book Price = 1.3 versions...
CVE-2026-22335 WordPress WooCommerce Frontend Manager – Ultimate plugin < 6.7.7 - SQL Injection vulnerability
Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate 6.7.7 versions...
CVE-2026-22332 WordPress Tutor LMS Pro plugin <= 3.9.6 - SQL Injection vulnerability
Unauthenticated SQL Injection in Tutor LMS Pro = 3.9.6 versions...
CVE-2026-22331 WordPress AutoParts theme <= 1.5.8 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in AutoParts = 1.5.8 versions...
CVE-2026-22330 WordPress Right Way theme <= 4.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Right Way = 4.0 versions...
CVE-2026-22329 WordPress Skillate theme <= 1.2.10 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Skillate = 1.2.10 versions...
CVE-2026-22328 WordPress Auto Repair theme <= 22.6 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Auto Repair = 22.6 versions...
CVE-2026-22327 WordPress Restaurt theme <= 1.0.4 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in Restaurt = 1.0.4 versions...
CVE-2026-22326 WordPress Reprizo theme <= 1.0.8 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Reprizo = 1.0.8 versions...
CVE-2026-22325 WordPress Promo theme <= 1.3.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Promo = 1.3.0 versions...
CVE-2026-9690 WordPress WP Media folder Addon plugin <= 4.0.1 - Arbitrary File Download vulnerability
Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...
CVE-2025-69179 WordPress Support Ticket Management System plugin <= 1.9 - Privilege Escalation vulnerability
Unauthenticated Privilege Escalation in Support Ticket Management System = 1.9 versions...
CVE-2025-69173 WordPress Tipsy theme <= 1.1 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Tipsy = 1.1 versions...
CVE-2025-69172 WordPress Resurs theme <= 1.3 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Resurs = 1.3 versions...
CVE-2025-69171 WordPress Orpheus theme <= 1.3 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Orpheus = 1.3 versions...
CVE-2025-69161 WordPress Snowy theme <= 1.13 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Snowy = 1.13 versions...
CVE-2025-69148 WordPress Quirky theme <= 1.23 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Quirky = 1.23 versions...
CVE-2025-69145 WordPress Gat theme <= 1.16 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Gat = 1.16 versions...
CVE-2025-69138 WordPress Genemy theme <= 1.6.6 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in Genemy = 1.6.6 versions...
CVE-2025-69135 WordPress Events Schedule - WordPress Events Calendar Plugin plugin <= 2.7.2 - SQL Injection vulnerability
Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin = 2.7.2 versions...
CVE-2025-69129 WordPress WordPress & WooCommerce Scraper Plugin, Import Data from Any Site plugin <= 1.0.7 - Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...
CVE-2025-69117 WordPress Ingenioso theme <= 1.14.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Ingenioso = 1.14.0 versions...
CVE-2025-69110 WordPress AirSupply theme <= 2.0.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in AirSupply = 2.0.0 versions...
CVE-2025-60223 WordPress WPBot Pro Wordpress Chatbot plugin <= 13.6.5 - Arbitrary File Deletion vulnerability
Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot = 13.6.5 versions...
CVE-2025-60218 WordPress PT Luxa Addons Plugin <= 1.2.2 - Arbitrary File Upload Vulnerability
Subscriber Arbitrary File Upload in PT Luxa Addons = 1.2.2 versions...
CVE-2025-60205 WordPress ThemeREX Addons plugin <= 2.36.1.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in ThemeREX Addons = 2.36.1.1 versions...
CVE-2025-59563 WordPress Sonaar theme <= 4.27.4 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in Sonaar = 4.27.4 versions...
CVE-2025-59560 WordPress Sonaar theme <= 4.27.4 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Sonaar = 4.27.4 versions...
CVE-2025-58954 WordPress HomeRoofer theme <= 2.11.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in HomeRoofer = 2.11.0 versions...
CVE-2025-58953 WordPress Joly theme <= 1.22.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Joly = 1.22.0 versions...
CVE-2025-58952 WordPress Neuronet theme < 1.14.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Neuronet 1.14.0 versions...
CVE-2025-49403 WordPress Premium Age Verification / Restriction for WordPress Plugin <= 3.0.2 - Arbitrary File Download Vulnerability
Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress = 3.0.2 versions...
CVE-2024-52488 WordPress Grip theme <= 1.0.9 - Arbitrary Plugin Activation/Deactivation to RCE vulnerability
Subscriber Arbitrary File Upload in Grip = 1.0.9 versions...
CVE-2024-49269 WordPress my flatonica theme <= 0.0.8 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in my flatonica = 0.0.8 versions...
CVE-2026-12165 Contest Gallery <= 30.0.2 - Authenticated (Author+) Privilege Escalation via 'RegistryUserRole' Parameter
The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 30.0.2 via the RegistryUserRole parameter. This is due to the plugin's admin menu being registered at the editposts...
CVE-2026-12115 Counter Box <= 2.0.13 - Authenticated (Administrator+) PHP Object Injection via Import
The Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.13 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level...
CVE-2026-47340 Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access.
Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...
CVE-2026-32967 Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks
Incorrect Authorization vulnerability of /v2 experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...
CVE-2026-42357 Apache DolphinScheduler: Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access.
Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access. This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...
CVE-2026-41280 Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects
Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...
CVE-2026-32966 Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure
DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...
CVE-2026-40722 WordPress Yoast SEO Premium plugin <= 26.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Yoast SEO Premium: from n/a through 26.6...
CVE-2026-27869 WEB SERVICE (HTTP) DENIAL OF SERVICE VIA SLOW HEADERS ON REGESTA SMART HD-PLC OF TELDAT
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat in this case, NO registration action is required who has the vulnerable software could, with a Slow Loris attack, cause Denial of Service DoS on the web interface of the device. This issue affects Regesta Smart...
CVE-2026-27870 CROSS-SITE SCRIPTING (XSS) VIA MALICIOUS FILE UPLOAD ON REGESTA SMART HD-PLC OF TELDAT
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat in this case, registration action IS required who has the vulnerable software could, introduce arbitrary JavaScript by injecting a Cross-site Scripting XSS payload into the 'Hostname' field of the configuration...
CVE-2026-27868 PUBLICATION OF SENSITIVE INFORMATION ON REGESTA SMART HD-PLC OF TELDAT
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat in this case, NO registration action is required who has the vulnerable software could obtain privilege information by using the command Version via the path: /upgrade/query.php?cmd=p+3&3Bversion resulting in a...
CVE-2026-0063
In setAllowedCarriers of PhoneInterfaceManager.java, there is a possible way to disable carrier restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-28587
In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...