Lucene search
K
CvelistRecent

363341 matches found

Cvelist
Cvelist
added 4 days ago37 views

CVE-2026-10540 Weak password hash protection in Control-M/Entreprise Manager

The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentiall...

5.6CVSS0.00078EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-12577 DVP80ES3 Improperly Implemented Security Check for Standard vulnerability

DVP80ES3 with Improperly Implemented Security Check for Standard vulnerability...

8.7CVSS0.00253EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-12576 DVP80ES3 Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability

DVP80ES3 with Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability...

7.5CVSS0.00153EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-12575 DVP80ES3 Improper Resource Shutdown or Release Vulnerability

DVP80ES3 with Improper Resource Shutdown or Release vulnerability...

7.5CVSS0.00263EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-50043

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in SkyBridge MB-A100/MB-A110. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product with an administrative privilege...

8.6CVSS0.01129EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-12224 Dokan Pro <= 5.0.4 - Authenticated (Vendor+) Privilege Escalation via update_capabilities REST Endpoint

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via updatecapabilities REST Endpoint in all versions up to, and including, 5.0.4. This is due to the updatecapabilities REST handler accepting arbitrary capability strings from the request body and passing them directly to...

8.8CVSS0.00246EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-56016 CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources

CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in rand function. All three are predictable, low-entropy sources: the PID i...

0.00322EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago38 views

CVE-2026-11794 Advanced Form Integration < 2.1.1 - Unauthenticated Privilege Escalation via Breakdance Form Role Mapping

The Advanced Form Integration — Connect Forms to 200+ Apps WordPress plugin before 2.1.1 does not restrict the WordPress role assigned when it creates a user from a public form submission, allowing unauthenticated visitors to create an administrator account when an active integration maps the use...

0.00236EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago38 views

CVE-2026-11568 Product Configurator for WooCommerce < 1.7.3 - Unauthenticated Private/Draft Product Data Disclosure via pc_get_data

The Product Configurator for WooCommerce WordPress plugin before 1.7.3 does not perform any authorisation or post-status check before returning WooCommerce product data through a public AJAX action, allowing unauthenticated users to retrieve the data title, price, weight, stock status, and...

0.00284EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-11880 Fluent Forms < 6.2.1 - Subscriber+ Subscription Cancellation via IDOR

The Fluent Forms WordPress plugin before 6.2.1 does not properly verify ownership before processing a subscription cancellation request, allowing authenticated users with a low-privilege account to cancel subscriptions belonging to other users...

0.00139EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago39 views

CVE-2026-11887 Salon Booking System < 10.30.20 - Subscriber+ Booking Approval Bypass

The Salon Booking System WordPress plugin before 10.30.20 does not have proper authorisation checks on one of its AJAX actions, allowing any authenticated user, such as a subscriber, to modify a Salon Booking System WordPress plugin before 10.30.20 setting and bypass the manual approval of new...

0.00178EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago38 views

CVE-2026-11570 User Submitted Posts < 20260608 - Unauthenticated Stored XSS via Author Name

The User Submitted Posts WordPress plugin before 20260608 does not escape a submitted value before outputting it in an admin-configured display template, leading to a Stored Cross-Site Scripting that can be triggered by unauthenticated users when a non-default display option is enabled...

0.00137EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago38 views

CVE-2026-11883 WebAuthn Provider for Two Factor < 2.5.6 - 2FA Bypass

The WebAuthn Provider for Two Factor WordPress plugin before 2.5.6 does not correctly validate the second-factor authentication response, allowing an attacker who already knows a user's password to bypass the two-factor authentication requirement by submitting a malformed request...

0.00365EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago38 views

CVE-2026-11562 WS Form LITE < 1.11.8 - Subscriber+ Arbitrary Settings Update

The WS Form LITE WordPress plugin before 1.11.8 does not have a capability check on one of its settings-update actions, allowing authenticated users with subscriber-level access and above to modify the WS Form LITE WordPress plugin before 1.11.8's settings...

0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago40 views

CVE-2026-10750 Royal MCP < 1.4.26 - Subscriber+ Insufficient Authorization in MCP Tools

The Royal MCP WordPress plugin before 1.4.26 does not perform capability checks on the majority of its MCP tools after token authentication, allowing authenticated users with a low-privileged role such as Subscriber to read private content, enumerate all users and their roles, and create, modify,...

0.00267EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago33 views

CVE-2025-15666 Open Asset Import Library Assimp Model File SceneCombiner.cpp Copy heap-based overflow

A security vulnerability has been detected in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function Assimp::SceneCombiner::Copy of the file code/Common/SceneCombiner.cpp of the component Model File Handler. Such manipulation of the argument width/height lead...

5.3CVSS0.00123EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-1239 Ninja Forms <= 3.14.1 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via token/refresh REST Endpoint

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to unauthorized access of data due to a missing authorization check on the 'ninja-forms-views/token/refresh' REST callback in all versions up to, and including, 3.14.1. This makes it possible for...

7.5CVSS0.0026EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago38 views

CVE-2026-11823 BookingPress Appointment Booking Pro <= 5.7.1 - Unauthenticated SQL Injection via 'store_service_date' Parameter

The BookingPress Appointment Booking Pro plugin for WordPress is vulnerable to SQL Injection via the 'storeservicedate' parameter of the bpaassignstaffmembertoslots function in versions up to and including 5.7.1. This is due to the explicit use of stripslashesdeep on user-supplied POST data befor...

7.5CVSS0.00285EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago37 views

CVE-2026-14193 DVP80ES300T - Improper Validation of Array Index Vulnerability

DVP80ES300T with Improper Validation of Array Index Vulnerability...

7.5CVSS0.00263EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-12579 AS228T - Authentication Bypass Vulnerability

AS228T with Authentication Bypass Vulnerability...

7.4CVSS0.00273EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-11380 JetWidgets For Elementor <= 1.0.21 - Authenticated (Author+) Stored Cross-Site Scripting via Animated Box 'animation_effect' Setting

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.21. This is due to insufficient output escaping and missing server-side validation of the Animated Box widget's animationeffect setting before it is rendered inside a...

6.4CVSS0.00156EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-6070 WP-BusinessDirectory <= 4.0.1 - Unauthenticated Arbitrary File Deletion via Path Traversal via '_filename' Parameter

The WP-BusinessDirectory plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Deletion in versions up to and including 4.0.1. This is due to insufficient path validation in the remove method of the JBusinessDirectoryControllerUpload class. The task=upload.remove endpoint is...

9.1CVSS0.00409EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-11988 LearnPress <= 4.3.9.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Information Disclosure via 'userId' Parameter

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.9.1 via the 'userId' parameter due to missing validation on a user controlled key. This makes it possible for...

6.5CVSS0.00275EPSS
Exploits0References8
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-12127 WPForms <= 1.10.2 - Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection via Reply-To Display Name

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences 'CRLF Injection' in all versions up to, and including, 1.10.2 This is due to getreplytoaddress processing the Reply-To...

5.3CVSS0.00343EPSS
Exploits0References11
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-12113 Appointment Booking Calendar <= 1.4.02 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure

The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.02 via the cpabcappointmentsfilterlist. This makes it possible for authenticated attackers, with contributor-level access and above, to extract customer...

4.3CVSS0.00228EPSS
Exploits0References8
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-2387 Event Organiser <= 3.12.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via eo_events Shortcode

The Event Organiser plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.12.9. This is due to the 'eoevents' shortcode accepting attacker-controlled 'noevents' content and rendering it in event list templates without output escaping. This makes...

6.4CVSS0.00156EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-11981 GiveWP <= 4.15.3 - Cross-Site Request Forgery

The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.15.3 This is due to missing nonce validation on the givesetnotificationstatushandler function. This makes it possible for unauthenticated attackers to disable donation email notificatio...

4.3CVSS0.00154EPSS
Exploits0References9
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-7517 Custom Payment Gateways for WooCommerce <= 2.1.0 - Unauthenticated Stored Cross-Site Scripting via 'alg_wc_cpg_input_fields' Parameter

The Custom Payment Gateways for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'algwccpginputfields' parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS0.00247EPSS
Exploits0References8
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-58519 Stored XSS through Cargo's map format

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS. This issue affects Mediawiki - Cargo Extension: from before 3.9.1...

6.9CVSS0.00268EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-58518

Cross-Site request forgery CSRF vulnerability in The Wikimedia Foundation Mediawiki - RedirectManager Extension allows Cross Site Request Forgery. This issue affects Mediawiki - RedirectManager Extension: from before 1.3.3...

6.9CVSS0.00157EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-12135 FV Flowplayer Video Player <= 7.5.51.7212 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'video_player' Shortcode

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'videoplayer' shortcode 'align' attribute in all versions up to, and including, 7.5.51.7212 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

6.4CVSS0.00205EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-12923 Video Gallery <= 4.0.3 - Authenticated (Subscriber+) Arbitrary Function Call via 'path' Parameter

The Youtube Showcase plugin for WordPress is vulnerable to Arbitrary Function Call in versions up to and including 4.0.3. This is due to insufficient validation of the 'path' parameter in the emddeletefile AJAX handler in includes/common-functions.php. The user-supplied value is passed through...

7.5CVSS0.00319EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-12090 Taskbuilder <= 5.0.8 - Authenticated (Subscriber+) SQL Injection via 'wppm_proj_filter' Parameter

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to generic SQL Injection via the 'wppmprojfilter' parameter in all versions up to, and including, 5.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficie...

6.5CVSS0.00319EPSS
Exploits0References9
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-12902 Kadence Blocks <= 3.7.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary Media Attachment Creation via kadence_import_process_pattern/kadence_import_process_data AJAX Actions

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00272EPSS
Exploits0References10
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-13015 WP Google Review Slider <= 18.1 - Reflected Cross-Site Scripting via 'place' Parameter

The Wp Google Places Review Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'place' parameter in versions up to, and including, 18.1. This is due to insufficient input sanitization and output escaping in admin/partials/googlecrawldfs.php, where the $GET'place'...

6.1CVSS0.00211EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago37 views

CVE-2026-12110 Taskbuilder <= 5.0.8 - Authenticated (Subscriber+) SQL Injection via 'task_search' Parameter

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to generic SQL Injection via the 'tasksearch' parameter in all versions up to, and including, 5.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS0.00328EPSS
Exploits0References11
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-9107 Kali Forms <= 2.4.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'kaliforms_field_components' Parameter

The Kali Forms — Contact Form & Drag-and-Drop Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'metakaliformsfieldcomponents' parameter in all versions up to, and including, 2.4.13 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS0.00241EPSS
Exploits0References10
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-13468 Visualizer <= 4.0.3 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via /visualizer/v1/action/{chart}/{type}/ REST Endpoint

The Visualizer – Tables & Charts Manager with Built-in AI Generator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.0.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

7.5CVSS0.00367EPSS
Exploits0References8
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-13443 Tutor LMS <= 3.9.13 - Authenticated (Author+) Stored Cross-Site Scripting via Lesson Attachment Title

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Lesson Attachment Title in all versions up to, and including, 3.9.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00206EPSS
Exploits0References8
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-12904 Kadence Blocks <= 3.7.7 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Optimizer Data Deletion/Read/Modification via 'post_path' Parameter

The Kadence Blocks – Gutenberg Blocks for Page Builder Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.7.7. This is due to a mismatch between the object used for authorization and the object actually accessed in the...

4.3CVSS0.00293EPSS
Exploits0References20
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-13731 WPBot <= 8.4.9 - Unauthenticated Stored Cross-Site Scripting via 'conversation' Parameter

The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'conversation' parameter in all versions up to, and including, 8.4.9 due to insufficient input sanitization and output escaping. This makes it possible f...

7.2CVSS0.00241EPSS
Exploits0References7
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-12133 JoomSport <= 5.7.8 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Group Deletion via season_groupdel AJAX action

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Group Deletion in versions up to, and including, 5.7.8. This is due to a missing capability check in the joomsportseasongroupdel AJAX handler, which only...

4.3CVSS0.0025EPSS
Exploits0References10
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-13246 GiveWP <= 4.16.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'block_id' Shortcode Attribute

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blockid' and other shortcode attributes of the 'givewpcampaigncomments' shortcode in versions up to, and including, 4.16.0. This is due to insufficient input sanitizati...

6.4CVSS0.00241EPSS
Exploits0References12
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-7840 UltraVNC repeater HTTP server global buffer overflow via long URI (pre-auth RCE)

UltraVNC repeater through 1.8.2.2 contains a global buffer overflow in its embedded HTTP administration server. The functions wisenderr and wireplyhdr in repeater/webgui/webutils.c write the caller-supplied HTTP request URI into a fixed 1000-byte global buffer hdrbuf via unchecked sprintf calls...

9.8CVSS0.01203EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-7839 UltraVNC repeater ships hardcoded default admin password allowing unauthenticated admin access

UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater writes the literal string "adminadmi2" as the admin password via strcpyssavedpassword, 64,...

9.1CVSS0.00326EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-7838 UltraVNC viewer heap buffer overflow via integer overflow in RFB connection-failure reason length

UltraVNC viewer through 1.8.2.2 contains an integer overflow leading to a heap buffer overflow in the RFB protocol failure-response parsing path. In vncviewer/ClientConnection.cpp, the 4-byte network-supplied reasonLen field type CARD32 is passed as reasonLen+1 to CheckBufferSize. Because both...

8.8CVSS0.01152EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-7831 UltraVNC viewer off-by-one stack overflow in ServerInit desktop name parsing

UltraVNC viewer through 1.8.2.2 contains an off-by-one stack buffer overflow in the RFB ServerInit message handler. In vncviewer/ClientConnection.cpp, when the server-supplied nameLength equals exactly 2024 the code declares a 2024-byte stack buffer dn2024 and calls ReadStringdn, 2024. ReadString...

7.6CVSS0.00416EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-7830 UltraVNC MS-Logon II uses 64-bit Diffie-Hellman and seeded libc rand() enabling credential interception

UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme rfbUltraVNCMsLogonIIAuth. In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer DHMAXBITS controls the prime size. A 64-bit DH key can be brok...

7.4CVSS0.00183EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-7829 UltraVNC repeater authenticated out-of-bounds write in rule parser via oversized token

UltraVNC repeater through 1.8.2.2 contains a post-authentication out-of-bounds write in the allow/deny rule parser. In repeater/webgui/settings.c:225-272, after strncpys copies a rule token into temp1rule1 25-byte destination or temp2/temp3 16-byte destination, the code unconditionally writes a N...

7.2CVSS0.00504EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-7828 UltraVNC repeater integer overflow in win_log malloc leading to heap overflow

UltraVNC repeater through 1.8.2.2 contains an integer overflow in the HTTP request logging path. In repeater/webgui/settings.c:336, the winlog function allocates list nodes via mallocsizeofstruct LIST + strlenline, where line is derived from HTTP request URIs. If strlenline is sufficiently large,...

5.3CVSS0.00839EPSS
Exploits0References2
Total number of security vulnerabilities363341