Lucene search
K
CvelistRecent

363469 matches found

Cvelist
Cvelist
added 2026/06/28 12:45 p.m.30 views

CVE-2026-13497 itsourcecode Hospital Management System appointment.php sql injection

A vulnerability was determined in itsourcecode Hospital Management System 1.0. The impacted element is an unknown function of the file /appointment.php. This manipulation of the argument editid causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and...

6.5CVSS0.00204EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/28 12:30 p.m.31 views

CVE-2026-13496 itsourcecode Hospital Management System ajaxmedicine.php sql injection

A vulnerability was found in itsourcecode Hospital Management System 1.0. The affected element is an unknown function of the file /ajaxmedicine.php. The manipulation of the argument medicineid results in sql injection. It is possible to launch the attack remotely. The exploit has been made public...

6.5CVSS0.00204EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/28 12:15 p.m.31 views

CVE-2026-13495 itsourcecode Hospital Management System adminprofile.php sql injection

A vulnerability has been found in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /adminprofile.php. The manipulation of the argument loginid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the publ...

5.8CVSS0.00214EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/28 12:0 p.m.32 views

CVE-2026-13493 AIDC-AI ComfyUI-Copilot Workflow Checkpoint Restore conversation_api.py resource injection

A flaw has been found in AIDC-AI ComfyUI-Copilot up to 2.0.28. This issue affects some unknown processing of the file backend/controller/conversationapi.py of the component Workflow Checkpoint Restore Handler. Executing a manipulation can lead to improper control of resource identifiers. The atta...

3.1CVSS0.00232EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/28 11:15 a.m.29 views

CVE-2026-13491 78 xiaozhi-esp32 MQTT Goodbye mqtt_protocol.cc GetInstance denial of service

A vulnerability was detected in 78 xiaozhi-esp32 up to 2.2.6. This vulnerability affects the function Application::GetInstance of the file main/protocols/mqttprotocol.cc of the component MQTT Goodbye Handler. Performing a manipulation of the argument sessionid results in denial of service. The...

6.3CVSS0.00411EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/28 11:0 a.m.34 views

CVE-2026-13490 glpi-project glpi Document document.send.php canViewFile authorization

A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects the function Document::canViewFile of the file front/document.send.php of the component Document Handler. Such manipulation of the argument docid leads to authorization bypass. The attack can be...

6.3CVSS0.00309EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/28 10:45 a.m.31 views

CVE-2026-13489 78 xiaozhi-esp32 MCP Response mcp_server.cc ParseMessage improper synchronization

A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the function ParseMessage of the file main/mcpserver.cc of the component MCP Response Handler. This manipulation causes improper synchronization. Remote exploitation of the attack is possible. The attack's...

3.1CVSS0.00228EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/28 10:30 a.m.33 views

CVE-2026-13488 SourceCodester Class and Exam Timetabling System preview7.php sql injection

A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0/7.php. Affected by this vulnerability is an unknown functionality of the file /preview7.php. The manipulation of the argument courseyearsection results in sql injection. The attack may be launched remotely...

7.5CVSS0.00269EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/28 10:15 a.m.35 views

CVE-2026-13487 SourceCodester Class and Exam Timetabling System archive.php sql injection

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /archive.php. The manipulation of the argument sy leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

7.5CVSS0.00269EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/28 9:45 a.m.34 views

CVE-2026-13486 SourceCodester Class and Exam Timetabling System preview6.php sql injection

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/6.php. This impacts an unknown function of the file /preview6.php. Executing a manipulation of the argument courseyearsection can lead to sql injection. The attack can be launched remotely. The exploit has been...

7.5CVSS0.00412EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/28 9:15 a.m.34 views

CVE-2026-13485 SourceCodester Class and Exam Timetabling System preview.php sql injection

A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /preview.php. Performing a manipulation of the argument courseyearsection results in sql injection. The attack can be initiated remotely. The exploit has been made publi...

7.5CVSS0.00412EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/28 8:30 a.m.37 views

CVE-2026-13484 MLflow Experiment-scoped Label Schema CRUD API authorization

A vulnerability has been found in MLflow up to 4666cffc7912ea606d592fc38d6a75e2935f65e7. The impacted element is an unknown function of the component Experiment-scoped Label Schema CRUD API. Such manipulation leads to missing authorization. It is possible to launch the attack remotely. A high...

5CVSS0.00263EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/06/28 5:45 a.m.32 views

CVE-2026-13483 arc53 DocsGPT Credential Storage encryption.py encrypt_credentials data authenticity

A flaw has been found in arc53 DocsGPT up to 0.18.0. The affected element is the function encryptcredentials of the file application/security/encryption.py of the component Credential Storage. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the...

3.1CVSS0.00095EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/28 4:30 a.m.33 views

CVE-2026-13482 skypilot-org skypilot User ID server.py username.encode weak hash

A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler. The manipulation results in use of weak hash. The attack may be performed from remote. This attack is characterized by hig...

6.3CVSS0.00189EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/28 4:28 a.m.35 views

CVE-2026-10593 Remotely triggerable NULL-pointer dereference in Bluetooth LE Audio BAP unicast client QoS-state handling

The Zephyr Bluetooth LE Audio Basic Audio Profile BAP unicast client mishandles peer-supplied ASE state notifications. In unicastclientepqosstate subsys/bluetooth/audio/bapunicastclient.c, the handler writes attacker-controlled QoS fields interval, framing, phy, sdu, rtn, latency, pd through the...

6.5CVSS0.00175EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/28 4:4 a.m.32 views

CVE-2026-10646 Use-after-return in `zsock_getaddrinfo()` when a timed-out DNS query is retried without cancellation

Zephyr's BSD-sockets getaddrinfo implementation subsys/net/lib/sockets/getaddrinfo.c passes a pointer to a stack-allocated state object struct getaddrinfostate aistate as the userdata of an asynchronous DNS resolver query. The socket layer waits on a semaphore with a timeout deliberately set...

7.4CVSS0.00255EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/28 4:2 a.m.35 views

CVE-2026-10644 Out-of-bounds write in Microchip SERCOM-G1 (PIC32CM-JH) async UART RX with 1-byte buffer

The Microchip SERCOM-G1 UART driver drivers/serial/uartmchpsercomg1.c, used by the PIC32CM-JH SoC family, contains an out-of-bounds write in its asynchronous DMA receive path. When uartrxenable is invoked with a one-byte receive buffer len == 1 and CONFIGUARTMCHPASYNC is enabled, the RX-complete...

4.2CVSS0.00143EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.36 views

CVE-2026-58058 Nmap - Integer Underflow in IPv6 Extension Header Parsing

Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6getdataprimitive libnetutil/netutil.cc, so the pointer advances past the buffer and the remaining-length computation underflows to a large value. A scanned target or on-path attacker returning a craft...

6.9CVSS0.00278EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.44 views

CVE-2026-58057 Flowise - Custom MCP Environment Variable Denylist Bypass via Case Sensitivity

Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a case-sensitive comparison, so on Windows, where environment names are case-insensitive, supplying 'nodeoptions' bypasses the NODEOPTIONS denylist entry. An authenticated user who can configure a Custo...

5CVSS0.0024EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.31 views

CVE-2026-58056 RustDesk - FileTransfer Session Authorization Scope Bypass

RustDesk gates incoming control messages on per-capability flags rather than on the session's authorized connection type, and a file-transfer session does not clear those flags. A peer holding only a valid FileTransfer authorization can inject keyboard and mouse input and reach the unguarded...

7.6CVSS0.00191EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.34 views

CVE-2026-58055 nghttp2 nghttpx - HTTP Request/Response Smuggling via Upgrade Request with Content-Length

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

6.3CVSS0.00202EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.34 views

CVE-2026-58054 MyBB - Privilege Escalation from Limited ACP User Management to Administrator

MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when creating or editing users; the user module offers the Administrators group gid 4 and its datahandler's verifyusergroup unconditionally returns true. An admin holding only the delegated user-management...

8.6CVSS0.00272EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.35 views

CVE-2026-58053 Gitea act_runner - Container Hardening Bypass via Workflow Container Options

Gitea actrunner with the Docker backend through act 0.262.0 passes a workflow's container.options string to the Docker job container's HostConfig and, when configured with privileged: false, forces only the Privileged flag off while merging options such as --pid=host, --cap-add, and --security-op...

9.9CVSS0.00265EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.32 views

CVE-2026-58051 libssh2 - Free of Uninitialized Pointer in publickey List Cleanup

libssh2 through 1.11.1 grows its publickey list with SSH2REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2publickeylistfree operating on an uninitialized entry. A malicious SSH server offering the publickey...

8.3CVSS0.0028EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.36 views

CVE-2026-58052 7-Zip - Mark-of-the-Web Bypass via RAR5 Alternate Data Stream Name Collision

7-Zip for Windows through 26.02 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an archive-supplied Zone.Identifier stream matches the exact name 'Zone.Identifier' while a RAR5 STM record named ':Zone.Identifier:$DATA' is not matched...

4.8CVSS0.00119EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.32 views

CVE-2026-58050 libssh2 - Integer Overflow in publickey Subsystem Attribute Allocation

libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation numattrs sizeoflibssh2publickeyattribute without bounds checking, so on 32-bit platforms the multiplication overflows to an undersized buffer. A malicious S...

8.3CVSS0.00333EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.32 views

CVE-2026-58049 FFmpeg - Out-of-Bounds Write in RASC Decoder decode_dlta()

FFmpeg's RASC video decoder decodedlta in libavcodec/rasc.c performs 32-bit reads and writes at the row cursor before the NEXTLINE row-boundary check and validates the DLTA region in pixel rather than byte units, so a DLTA run on a PAL8 frame can access several bytes past the row allocation. A...

8.8CVSS0.00217EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/27 11:28 p.m.27 views

CVE-2026-8095 Frontend File Manager Plugin <= 23.6 - Authenticated (Subscriber+) Arbitrary File Deletion

The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File Deletion in versions up to and including 23.6. This is due to a case-sensitive bypass of the wpfmdirpath parameter sanitization in the wpfmfilemetaupdate AJAX handler, where supplying WPFMDIRPATH i...

8.1CVSS0.00417EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/27 10:59 p.m.26 views

CVE-2026-10643 Out-of-bounds heap write in Zephyr `recvmsg()` ancillary-data path (`insert_pktinfo` undersizes the control-buffer capacity check)

Zephyr's IP socket recvmsg implementation subsys/net/lib/sockets/socketsinet.c, insertpktinfo validated the user-supplied ancillary msgcontrol buffer using only the payload length msg-msgcontrollen pktinfolen before writing a full control message consisting of an aligned cmsg header plus the...

8.7CVSS0.00117EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/27 9:25 a.m.36 views

CVE-2026-49416 Integer overflow in vt(4) CONS_HISTORY ioctl

The CONSHISTORY ioctl handler did not adequately validate the requested history size. A large value caused an integer overflow in the buffer size calculation, resulting in a heap allocation smaller than expected. Subsequent initialization of the buffer wrote beyond the end of the allocation. An...

0.00107EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/27 9:22 a.m.35 views

CVE-2026-49414 ASLR bypass for setuid executables via procctl(2)

The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code that computes the PIE base address, rather than before. As a result, a user-requested ASLR disable was still in effect at the point where the base address was chosen. An unprivileged local user ca...

0.00106EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/27 9:8 a.m.34 views

CVE-2026-49413 Flaw in Linuxulator execution of setugid binaries

The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the PSUGID process flag. During execve2, this flag is not yet set at the point where the auxiliary vector is constructed, so ATSECURE was incorrectly set to zero for set-user-ID and set-group-ID executables. A...

0.00098EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/27 9:2 a.m.42 views

CVE-2026-49412 Use-after-free bug in the IPV6_MSFILTER socket option handler

The kernel handler for IPV6MSFILTER dropped a serializing lock in order to copy the source-filter list from userspace, then reacquired the lock. During this window another thread could free the multicast filter structure, leaving the handler with a stale pointer to freed memory. An unprivileged...

0.00104EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/27 8:59 a.m.39 views

CVE-2026-45259 sigqueue(2) missing capability mode restriction

sigqueue2 was marked as permitted in capability mode with the introduction of Capsicum in 2011, but the implementation of kernsigqueue did not include a capability mode check restricting signal delivery to the calling process's own PID. A process in capability mode can use sigqueue2 to send signa...

0.00092EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/27 8:50 a.m.32 views

CVE-2026-45258 Multiple vulnerabilities in the sound(4) mmap path

dspmmapsingle validated the requested mapping by checking the sum of the user-supplied offset and length against the buffer size. This addition could overflow, so that a large offset and length wrapped around and passed the check. The offset was then narrowed from 64 to 32 bits when converted to ...

0.00149EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/27 8:48 a.m.37 views

CVE-2026-49417 Multiple vulnerabilities in the sound(4) mmap path

Second, the audio buffer backing a mapping could be freed when the device was closed even though the mapping remained valid. The freed memory could then be reused elsewhere while still accessible through the stale mapping. The /dev/dsp device nodes are world-accessible by default. On a system wit...

0.00125EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/27 6:50 a.m.35 views

CVE-2026-12432 Stripe Payment Forms by WP Full Pay <= 8.4.3 - Missing Authorization to Unauthenticated Payment Record Manipulation via 'paymentIntentId' Parameter

The WP Full Stripe Free plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 8.4.3 via the wpfsupdatefailedpaymentstatus AJAX action. The handler is registered through both wpajax and wpajaxnopriv hooks and the underlying updatefailedpaymentstatus function...

5.3CVSS0.00323EPSS
Exploits2References10
Cvelist
Cvelist
added 2026/06/27 6:50 a.m.32 views

CVE-2026-12399 Gutenverse <= 3.8.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'fonts[].font.font.value' Parameter

The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS0.00246EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/06/27 6:50 a.m.39 views

CVE-2026-3462 Frisbii Pay <= 1.8.9 - Missing Authorization to Authenticated (Subscriber+) Payment Token Modification

The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'uploadcsv' and 'processbatch' functions in all versions up to, and including, 1.8.9. This makes it possible for authenticated attackers, with Subscriber-level access an...

6.5CVSS0.00276EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/27 6:50 a.m.36 views

CVE-2026-13295 Page Builder by SiteOrigin <= 2.34.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via panels_data Parameter

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via panelsdata Parameter in all versions up to, and including, 2.34.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00241EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/06/27 6:50 a.m.35 views

CVE-2026-11597 Surbma | Infusionsoft Shortcode <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Surbma | Infusionsoft Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'infusionsoft-form' shortcode in versions up to, and including, 2.0.1. This is due to insufficient input sanitization and output escaping on user-supplied 'account' and 'id' shortcode...

6.4CVSS0.00193EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/27 6:50 a.m.35 views

CVE-2026-12471 Spexo <= 2.0.11 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation

The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the activateplugin function in all versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate a limited set o...

4.3CVSS0.00196EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/27 6:50 a.m.35 views

CVE-2026-11773 Masteriyo LMS <= 2.2.1 - Missing Authorization to Authenticated (Student+) Arbitrary Course Announcement Modification

The Masteriyo LMS – LMS Course Builder, Quizzes & Certificates plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.0015EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/27 6:50 a.m.32 views

CVE-2026-9233 Quiz and Survey Master (QSM) <= 11.1.4 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via qsm_insert_quiz_template AJAX Action

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 11.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00272EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/06/27 6:50 a.m.39 views

CVE-2026-9242 RegistrationMagic <= 6.0.8.6 - Authenticated (Subscriber+) Authentication Bypass via Forged PayPal IPN Request

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Verification of Data Authenticity in all versions up to and including 6.0.8.6. This is due to the PayPal IPN callback handler...

5.3CVSS0.00232EPSS
Exploits0References14
Cvelist
Cvelist
added 2026/06/27 6:50 a.m.33 views

CVE-2026-11783 Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Custom+) Stored Cross-Site Scripting via Product SKU

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Product SKU in all versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping. This mak...

6.4CVSS0.0022EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/27 6:50 a.m.30 views

CVE-2026-11364 Product Specifications for Woocommerce <= 0.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attribute/Group Creation, Modification, and Deletion via 'dwps_modify_groups' and 'dwps_modify_attributes' AJAX Actions

The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versions up to and including 0.8.9. This is due to a missing capability check and missing nonce verification in the invoke methods of the...

4.3CVSS0.00213EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/27 6:50 a.m.38 views

CVE-2026-11987 Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Information Disclosure via 'id' Parameter

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.4 via the 'id' parameter due to missing validation on a user controlled key. This...

4.3CVSS0.00271EPSS
Exploits0References14
Cvelist
Cvelist
added 2026/06/27 6:0 a.m.40 views

CVE-2026-9677 Shariff for WordPress <= 1.0.11 - Admin+ Stored Cross-Site Scripting

The Shariff for WordPress Shariff for WordPress plugin through 1.0.11 does not sanitize or escape the shariffinfourl setting before outputting it in the frontend HTML via the generateshariff function, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...

0.00142EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/27 6:0 a.m.39 views

CVE-2026-10820 ProfilePress < 4.16.17 - Subscriber+ Subscription Cancellation via IDOR

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.16.17 does not verify that the user performing a subscription action owns the targeted subscription, allowing any authenticated user Subscriber+ to cancel other...

0.00222EPSS
Exploits0References1
Total number of security vulnerabilities363469