Lucene search
K
CvelistRecent

363520 matches found

Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•32 views

CVE-2026-56027 WordPress Booster for WooCommerce plugin <= 8.0.1 - Arbitrary File Upload vulnerability

Customer Arbitrary File Upload in Booster for WooCommerce = 8.0.1 versions...

9.9CVSS0.00328EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•32 views

CVE-2026-56028 WordPress Easy Elements for Elementor – Addons & Website Templates plugin <= 1.4.9 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in Easy Elements for Elementor Addons & Website Templates = 1.4.9 versions...

9.8CVSS0.0036EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•31 views

CVE-2026-56025 WordPress Paymob for WooCommerce plugin <= 4.1.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Paymob for WooCommerce = 4.1.2 versions...

7.5CVSS0.00238EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•29 views

CVE-2026-56026 WordPress utm.codes plugin <= 1.9.0 - Server Side Request Forgery (SSRF) vulnerability

Subscriber Server Side Request Forgery SSRF in utm.codes = 1.9.0 versions...

6.4CVSS0.0022EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•30 views

CVE-2026-56011 WordPress MapPress Maps for WordPress plugin <= 2.97.3 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in MapPress Maps for WordPress = 2.97.3 versions...

7.1CVSS0.00244EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•30 views

CVE-2026-56010 WordPress Abandoned Cart Pro for WooCommerce plugin <= 10.4.0 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce = 10.4.0 versions...

8.8CVSS0.00378EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•32 views

CVE-2026-56008 WordPress Fusion Builder plugin <= 3.15.4 - Privilege Escalation vulnerability

Contributor Privilege Escalation in Fusion Builder = 3.15.4 versions...

8.8CVSS0.00278EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•30 views

CVE-2026-54847 WordPress Stylish Cost Calculator plugin <= 8.3.9 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Stylish Cost Calculator = 8.3.9 versions...

7.5CVSS0.00278EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•31 views

CVE-2026-54840 WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Newsletters = 4.13 versions...

7.3CVSS0.00213EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•32 views

CVE-2026-54846 WordPress Syncee Premium Dropshipping & Wholesale plugin <= 1.0.27 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Syncee Premium Dropshipping & Wholesale = 1.0.27 versions...

7.5CVSS0.00278EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•30 views

CVE-2026-54839 WordPress Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups plugin <= 2.0.9 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Trinity Backup Backup, Migrate, Restore, Clone & Schedule Backups = 2.0.9 versions...

7.5CVSS0.00278EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•32 views

CVE-2026-54835 WordPress Five Star Restaurant Menu plugin <= 2.5.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Five Star Restaurant Menu = 2.5.2 versions...

7.5CVSS0.00238EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•31 views

CVE-2026-54837 WordPress Intranet & Private Site – All-In-One Intranet plugin <= 1.8.1 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Intranet & Private Site All-In-One Intranet = 1.8.1 versions...

7.5CVSS0.00278EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•32 views

CVE-2026-54834 WordPress Object Cache 4 everyone plugin <= 2.3.2 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone = 2.3.2 versions...

7.5CVSS0.00294EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•32 views

CVE-2026-54833 WordPress Enable CORS plugin <= 2.0.3 - Backdoor vulnerability

Unauthenticated Backdoor in Enable CORS = 2.0.3 versions...

7.4CVSS0.00236EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•30 views

CVE-2026-54832 WordPress Gutenverse Companion plugin <= 2.5.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Gutenverse Companion = 2.5.0 versions...

7.5CVSS0.00238EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•32 views

CVE-2026-54831 WordPress GeoDirectory plugin <= 2.8.162 - SQL Injection vulnerability

Unauthenticated SQL Injection in GeoDirectory = 2.8.162 versions...

9.3CVSS0.00283EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•30 views

CVE-2026-54827 WordPress Real Estate 7 theme <= 3.5.9 - SQL Injection vulnerability

Unauthenticated SQL Injection in Real Estate 7 = 3.5.9 versions...

9.3CVSS0.00283EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•33 views

CVE-2026-54826 WordPress SupportCandy plugin <= 3.4.6 - Insecure Direct Object References (IDOR) vulnerability

Subscriber Insecure Direct Object References IDOR in SupportCandy = 3.4.6 versions...

7.6CVSS0.00288EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•31 views

CVE-2026-54825 WordPress wpDataTables plugin <= 7.4 - SQL Injection vulnerability

Unauthenticated SQL Injection in wpDataTables = 7.4 versions...

9.3CVSS0.00283EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•32 views

CVE-2026-54824 WordPress Ads by WPQuads plugin <= 3.0.3 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Ads by WPQuads = 3.0.3 versions...

7.5CVSS0.00294EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•34 views

CVE-2026-54820 WordPress JetBooking plugin <= 4.0.4.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetBooking = 4.0.4.1 versions...

9.3CVSS0.00283EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•33 views

CVE-2026-52701 WordPress User Registration plugin <= 5.2.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in User Registration = 5.2.2 versions...

6.5CVSS0.00194EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•31 views

CVE-2025-68075 WordPress BNE Testimonials plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting XSS in BNE Testimonials = 2.0.8 versions...

6.5CVSS0.00161EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•35 views

CVE-2026-24547 WordPress SiteGround Email Marketing plugin <= 1.7.5 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in SiteGround Email Marketing = 1.7.5 versions...

5.3CVSS0.00214EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•31 views

CVE-2025-68074 WordPress Image Carousel plugin <= 1.0.0.41 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting XSS in Image Carousel = 1.0.0.41 versions...

6.5CVSS0.00161EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•31 views

CVE-2025-68064 WordPress Goya Core plugin < 1.0.9.4 - Local File Inclusion vulnerability

Contributor Local File Inclusion in Goya Core 1.0.9.4 versions...

7.5CVSS0.0032EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•35 views

CVE-2025-68063 WordPress Splash - Sport Club WordPress theme for Basketball, Football, Hockey theme <= 4.4.3 - Local File Inclusion vulnerability

Contributor Local File Inclusion in Splash - Sport Club WordPress Theme for Basketball, Football, Hockey = 4.4.3 versions...

7.5CVSS0.0032EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•31 views

CVE-2025-68052 WordPress Eagle Booking plugin <= 1.3.4.3 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in Eagle Booking = 1.3.4.3 versions...

8.8CVSS0.00143EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•31 views

CVE-2025-64637 WordPress Auros Core plugin <= 5.3.1 - Content Injection vulnerability

Unauthenticated Content Injection in Auros Core = 5.3.1 versions...

5.3CVSS0.0024EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•34 views

CVE-2025-66123 WordPress BookPro plugin <= 1.1.0 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in BookPro = 1.1.0 versions...

5.3CVSS0.00228EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•30 views

CVE-2025-64636 WordPress Donation Thermometer plugin <= 2.2.7 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Donation Thermometer = 2.2.7 versions...

5.3CVSS0.00214EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•31 views

CVE-2025-63079 WordPress Live Copy Paste for Elementor plugin <= 1.5.3 - Broken Access Control vulnerability

Contributor Broken Access Control in Live Copy Paste for Elementor = 1.5.3 versions...

4.3CVSS0.00197EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•32 views

CVE-2025-63078 WordPress Restaurant Menu by MotoPress plugin <= 2.4.11 - Broken Access Control vulnerability

Subscriber Broken Access Control in Restaurant Menu by MotoPress = 2.4.11 versions...

4.3CVSS0.00243EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:52 p.m.•37 views

CVE-2025-63041 WordPress Forget About Shortcode Buttons plugin <= 2.1.3 - Broken Access Control vulnerability

Contributor Broken Access Control in Forget About Shortcode Buttons = 2.1.3 versions...

5.4CVSS0.00209EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:50 p.m.•33 views

CVE-2026-45257 Arbitrary file overwrite via the KTLS receive path

The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile2, which can reference file-backed memory directly through non-anonymous MEXTPG pages or...

0.00154EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:44 p.m.•31 views

CVE-2026-4339 SSRF via unvalidated attachment URLs in Mattermost Agents plugin MCP server

Mattermost versions 10.11.x = 10.11.18, 11.6.x = 11.6.3, 11.5.x = 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in stdio mode to perform server-side request forgery SS...

6.5CVSS0.00104EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:43 p.m.•31 views

CVE-2026-9699 Mattermost Agents plugin logs unsanitized OpenAI API keys on authentication errors

Mattermost Plugins versions =11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries...

6.8CVSS0.00325EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:43 p.m.•30 views

CVE-2026-57527 ZAP ViewState Add-on Insecure Deserialization via JSFViewState.decode()

Zed Attack Proxy ZAP ViewState add-on before version 4 contains an insecure deserialization vulnerability that allows attackers who control a proxied web server to achieve arbitrary code execution by embedding a malicious serialized Java object in the javax.faces.ViewState HTTP response parameter...

8.8CVSS0.00463EPSS
Exploits0References5
Cvelist
Cvelist
•added 2026/06/26 2:43 p.m.•32 views

CVE-2026-45256 Missing permission check in thr_kill2(2)

When used to deliver a signal to a specific thread, thrkill22 called pcansignal to determine whether the operation was permitted but did not check the result before delivering the signal. The signal was sent even when the permission check failed. The system call returned the resulting error to th...

0.00092EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:42 p.m.•30 views

CVE-2026-3472 Markdown image rendering bypass in AI bot tool result posts in Mattermost

Mattermost versions 10.11.x = 10.11.18, 11.6.x = 11.6.3, 11.5.x = 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into to...

3.5CVSS0.00194EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 2:38 p.m.•33 views

CVE-2026-56773 Teable - Missing Authorization in v2 REST API

Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and modify or delete records across bases and tables via endpoints like GET /api/v2/tables/get and POST...

8.8CVSS0.00371EPSS
Exploits0References3
Cvelist
Cvelist
•added 2026/06/26 1:47 p.m.•37 views

CVE-2026-13426 Client4 fails to validate path parameters

The Mattermost Go module github.com/mattermost/mattermost/server/public versions v0.1.22 fail to validate path parameters when constructing API route paths which allows an attacker to redirect API calls to unintended endpoints via crafted IDs containing path traversal components. Mattermost...

5.4CVSS0.00197EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 1:8 p.m.•35 views

CVE-2026-57940

HTMLy 3.1.1 contains a Server-Side Request Forgery SSRF vulnerability in the RSS feed import functionality. The function getfeed in system/admin/admin.php passes user-supplied $feedurl directly to filegetcontents without any validation. An authenticated attacker with administrative privileges can...

2.1CVSS0.00229EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 1:1 p.m.•36 views

CVE-2026-53914

In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata...

6.7CVSS0.00196EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 12:38 p.m.•35 views

CVE-2026-57926

In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack...

2.6CVSS0.00178EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 12:38 p.m.•37 views

CVE-2026-57925

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags...

4.3CVSS0.00167EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 12:38 p.m.•36 views

CVE-2026-57924

In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details...

4.3CVSS0.00167EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 12:38 p.m.•35 views

CVE-2026-57923

In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings...

5.3CVSS0.00159EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/26 12:38 p.m.•35 views

CVE-2026-57922

In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible...

3.1CVSS0.00143EPSS
Exploits0References1
Total number of security vulnerabilities363520