Lucene search
K
CvelistRecent

363608 matches found

Cvelist
Cvelist
•added 2026/06/25 1:53 p.m.•29 views

CVE-2026-13314 Stored XSS in pretix-digital

Malicious HTML content could be injected into the content rendered by the pretix-digital plugin...

2CVSS0.0033EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:49 p.m.•29 views

CVE-2026-6432 Improper bounds validation in EmberZNet SDK

Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dynamic memory leakage...

5.3CVSS0.00308EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/25 1:48 p.m.•36 views

CVE-2026-46735

Dell Display and Peripheral Manager DDPM Mac, versions prior to 2.3, contain an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command...

7.8CVSS0.00693EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:47 p.m.•30 views

CVE-2026-57587 SQL Injection in Nessus via Reverse DNS Lookup

A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...

6.3CVSS0.00339EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:47 p.m.•33 views

CVE-2026-57588 SQL Injection in Nessus via Malicious Scan Result File Import

A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...

4.6CVSS0.00158EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:43 p.m.•31 views

CVE-2026-46734

Dell Display and Peripheral Manager DDPM Mac, versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass...

7.3CVSS0.00064EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:43 p.m.•31 views

CVE-2026-47154 Simple Metering GetProfileResponse interval-bounds bug in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observe...

7.1CVSS0.00249EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/25 1:42 p.m.•33 views

CVE-2026-47153 Level Control Step With On/Off divide-by-zero in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted...

7.1CVSS0.00249EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/25 1:41 p.m.•33 views

CVE-2026-47152 Level Control Move divide-by-zero in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted...

7.1CVSS0.00249EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/25 1:40 p.m.•30 views

CVE-2026-47151 Door Lock ClearWeekdaySchedule invalid table index and write in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. The size and location of this data is limited. These messages must come from a device that has already joined the network. Only devices supporting the Door Lock...

7.1CVSS0.00217EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/25 1:39 p.m.•30 views

CVE-2026-47150 IAS Zone enroll invalid table index and write in EmberZNet 9.0.2

In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited. These messages must come from a device that has already joined the network. Only devices supporting the...

7.1CVSS0.00217EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/25 1:38 p.m.•31 views

CVE-2026-47149 Door Lock GetUserType invalid table index in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devic...

7.1CVSS0.00249EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/25 1:37 p.m.•32 views

CVE-2026-47148 Groups GetGroupMembership count/list-length mismatch in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...

7.1CVSS0.00249EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/25 1:36 p.m.•34 views

CVE-2026-46732

Dell Display and Peripheral Manager DDPM Mac, versions prior to 2.3, contain a Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of...

6.7CVSS0.00075EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:36 p.m.•31 views

CVE-2026-47147 OTA server raw parser missing per-field bounds validation in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is read back to the requester. The size and location of this data is limited. These requests must come from a device that has already joined the...

7.1CVSS0.00231EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/25 1:35 p.m.•32 views

CVE-2026-47146 Color Control color-temperature assertion abort in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted...

7.1CVSS0.00249EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/25 1:34 p.m.•29 views

CVE-2026-47145 Color Control hue/saturation assertion abort in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted...

7.1CVSS0.00249EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/25 1:34 p.m.•36 views

CVE-2026-56050 WordPress PPOM for WooCommerce plugin <= 33.0.18 - Broken Access Control vulnerability

Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a through 33.0.18...

6.5CVSS0.00196EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:34 p.m.•35 views

CVE-2026-56122 Winstone Servlet Engine 0.9.10 Path Traversal via HTTP Request Paths

Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traver...

8.7CVSS0.00377EPSS
Exploits0References3
Cvelist
Cvelist
•added 2026/06/25 1:32 p.m.•31 views

CVE-2026-4526 Global ZCL command parser missing minimum-length validation in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...

7.1CVSS0.00249EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/25 1:28 p.m.•34 views

CVE-2026-41120

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution...

9.8CVSS0.00255EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:27 p.m.•32 views

CVE-2026-2815 Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys

Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys...

8.4CVSS0.00159EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/25 1:26 p.m.•32 views

CVE-2026-54848 WordPress APIExperts Square for WooCommerce plugin <= 4.7.3 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3...

8.3CVSS0.00182EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:25 p.m.•31 views

CVE-2026-54829 WordPress WP Photo Album Plus plugin <= 9.1.13.005 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. This issue affects WP Photo Album Plus: from n/a through 9.1.13.005...

7.5CVSS0.00195EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:23 p.m.•34 views

CVE-2026-49506

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution...

7.2CVSS0.00548EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:17 p.m.•30 views

CVE-2026-46733

Dell Display and Peripheral Manager DDPM Windows, versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution...

7.8CVSS0.00101EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:17 p.m.•31 views

CVE-2026-54836 WordPress Filter & Grids plugin <= 3.11.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YMC Filter allows SQL Injection. This issue affects YMC Filter: from n/a through 3.11.5...

9.3CVSS0.00229EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:16 p.m.•29 views

CVE-2026-42389 Reject more queries with invalid header values

This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers...

5.3CVSS0.00175EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:16 p.m.•43 views

CVE-2026-54842 WordPress Royal MCP plugin <= 1.4.25 - Broken Access Control vulnerability

Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25...

8.1CVSS0.00195EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:12 p.m.•27 views

CVE-2026-12755

Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2...

0.00216EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:12 p.m.•29 views

CVE-2026-57429 WordPress Slim SEO plugin <= 4.6.2 - Broken Access Control vulnerability

Contributor Broken Access Control in Slim SEO = 4.6.2 versions...

6.5CVSS0.00248EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:12 p.m.•31 views

CVE-2026-56071 WordPress Forminator plugin <= 1.53.1 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Forminator = 1.53.1 versions...

7.1CVSS0.0018EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:12 p.m.•32 views

CVE-2026-56054 WordPress JS Help Desk plugin <= 3.1.1 - Arbitrary File Deletion vulnerability

Subscriber Arbitrary File Deletion in JS Help Desk = 3.1.1 versions...

7.7CVSS0.0045EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:12 p.m.•31 views

CVE-2026-56053 WordPress EventPrime plugin <= 4.3.4.1 - PHP Object Injection vulnerability

Subscriber PHP Object Injection in EventPrime = 4.3.4.1 versions...

8.8CVSS0.00391EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:12 p.m.•30 views

CVE-2026-56051 WordPress TablePress plugin <= 3.3.1 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in TablePress = 3.3.1 versions...

7.1CVSS0.0018EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:12 p.m.•31 views

CVE-2026-56049 WordPress Post Snippets plugin <= 4.0.19 - Remote Code Execution (RCE) vulnerability

Contributor Remote Code Execution RCE in Post Snippets = 4.0.19 versions...

8.5CVSS0.00351EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:12 p.m.•28 views

CVE-2026-56042 WordPress Advanced Order Export For WooCommerce plugin <= 4.0.9 - Cross Site Scripting (XSS) vulnerability

Customer Cross Site Scripting XSS in Advanced Order Export For WooCommerce = 4.0.9 versions...

7.1CVSS0.0018EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:12 p.m.•27 views

CVE-2026-56023 WordPress UPI QR Code Payment Gateway for WooCommerce plugin <= 1.6.2 - Broken Access Control vulnerability

Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce = 1.6.2 versions...

5.4CVSS0.00203EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:12 p.m.•28 views

CVE-2026-56014 WordPress Master Slider plugin <= 3.11.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Master Slider = 3.11.2 versions...

7.1CVSS0.00175EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:12 p.m.•27 views

CVE-2026-56006 WordPress H5P plugin <= 1.17.6 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in H5P = 1.17.6 versions...

7.1CVSS0.00175EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:12 p.m.•27 views

CVE-2026-56013 WordPress License Manager for WooCommerce plugin <= 3.0.15 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in License Manager for WooCommerce = 3.0.15 versions...

6.5CVSS0.00235EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:12 p.m.•28 views

CVE-2026-56005 WordPress WP Activity Log plugin <= 5.6.3.1 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in WP Activity Log = 5.6.3.1 versions...

7.1CVSS0.0023EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:12 p.m.•30 views

CVE-2026-54849 WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.11 - SQL Injection vulnerability

Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce = 1.1.11 versions...

9.3CVSS0.00229EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:12 p.m.•29 views

CVE-2026-54845 WordPress MDTF plugin <= 1.3.8 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in MDTF = 1.3.8 versions...

8.1CVSS0.00274EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:12 p.m.•28 views

CVE-2026-54844 WordPress CheckView Automated Testing plugin <= 2.1.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in CheckView Automated Testing = 2.1.0 versions...

7.5CVSS0.00238EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:12 p.m.•28 views

CVE-2026-54843 WordPress MDTF plugin <= 1.3.7 - SQL Injection vulnerability

Unauthenticated SQL Injection in MDTF = 1.3.7 versions...

9.3CVSS0.00229EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:12 p.m.•28 views

CVE-2026-54841 WordPress Vitepos plugin <= 3.4.2 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Vitepos = 3.4.2 versions...

7.5CVSS0.00294EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:12 p.m.•28 views

CVE-2026-54838 WordPress WC Vendors Marketplace plugin <= 2.6.8 - SQL Injection vulnerability

Subscriber SQL Injection in WC Vendors Marketplace = 2.6.8 versions...

8.5CVSS0.0027EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:12 p.m.•29 views

CVE-2026-54830 WordPress Five Star Restaurant Reservations plugin <= 2.7.19 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Five Star Restaurant Reservations = 2.7.19 versions...

7.5CVSS0.00238EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/25 1:12 p.m.•27 views

CVE-2026-54828 WordPress Motors plugin <= 1.4.109 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Motors = 1.4.109 versions...

7.5CVSS0.00238EPSS
Exploits0References1
Total number of security vulnerabilities363608