Lucene search
K

418139 matches found

EUVD
EUVD
added 2026/06/17 6:35 p.m.13 views

EUVD-2026-37558

The LearnPress WordPress plugin before 4.3.7 does not gate the edit context on one of its REST endpoint behind the editusers capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted...

5.3CVSS5.3AI score0.00424EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.12 views

EUVD-2026-37647

Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...

7.5CVSS5.2AI score0.00467EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2025-210258

Unauthenticated PHP Object Injection in Plumbing = 1.6 versions...

9.8CVSS5.3AI score0.00386EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2026-37640

Subscriber Broken Authentication in Melhor Envio = 2.16.3 versions...

7.6CVSS5.2AI score0.00282EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.5 views

EUVD-2026-37636

Unauthenticated Cross Site Scripting XSS in JetFormBuilder = 3.6.0.1 versions...

7.1CVSS5.2AI score0.00146EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.12 views

EUVD-2026-37643

Unauthenticated Privilege Escalation in Registration Form for WooCommerce = 1.0.9 versions...

9.8CVSS5.2AI score0.0045EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2026-37629

Unauthenticated Insecure Direct Object References IDOR in Clean Login = 1.15 versions...

8.2CVSS5.3AI score0.00261EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37644

Unauthenticated SQL Injection in WP eMember v10.9.4 versions...

9.3CVSS5.8AI score0.00291EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.15 views

EUVD-2026-37642

Unauthenticated PHP Object Injection in WP Activity Log = 5.6.3.1 versions...

9.8CVSS5.4AI score0.00588EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.7 views

EUVD-2026-37634

Unauthenticated Cross Site Scripting XSS in JetEngine = 3.8.10 versions...

7.1CVSS5.2AI score0.00146EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2026-37637

Subscriber Privilege Escalation in JetFormBuilder = 3.6.1 versions...

6.8CVSS5.2AI score0.00211EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2026-37557

The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin before 2.1.3 does not properly escape a user-supplied parameter before reflecting it into an HTML attribute on a non-nonce-protected AJAX response, allowing unauthenticated...

7.1CVSS5.3AI score0.00215EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2026-37631

Unauthenticated SQL Injection in JobSearch = 3.2.9 versions...

9.3CVSS5.8AI score0.00297EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2026-37627

Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms = 1.4.5 versions...

9CVSS5.2AI score0.00294EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37625

Unauthenticated Sensitive Data Exposure in JetBlog = 2.4.8 versions...

7.5CVSS5.2AI score0.00238EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37641

Subscriber Privilege Escalation in Falang multilanguage = 1.4.2 versions...

8.8CVSS5.2AI score0.00389EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37553

RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who logs in to the web console as an administrator...

8.6CVSS7.6AI score0.01786EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 6:35 p.m.7 views

EUVD-2026-37556

The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displaying image load error messages, allowing authenticated attackers with Author-level access or above to perform Stored Cross-Site Scripting attacks...

5.9CVSS5.3AI score0.0014EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2026-37632

Unauthenticated SQL Injection in JetEngine = 3.8.10.1 versions...

9.3CVSS5.8AI score0.00291EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2026-37626

Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget = 4.2.3 versions...

7.4CVSS5.2AI score0.00214EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37521

sppppapinput in sys/net/ifspppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths...

5.8CVSS5.3AI score0.00211EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37639

Subscriber Privilege Escalation in SMS Alert Order Notifications = 3.9.4 versions...

9.8CVSS5.2AI score0.0045EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.7 views

EUVD-2026-37509

Contributor PHP Object Injection in Fusion Builder = 3.15.4 versions...

9.8CVSS5.4AI score0.00386EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2026-37630

Subscriber SQL Injection in Cornerstone 7.8.8 versions...

8.5CVSS5.8AI score0.00342EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2026-37638

Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...

7.5CVSS5.2AI score0.00381EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37635

Unauthenticated Cross Site Scripting XSS in Popup box = 6.2.9 versions...

7.1CVSS5.2AI score0.00192EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.12 views

EUVD-2026-37628

Unauthenticated PHP Object Injection in JetEngine = 3.8.10 versions...

9.8CVSS5.4AI score0.00466EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37633

Unauthenticated Cross Site Scripting XSS in JetEngine = 3.8.10 versions...

7.1CVSS5.2AI score0.00146EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.7 views

EUVD-2026-37613

Unauthenticated Privilege Escalation in LoginPress Pro = 6.2.2 versions...

9.8CVSS5.2AI score0.00321EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37615

Unauthenticated Broken Access Control in WooCommerce Anti-Fraud = 7.2.6 versions...

6.5CVSS5.2AI score0.00309EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37620

Unauthenticated Broken Access Control in User Registration Stripe = 1.3.12 versions...

8.2CVSS5.2AI score0.00291EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2026-37617

Contributor PHP Object Injection in JetEngine = 3.8.9.1 versions...

9.8CVSS5.3AI score0.00375EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37621

Unauthenticated SQL Injection in JetEngine 3.8.9.1 versions...

9.3CVSS5.8AI score0.00283EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.7 views

EUVD-2026-37616

Unauthenticated Cross Site Scripting XSS in JetEngine = 3.8.9.1 versions...

7.1CVSS5.2AI score0.00175EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2026-37494

Unauthenticated Cross Site Scripting XSS in Enfold = 7.1.4 versions...

7.1CVSS5.2AI score0.00186EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37614

Unauthenticated Broken Authentication in WooCommerce Dropshipping = 5.2.4 versions...

6.5CVSS5.2AI score0.00305EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37497

Subscriber Arbitrary Code Execution in Cornerstone 7.8.8 versions...

8.5CVSS5.3AI score0.00371EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37619

Unauthenticated SQL Injection in JetSearch = 3.5.17 versions...

9.3CVSS5.7AI score0.00346EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2026-37501

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wpWax Directorist Booking allows Blind SQL Injection. This issue affects Directorist Booking: from n/a through 3.0.3...

8.5CVSS5.6AI score0.00205EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37611

Unauthenticated SQL Injection in JetSmartFilters = 3.8.1 versions...

9.3CVSS5.7AI score0.00372EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2026-37622

Unauthenticated PHP Object Injection in Thrive Apprentice 10.8.10.2 versions...

9.8CVSS5.4AI score0.00375EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2026-37610

Subscriber Broken Access Control in WPBakery Page Builder = 8.7.2 versions...

6.5CVSS5.1AI score0.00304EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37496

Unauthenticated SQL Injection in wpDataTables = 7.3.6 versions...

9.3CVSS5.8AI score0.00312EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.13 views

EUVD-2026-37520

A path traversal in the SFTP provider SFTPHook.retrievedirectory / SFTPOperatoroperation=get let a malicious or compromised remote SFTP server write files outside the configured local destination directory via crafted directory-entry names. No Airflow account is required — the attack surface is a...

9.1CVSS5.4AI score0.00626EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37513

Rocket.Chat in versions 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, 7.13.9, and 7.10.13 is vulnerable to unauthenticated file deletion. The deleteFileMessage Meteor method permanently deletes any uploaded file by ID without requiring authentication. When called via an unauthenticated DDP WebSocket...

7.5CVSS7.2AI score0.00723EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2026-37495

Unauthenticated Broken Access Control in JobSearch = 3.2.7 versions...

7.5CVSS5.2AI score0.00296EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37514

Rocket.Chat versions 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, 7.13.9, 7.10.13 has an access control vulnerability in Livechat files. Protected file downloads at /file-upload/:fileId/:name authorize livechat access using rcroomtype=l with rcrid+rctoken, but the authorization path does not verify...

9.3CVSS8.3AI score0.00304EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37584

Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

6.5CVSS5.4AI score0.00433EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37624

Unauthenticated Cross Site Scripting XSS in WPFunnels Pro = 2.9.4 versions...

7.1CVSS5.1AI score0.00186EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37618

Unauthenticated SQL Injection in JetEngine = 3.8.9.1 versions...

9.3CVSS5.8AI score0.00372EPSS
Exploits0References2
Total number of security vulnerabilities418139