Lucene search
K

418668 matches found

EUVD
EUVD
•added 2026/06/15 9:30 p.m.•6 views

EUVD-2026-36928

Unauthenticated Cross Site Scripting XSS in Contact Form to Any API = 3.0.3 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36936

Shop manager PHP Object Injection in WooCommerce PDF Invoices & Packing Slips 5.9.0 versions...

7.2CVSS5.3AI score0.00446EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•7 views

EUVD-2026-36934

Shop manager Privilege Escalation in WooCommerce Cart Abandonment Recovery 2.1.0 versions...

7.2CVSS5.2AI score0.00382EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•8 views

EUVD-2026-36951

Unauthenticated SQL Injection in GeoDirectory = 2.8.152 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•10 views

EUVD-2026-36956

Unauthenticated SQL Injection in GeekyBot = 1.2.0 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•10 views

EUVD-2026-36946

Shop manager PHP Object Injection in Advanced Product Fields Product Addons for WooCommerce = 1.6.19 versions...

7.2CVSS5.3AI score0.00446EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•10 views

EUVD-2026-36955

Subscriber Insecure Direct Object References IDOR in EventPrime = 4.3.0.0 versions...

7.1CVSS5.2AI score0.00278EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•10 views

EUVD-2026-36943

Unauthenticated SQL Injection in WP Maps = 4.9.1 versions...

9.3CVSS5.7AI score0.00363EPSS
Exploits1References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36953

Unauthenticated Cross Site Scripting XSS in Paid Member Subscriptions = 2.17.3 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•8 views

EUVD-2026-36952

Unauthenticated Broken Access Control in Easy Appointments = 3.12.21 versions...

7.5CVSS5.1AI score0.00287EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•6 views

EUVD-2026-36949

Unauthenticated Cross Site Scripting XSS in Social Slider Feed = 2.3.2 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36950

Unauthenticated SQL Injection in WP Photo Album Plus = 9.1.08.001 versions...

9.3CVSS5.7AI score0.00295EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36940

Author PHP Object Injection in Modula Image Gallery = 2.14.18 versions...

7.2CVSS5.3AI score0.00446EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•10 views

EUVD-2026-36926

Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free = 5.3 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•8 views

EUVD-2025-210161

Unauthenticated Cross Site Scripting XSS in Okay Toolkit = 2.3 versions...

7.1CVSS5.1AI score0.00186EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•8 views

EUVD-2026-36923

Unauthenticated Cross Site Scripting XSS in WooCommerce Product Table Lite = 4.6.3 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•8 views

EUVD-2026-36909

Unauthenticated Cross Site Scripting XSS in Redirection for Contact Form 7 = 3.2.8 versions...

7.1CVSS5.1AI score0.00237EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•7 views

EUVD-2026-36918

Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce = 2.2.5 versions...

7.5CVSS5.2AI score0.00303EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•7 views

EUVD-2026-36917

Unauthenticated Broken Access Control in Simple Membership = 4.7.1 versions...

7.5CVSS5.1AI score0.00251EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•9 views

EUVD-2025-210162

Unauthenticated Cross Site Scripting XSS in Elis WordCents adSense Widget with Analytics = 1.3.03.27 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36912

Unauthenticated Broken Access Control in Essential Addons for Elementor 6.6.0 versions...

5.3CVSS5.1AI score0.00214EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•10 views

EUVD-2025-210160

Unauthenticated Cross Site Scripting XSS in iRobots.txt SEO = 1.1.2 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•11 views

EUVD-2026-36911

Unauthenticated Broken Access Control in User Registration = 5.1.2 versions...

7.5CVSS5.2AI score0.00372EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•8 views

EUVD-2025-210163

Subscriber Broken Access Control in Bookify = 1.1.1 versions...

6.5CVSS5.1AI score0.00326EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•11 views

EUVD-2026-36916

Editor Privilege Escalation in AI Engine = 3.4.9 versions...

7.2CVSS5.2AI score0.00393EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36924

Shop manager PHP Object Injection in CTX Feed = 6.6.26 versions...

7.2CVSS5.3AI score0.00446EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36921

Unauthenticated Cross Site Scripting XSS in GiveWP = 4.14.2 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•8 views

EUVD-2026-36913

Unauthenticated PHP Object Injection in Broadcast Live Video 7.1.3 versions...

9.8CVSS5.3AI score0.00386EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•10 views

EUVD-2026-36920

Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce = 1.5.3 versions...

7.5CVSS5.1AI score0.00246EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•11 views

EUVD-2026-36910

Contributor SQL Injection in PowerPress Podcasting = 11.15.10 versions...

8.5CVSS5.7AI score0.00253EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36919

Subscriber Broken Access Control in Rank Math SEO = 1.0.271 versions...

6.5CVSS5.1AI score0.00271EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•7 views

EUVD-2026-36915

Unauthenticated Deserialization of untrusted data in Paid Videochat Turnkey Site = 7.3.23 versions...

8.1CVSS5.2AI score0.00317EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•6 views

EUVD-2026-36925

Unauthenticated Cross Site Scripting XSS in CformsII = 15.1.3 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•7 views

EUVD-2025-210159

Subscriber Broken Access Control in bunny.net = 2.3.6 versions...

6.3CVSS5.1AI score0.00242EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•7 views

EUVD-2026-36922

Unauthenticated Privilege Escalation in iControlWP = 5.5.3 versions...

9.8CVSS5.2AI score0.00321EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•12 views

EUVD-2026-36914

Unauthenticated Bypass Vulnerability in WpTravelly = 2.1.7 versions...

7.5CVSS5.2AI score0.00267EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•8 views

EUVD-2025-210158

Administrator Server Side Request Forgery SSRF in PopAd = 1.0.4 versions...

4.4CVSS5.2AI score0.00168EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•10 views

EUVD-2026-36801

A vulnerability was found in the GStreamer RealMedia demuxer gst-plugins-ugly. When processing a RealMedia .rm file, the demuxer parses MDPR media properties chunks to configure audio streams. For audio stream header versions 4 and 5, the parser reads fields such as codec type, packet size, sampl...

7.1CVSS5.5AI score0.00228EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•10 views

EUVD-2026-36790

Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attackers to obtain the TLS private key material via a crafted GET request...

5.2AI score0.00171EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•10 views

EUVD-2026-36788

Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vulnerability in the product-group parameter at /stockreports/spendings. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...

5.6AI score0.00321EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•10 views

EUVD-2025-210157

Custom role Insecure Direct Object References IDOR in Projectopia = 5.1.25.2 versions...

7.5CVSS5.2AI score0.00287EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•10 views

EUVD-2026-36789

Incorrect access control in the /admin/api/config component of Filestash v0.4.0 allows attackers to escalate privileges via sending a crafted request...

5.2AI score0.00326EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36800

Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used in debugging pipelines, limiting real-world exposure. A local attacker could...

5.3CVSS5.5AI score0.00107EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•13 views

EUVD-2026-36798

An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it against available data. A remote attacker could trick a user into opening a specially crafted JPEG file, causi...

7.1CVSS5.4AI score0.00301EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•13 views

EUVD-2026-36799

A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation 4 blocksamples channels in gstwavpackdechandleframe causes a very small heap allocation. The WavPack library then writes...

7.6CVSS6.1AI score0.0031EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•8 views

EUVD-2026-36803

A heap buffer overflow vulnerability was found in GStreamer's librfb RFB/VNC client. The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a...

8.8CVSS6.2AI score0.0053EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•18 views

EUVD-2026-36804

A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a...

7.1CVSS5.4AI score0.0031EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•8 views

EUVD-2026-36805

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gstav1parserparsetilelistobu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a special...

6.5CVSS5.3AI score0.0031EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•8 views

EUVD-2026-36802

A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using reskippascalstring without validating that offsets remain...

7.1CVSS5.2AI score0.00221EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•7 views

EUVD-2026-36781

An HTML injection vulnerability in the /src/highlight.rs component of matze wastebin v3.4.1 allows attackers to execute arbitrary scripts via a crafted payload...

5.7AI score0.00374EPSS
Exploits0References2
Total number of security vulnerabilities418668