Lucene search
K

363386 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-50748

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi Access Application to execute a Command Injection on the host device...

9.9CVSS0.00789EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-12167

The Minifilter communication port for driver GFACSysx64.sys in Little Orbit GFAC allows a local attacker to access privileged driver functionality via a communication interface that lacks appropriate access restrictions...

7.8CVSS0.0011EPSS
Exploits0References3
NVD
NVD
added 4 days ago6 views

CVE-2026-12168

An improper validation vulnerability for driver GFACSysx64.sys in Little Orbit GFAC allows a local attacker to escalate privileges to SYSTEM and execute arbitrary code in kernel mode via crafted messages sent through a Minifilter communication port...

7.8CVSS0.0013EPSS
Exploits0References3
NVD
NVD
added 4 days ago9 views

CVE-2026-12166

A NULL pointer dereference vulnerability for driver GFACSysx64.sys in Little Orbit GFAC allows a local attacker to cause a denial of service via crafted requests that trigger a system crash...

5.5CVSS0.00169EPSS
Exploits0References3
NVD
NVD
added 4 days ago6 views

CVE-2026-4767

Missing authentication for critical function vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Authentication Abuse. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117...

9.8CVSS0.00333EPSS
Exploits0References1
NVD
NVD
added 4 days ago9 views

CVE-2026-58652

luci-app-travelmate and the travelmate package contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL is granted config-wide UCI write access to the travelmate configuration. While the LuCI UI restricts the auto-login script picker to...

7.7CVSS0.00482EPSS
Exploits0References7
NVD
NVD
added 4 days ago8 views

CVE-2026-58653

PraisonAI before 0.1.7 fails to validate that projectid in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace...

5.3CVSS0.00158EPSS
Exploits0References2
NVD
NVD
added 4 days ago8 views

CVE-2026-5524

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the doimageupload function where user-supplied input from the acceptFileTypes POST...

9.8CVSS0.00542EPSS
Exploits0References2
NVD
NVD
added 4 days ago9 views

CVE-2026-4770

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in TR7 Cyber ​​Defense Inc. Web Application Firewall allows DOM-Based XSS. This issue affects Web Application Firewall: from v1.0.42.239 before v1.4.0.117...

4.6CVSS0.00133EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-4772

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Stored XSS. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117...

5.4CVSS0.00133EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-57761

Unauthenticated Cross Site Request Forgery CSRF in SEOWP = 3.12.2 versions...

7.1CVSS0.00094EPSS
Exploits0References1
NVD
NVD
added 4 days ago5 views

CVE-2026-57765

Contributor SQL Injection in WP EasyCart = 5.9.0 versions...

8.5CVSS0.0022EPSS
Exploits0References1
NVD
NVD
added 4 days ago5 views

CVE-2026-57760

Missing Authorization vulnerability in Sendcloud Sendcloud Shipping allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sendcloud Shipping: from n/a through 1.0.29...

5.3CVSS0.00184EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-57762

Author Cross Site Scripting XSS in Simple URLs = 151 versions...

5.9CVSS0.00148EPSS
Exploits0References1
NVD
NVD
added 4 days ago6 views

CVE-2026-57764

Contributor Cross Site Scripting XSS in Surbma | Yoast SEO Breadcrumb Shortcode = 1.2 versions...

6.5CVSS0.00139EPSS
Exploits0References1
NVD
NVD
added 4 days ago6 views

CVE-2026-57763

Contributor Cross Site Scripting XSS in Structured Content = 1.7.0 versions...

6.5CVSS0.00139EPSS
Exploits0References1
NVD
NVD
added 4 days ago8 views

CVE-2026-57766

Unauthenticated Cross Site Request Forgery CSRF in WPIDE – File Manager & Code Editor = 3.5.6 versions...

8.8CVSS0.00142EPSS
Exploits0References1
NVD
NVD
added 4 days ago9 views

CVE-2026-57754

Contributor Cross Site Scripting XSS in Livemesh Addons for WPBakery Page Builder = 3.9.4 versions...

6.5CVSS0.00139EPSS
Exploits0References1
NVD
NVD
added 4 days ago6 views

CVE-2026-57757

Unauthenticated Cross Site Request Forgery CSRF in pCloud WP Backup = 2.0.2 versions...

7.1CVSS0.00116EPSS
Exploits0References1
NVD
NVD
added 4 days ago6 views

CVE-2026-57756

Contributor SQL Injection in nicen-localize-image = 1.4.9 versions...

8.5CVSS0.0022EPSS
Exploits0References1
NVD
NVD
added 4 days ago6 views

CVE-2026-57759

Unauthenticated Cross Site Request Forgery CSRF in ProfileGrid = 5.9.9.7 versions...

8.8CVSS0.00142EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-57753

Unauthenticated Sensitive Data Exposure in Kit formerly ConvertKit for WooCommerce = 2.1.5 versions...

5.3CVSS0.00206EPSS
Exploits0References1
NVD
NVD
added 4 days ago6 views

CVE-2026-57752

Contributor SQL Injection in iNET Webkit 1.2.4 versions...

8.5CVSS0.0029EPSS
Exploits0References1
NVD
NVD
added 4 days ago6 views

CVE-2026-57755

Contributor Cross Site Scripting XSS in Mosaic Gallery Advanced Gallery = 1.2.0 versions...

6.5CVSS0.00139EPSS
Exploits0References1
NVD
NVD
added 4 days ago5 views

CVE-2026-57758

Unauthenticated Cross Site Request Forgery CSRF in Permalink Manager for WooCommerce = 1.0.8.2 versions...

7.1CVSS0.00094EPSS
Exploits0References1
NVD
NVD
added 4 days ago6 views

CVE-2026-57730

Subscriber Broken Access Control in Flatsome = 3.20.5 versions...

4.3CVSS0.00222EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-57746

Subscriber Broken Access Control in Booked = 3.0.0 versions...

7.1CVSS0.00235EPSS
Exploits0References1
NVD
NVD
added 4 days ago6 views

CVE-2026-57749

Contributor Local File Inclusion in SportsPress Pro = 2.7.29 versions...

7.5CVSS0.00278EPSS
Exploits0References1
NVD
NVD
added 4 days ago5 views

CVE-2026-57747

Unauthenticated Cross Site Request Forgery CSRF in Booked = 3.0.0 versions...

6.5CVSS0.00124EPSS
Exploits0References1
NVD
NVD
added 4 days ago5 views

CVE-2026-57751

Unauthenticated Cross Site Request Forgery CSRF in Heateor Social Login = 1.1.39 versions...

8.1CVSS0.00139EPSS
Exploits0References1
NVD
NVD
added 4 days ago6 views

CVE-2026-57731

Contributor Broken Access Control in Flatsome = 3.20.5 versions...

6.5CVSS0.0021EPSS
Exploits0References1
NVD
NVD
added 4 days ago9 views

CVE-2026-57748

Contributor Local File Inclusion in Shopify = 1.0.0 versions...

7.5CVSS0.00284EPSS
Exploits0References1
NVD
NVD
added 4 days ago5 views

CVE-2026-57750

Unauthenticated Broken Access Control in ez Form Calculator Premium = 2.14.1.2 versions...

5.3CVSS0.00184EPSS
Exploits0References1
NVD
NVD
added 4 days ago6 views

CVE-2026-57683

Unauthenticated SQL Injection in WP Fast Total Search = 1.80.280 versions...

9.3CVSS0.00247EPSS
Exploits0References1
NVD
NVD
added 4 days ago6 views

CVE-2026-57684

Contributor Cross Site Scripting XSS in TheFox = 3.9.70 versions...

6.5CVSS0.00171EPSS
Exploits0References1
NVD
NVD
added 4 days ago6 views

CVE-2026-57687

Contributor SQL Injection in Custom Field Template = 2.7.8 versions...

8.5CVSS0.0022EPSS
Exploits0References1
NVD
NVD
added 4 days ago5 views

CVE-2026-57685

Subscriber Broken Access Control in Martfury - WooCommerce Marketplace WordPress Theme = 3.2.8 versions...

4.3CVSS0.00254EPSS
Exploits0References1
NVD
NVD
added 4 days ago5 views

CVE-2026-57686

Unauthenticated Cross Site Scripting XSS in WowAddons = 1.6.14 versions...

7.1CVSS0.00191EPSS
Exploits0References1
NVD
NVD
added 4 days ago5 views

CVE-2026-57689

Subscriber Broken Access Control in Werkstatt = 4.7.2 versions...

4.3CVSS0.00222EPSS
Exploits0References1
NVD
NVD
added 4 days ago6 views

CVE-2026-57688

Unauthenticated Broken Access Control in POS Entegratör = 3.7.103 versions...

8.2CVSS0.00242EPSS
Exploits0References1
NVD
NVD
added 4 days ago5 views

CVE-2026-57690

Unauthenticated Cross Site Request Forgery CSRF in Werkstatt = 4.7.2 versions...

4.3CVSS0.00104EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-57677

Unauthenticated PHP Object Injection in Novalnet Payment Gateway for WooCommerce = 12.10.3 versions...

9.8CVSS0.00336EPSS
Exploits0References1
NVD
NVD
added 4 days ago6 views

CVE-2026-57674

Unauthenticated Cross Site Scripting XSS in Timetics = 1.0.58 versions...

7.1CVSS0.00191EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-57678

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemePunch Slider Revolution allows Reflected XSS. This issue affects Slider Revolution: from 7.0.0 through 7.0.16...

7.1CVSS0.00155EPSS
Exploits0References1
NVD
NVD
added 4 days ago5 views

CVE-2026-57675

Unauthenticated Cross Site Scripting XSS in WP Photo Album Plus = 9.2.02.004 versions...

7.1CVSS0.00191EPSS
Exploits0References1
NVD
NVD
added 4 days ago5 views

CVE-2026-57680

Unauthenticated Insecure Direct Object References IDOR in Kirki = 6.0.11 versions...

6.5CVSS0.00253EPSS
Exploits0References1
NVD
NVD
added 4 days ago4 views

CVE-2026-57681

Subscriber Server Side Request Forgery SSRF in GeoDirectory = 2.8.161 versions...

6.4CVSS0.0023EPSS
Exploits0References1
NVD
NVD
added 4 days ago8 views

CVE-2026-57679

Unauthenticated SQL Injection in GeekyBot = 1.2.5 versions...

9.3CVSS0.00247EPSS
Exploits0References1
NVD
NVD
added 4 days ago5 views

CVE-2026-57682

Unauthenticated Cross Site Scripting XSS in Simple Link Directory = 15.0.5 versions...

7.1CVSS0.00191EPSS
Exploits0References1
NVD
NVD
added 4 days ago4 views

CVE-2026-57623

Unauthenticated Arbitrary Code Execution in W3 Total Cache = 2.9.4 versions...

9CVSS0.00332EPSS
Exploits0References1
Total number of security vulnerabilities363386