Lucene search
K

364188 matches found

NVD
NVD
•added 2026/06/15 9:17 p.m.•8 views

CVE-2026-48881

Unauthenticated Broken Access Control in TrueBooker = 1.1.9 versions...

9.1CVSS0.00278EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:17 p.m.•13 views

CVE-2026-48886

Unauthenticated SQL Injection in JS Help Desk = 3.0.9 versions...

9.3CVSS0.00283EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:17 p.m.•8 views

CVE-2026-48885

Unauthenticated Cross Site Scripting XSS in HollerBox = 2.3.10.1 versions...

7.1CVSS0.00175EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:17 p.m.•7 views

CVE-2026-48882

Subscriber SQL Injection in WP Time Slots Booking Form = 1.2.50 versions...

8.5CVSS0.00332EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:17 p.m.•6 views

CVE-2026-48880

Subscriber Cross Site Scripting XSS in WP Job Portal = 2.5.2 versions...

6.5CVSS0.00205EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:17 p.m.•9 views

CVE-2026-48876

Unauthenticated Cross Site Scripting XSS in Stop Spammers = 2026.3 versions...

7.1CVSS0.00175EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:17 p.m.•8 views

CVE-2026-48871

Unauthenticated Cross Site Scripting XSS in MW WP Form = 5.1.3 versions...

7.1CVSS0.00175EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:17 p.m.•7 views

CVE-2026-48838

Unauthenticated Cross Site Scripting XSS in Post SMTP = 3.6.2 versions...

7.1CVSS0.00237EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:17 p.m.•7 views

CVE-2026-48873

Unauthenticated Broken Access Control in Montonio for WooCommerce = 10.1.2 versions...

7.5CVSS0.00238EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:17 p.m.•7 views

CVE-2026-48870

Subscriber Cross Site Scripting XSS in King Addons for Elementor = 51.1.62 versions...

6.5CVSS0.00205EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:17 p.m.•10 views

CVE-2026-48868

Unauthenticated Insecure Direct Object References IDOR in Simple Shopping Cart = 5.2.9 versions...

7.5CVSS0.00278EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:17 p.m.•8 views

CVE-2026-48867

Unauthenticated Cross Site Scripting XSS in Quiz And Survey Master = 11.1.2 versions...

7.1CVSS0.00175EPSS
Exploits1References1
NVD
NVD
•added 2026/06/15 9:17 p.m.•7 views

CVE-2026-48874

Subscriber SQL Injection in GamiPress = 7.8.7 versions...

8.5CVSS0.00332EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:17 p.m.•10 views

CVE-2026-48872

Unauthenticated Sensitive Data Exposure in EmbedPress = 4.5.2 versions...

7.5CVSS0.00278EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:17 p.m.•9 views

CVE-2026-48708

OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, the template engine uses a single shared text/template.Template instance tpl package-level variable in service/internal/tpl/templates.go across all goroutines. Every action execution calls...

7.5CVSS0.00401EPSS
Exploits0References3
NVD
NVD
•added 2026/06/15 9:17 p.m.•8 views

CVE-2026-48709

OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, The ValidateArgumentType RPC endpoint in service/internal/api/api.go does not perform any authentication or authorization checks. Unlike all other data-returning API endpoints, it does not cal...

3.7CVSS0.00328EPSS
Exploits0References3
NVD
NVD
•added 2026/06/15 9:17 p.m.•7 views

CVE-2026-48836

Unauthenticated Remote Code Execution RCE in Easy Invoice = 2.1.19 versions...

10CVSS0.00572EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:17 p.m.•6 views

CVE-2026-48835

Unauthenticated Broken Access Control in Contact Form by WPForms = 1.10.0.4 versions...

7.5CVSS0.00305EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:17 p.m.•6 views

CVE-2026-48518

MultiJuicer is used to run separate Juice Shop instances on a central kubernetes cluster without the need for local instances. In versions 8.0.0 through 10.0.0, the team join endpoint POST /multi-juicer/api/teams/team/join accepted requests with any Content-Type, including text/plain. Because tha...

4.3CVSS0.00172EPSS
Exploits0References3
NVD
NVD
•added 2026/06/15 9:17 p.m.•8 views

CVE-2026-48124

Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from .claude/settings.local.json without dedicated user approval. A malicious workspace or agent-created file could configure hooks that run...

8.5CVSS0.00144EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:17 p.m.•6 views

CVE-2026-47825

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers. Affected versions: Spring Cloud Gateway 3.1.x fix 3.1.13. Spring Cloud Gateway 4.1.x fix 4.1.13. Spri...

8.6CVSS0.00139EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:17 p.m.•7 views

CVE-2026-47261

Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all and FilePerms::READ without FilePerms::WRITE, this access control mechanism can be bypassed via the wasip2 descriptor.open-at or wasip1 pathopen interfaces by...

7.5CVSS0.00357EPSS
Exploits0References5
NVD
NVD
•added 2026/06/15 9:17 p.m.•9 views

CVE-2026-45441

Unauthenticated Other Vulnerability Type in WpEvently = 5.3.3 versions...

7.5CVSS0.00259EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:17 p.m.•10 views

CVE-2026-45437

Unauthenticated Cross Site Scripting XSS in Product Filter Widget for Elementor = 1.0.6 versions...

7.1CVSS0.00175EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:17 p.m.•8 views

CVE-2026-45439

Unauthenticated SQL Injection in Realtyna Organic IDX plugin = 5.1.0 versions...

9.3CVSS0.00291EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:16 p.m.•7 views

CVE-2026-42775

Unauthenticated Cross Site Scripting XSS in AutomatorWP = 5.7.2 versions...

7.1CVSS0.00175EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:16 p.m.•8 views

CVE-2026-42743

Unauthenticated Broken Authentication in Masteriyo - LMS = 2.1.8 versions...

6.5CVSS0.00144EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:16 p.m.•8 views

CVE-2026-42752

Unauthenticated Bypass Vulnerability in Stripe Payments = 2.0.98 versions...

6.5CVSS0.00222EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:16 p.m.•6 views

CVE-2026-42664

Unauthenticated Broken Access Control in AI Product Search for WooCommerce Motive Commerce Search = 1.38.2 versions...

8.2CVSS0.00254EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:16 p.m.•8 views

CVE-2026-42666

Unauthenticated Broken Access Control in Salon booking system = 10.30.25 versions...

7.5CVSS0.00278EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:16 p.m.•7 views

CVE-2026-42688

Subscriber Cross Site Scripting XSS in Modula Image Gallery = 2.14.23 versions...

6.5CVSS0.00236EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:16 p.m.•8 views

CVE-2026-42663

Unauthenticated Cross Site Scripting XSS in Simple Membership = 4.7.2 versions...

6.5CVSS0.00161EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:16 p.m.•8 views

CVE-2026-42668

Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend = 1.18.0 versions...

7.5CVSS0.00427EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:16 p.m.•9 views

CVE-2026-42667

Unauthenticated Sensitive Data Exposure in Bookly = 27.4 versions...

7.5CVSS0.00294EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:16 p.m.•6 views

CVE-2026-42687

Unauthenticated PHP Object Injection in EventPrime = 4.3.2.1 versions...

8.1CVSS0.00317EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:16 p.m.•7 views

CVE-2026-42665

Unauthenticated SQL Injection in WP Data Access = 5.5.70 versions...

9.3CVSS0.00283EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:16 p.m.•8 views

CVE-2026-42686

Subscriber Cross Site Scripting XSS in EventPrime = 4.3.2.1 versions...

7.1CVSS0.00354EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:16 p.m.•9 views

CVE-2026-42662

Unauthenticated Bypass Vulnerability in Event Tickets = 5.27.5 versions...

6.5CVSS0.00316EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:16 p.m.•7 views

CVE-2026-42661

Custom role Path Traversal in WP Customer Area = 8.3.4 versions...

8.8CVSS0.00371EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:16 p.m.•8 views

CVE-2026-42659

Subscriber Broken Access Control in Advanced Form Integration = 1.126.12 versions...

6.5CVSS0.00271EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:16 p.m.•7 views

CVE-2026-42656

Subscriber Cross Site Scripting XSS in Contest Gallery = 28.1.6 versions...

6.5CVSS0.00205EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:16 p.m.•8 views

CVE-2026-42658

Unauthenticated Cross Site Scripting XSS in Classified Listing = 5.3.8 versions...

7.1CVSS0.00175EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:16 p.m.•6 views

CVE-2026-42657

Unauthenticated Other Vulnerability Type in Contest Gallery = 28.1.7 versions...

5.3CVSS0.00219EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:16 p.m.•8 views

CVE-2026-42655

Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP = 4.6.19 versions...

5.9CVSS0.00249EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:16 p.m.•8 views

CVE-2026-42660

Subscriber Sensitive Data Exposure in Contest Gallery = 28.1.7 versions...

6.5CVSS0.00345EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:16 p.m.•7 views

CVE-2026-42384

Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments 1.6.11.2 versions...

7.5CVSS0.00294EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:16 p.m.•7 views

CVE-2026-42386

Unauthenticated SQL Injection in Order Delivery Date for WooCommerce = 4.5.1 versions...

9.3CVSS0.00283EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:16 p.m.•7 views

CVE-2026-42649

Unauthenticated Cross Site Scripting XSS in Favicon Rotator = 1.2.11 versions...

7.1CVSS0.00175EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:16 p.m.•6 views

CVE-2026-42650

Unauthenticated Cross Site Scripting XSS in AutomatorWP = 5.6.7 versions...

7.2CVSS0.00195EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 9:16 p.m.•6 views

CVE-2026-42651

Subscriber Broken Access Control in Classified Listing = 5.3.9 versions...

6.3CVSS0.00242EPSS
Exploits0References1
Total number of security vulnerabilities364188