Lucene search
K
VulnrichmentRecent

162171 matches found

Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.5 views

CVE-2025-69161 WordPress Snowy theme <= 1.13 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Snowy = 1.13 versions...

8.1CVSS5.2AI score0.00348EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.9 views

CVE-2025-69148 WordPress Quirky theme <= 1.23 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Quirky = 1.23 versions...

8.1CVSS5.2AI score0.00435EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.7 views

CVE-2025-69138 WordPress Genemy theme <= 1.6.6 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in Genemy = 1.6.6 versions...

8.8CVSS5.1AI score0.00389EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.6 views

CVE-2025-69145 WordPress Gat theme <= 1.16 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Gat = 1.16 versions...

8.1CVSS5.2AI score0.00348EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.10 views

CVE-2025-69135 WordPress Events Schedule - WordPress Events Calendar Plugin plugin <= 2.7.2 - SQL Injection vulnerability

Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin = 2.7.2 versions...

8.5CVSS5.8AI score0.00342EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.7 views

CVE-2025-69129 WordPress WordPress & WooCommerce Scraper Plugin, Import Data from Any Site plugin <= 1.0.7 - Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...

10CVSS5.2AI score0.00432EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.7 views

CVE-2025-69117 WordPress Ingenioso theme <= 1.14.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Ingenioso = 1.14.0 versions...

8.1CVSS5.2AI score0.00435EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.9 views

CVE-2025-69110 WordPress AirSupply theme <= 2.0.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in AirSupply = 2.0.0 versions...

8.1CVSS5.2AI score0.00435EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.8 views

CVE-2025-60223 WordPress WPBot Pro Wordpress Chatbot plugin <= 13.6.5 - Arbitrary File Deletion vulnerability

Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot = 13.6.5 versions...

7.7CVSS5.2AI score0.0045EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.6 views

CVE-2025-60218 WordPress PT Luxa Addons Plugin <= 1.2.2 - Arbitrary File Upload Vulnerability

Subscriber Arbitrary File Upload in PT Luxa Addons = 1.2.2 versions...

9.9CVSS5.2AI score0.00447EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.6 views

CVE-2025-60205 WordPress ThemeREX Addons plugin <= 2.36.1.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in ThemeREX Addons = 2.36.1.1 versions...

9.8CVSS5.8AI score0.00525EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.7 views

CVE-2025-59563 WordPress Sonaar theme <= 4.27.4 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in Sonaar = 4.27.4 versions...

8.8CVSS5.2AI score0.00378EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.7 views

CVE-2025-59560 WordPress Sonaar theme <= 4.27.4 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Sonaar = 4.27.4 versions...

7.1CVSS5.2AI score0.0023EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.6 views

CVE-2025-58953 WordPress Joly theme <= 1.22.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Joly = 1.22.0 versions...

8.1CVSS5.2AI score0.00423EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.6 views

CVE-2025-58952 WordPress Neuronet theme < 1.14.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Neuronet 1.14.0 versions...

8.1CVSS5.2AI score0.00338EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 a.m.7 views

CVE-2024-49269 WordPress my flatonica theme <= 0.0.8 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in my flatonica = 0.0.8 versions...

7.1CVSS5.2AI score0.00241EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:30 a.m.7 views

CVE-2026-12165 Contest Gallery <= 30.0.2 - Authenticated (Author+) Privilege Escalation via 'RegistryUserRole' Parameter

The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 30.0.2 via the RegistryUserRole parameter. This is due to the plugin's admin menu being registered at the editposts...

8.8CVSS5.3AI score0.00408EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/17 9:30 a.m.9 views

CVE-2026-12115 Counter Box <= 2.0.13 - Authenticated (Administrator+) PHP Object Injection via Import

The Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.13 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level...

6.6CVSS6.1AI score0.00535EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/17 9:0 a.m.8 views

CVE-2026-47340 Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access.

Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

5.4AI score0.00433EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 8:57 a.m.7 views

CVE-2026-32967 Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks

Incorrect Authorization vulnerability of /v2 experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

5.2AI score0.00337EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 8:56 a.m.7 views

CVE-2026-42357 Apache DolphinScheduler: Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access.

Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access. This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...

5.2AI score0.00312EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 8:55 a.m.8 views

CVE-2026-41280 Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects

Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...

5AI score0.00437EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 8:43 a.m.13 views

CVE-2026-32966 Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure

DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

5.2AI score0.0039EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 8:40 a.m.7 views

CVE-2026-40722 WordPress Yoast SEO Premium plugin <= 26.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Yoast SEO Premium: from n/a through 26.6...

5.5CVSS5.3AI score0.00188EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 8:13 a.m.8 views

CVE-2026-27869 WEB SERVICE (HTTP) DENIAL OF SERVICE VIA SLOW HEADERS ON REGESTA SMART HD-PLC OF TELDAT

An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat in this case, NO registration action is required who has the vulnerable software could, with a Slow Loris attack, cause Denial of Service DoS on the web interface of the device. This issue affects Regesta Smart...

6.9CVSS5.4AI score0.00394EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/17 8:13 a.m.7 views

CVE-2026-27870 CROSS-SITE SCRIPTING (XSS) VIA MALICIOUS FILE UPLOAD ON REGESTA SMART HD-PLC OF TELDAT

An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat in this case, registration action IS required who has the vulnerable software could, introduce arbitrary JavaScript by injecting a Cross-site Scripting XSS payload into the 'Hostname' field of the configuration...

4.8CVSS5.4AI score0.00293EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/17 8:13 a.m.7 views

CVE-2026-27868 PUBLICATION OF SENSITIVE INFORMATION ON REGESTA SMART HD-PLC OF TELDAT

An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat in this case, NO registration action is required who has the vulnerable software could obtain privilege information by using the command Version via the path: /upgrade/query.php?cmd=p+3&3Bversion resulting in a...

6.9CVSS5.3AI score0.00394EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/17 7:24 a.m.7 views

CVE-2026-0063

In setAllowedCarriers of PhoneInterfaceManager.java, there is a possible way to disable carrier restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS5.5AI score0.00155EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 7:21 a.m.7 views

CVE-2026-28587

In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS5.4AI score0.00115EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 7:19 a.m.12 views

CVE-2026-28576

In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS5.9AI score0.00148EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 7:17 a.m.12 views

CVE-2026-28615

In Telecomm, there is a possible way to initiate an unauthorized phone call due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS5.5AI score0.00123EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 7:15 a.m.7 views

CVE-2026-0083

In Nfc::eventCallback of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS5.5AI score0.00121EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 7:13 a.m.11 views

CVE-2026-0082

In tryStartActivity of NfcDispatcher.java, there is a possible automatic special app access permission assignment due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS5.5AI score0.00165EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 7:13 a.m.6 views

CVE-2026-12199 Unauthenticated Denial of Service in nltk.app.wordnet_app

A vulnerability in nltk.app.wordnetapp up to version 3.9.3 allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when started in its default mode. The server listens on all interfaces and processes a specific unauthenticated GET request /SHUTDOWN%20THE%20SERVER to...

7.5CVSS7.4AI score0.00325EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 7:12 a.m.6 views

CVE-2026-0081

In NFC, there is a possible way to spoof an NFC event due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS5.5AI score0.00148EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 7:9 a.m.9 views

CVE-2026-0071

In SettingsLib, there is a possible missing permission check due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS5.5AI score0.00155EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 7:2 a.m.8 views

CVE-2026-28575

In PackageInstaller.Sessiontransfer of frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java, there is a possible memory exhaustion attack due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed...

10CVSS6AI score0.00125EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 6:57 a.m.7 views

CVE-2026-0092

In Package Manager, there is a possible device lock controller bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS5.5AI score0.00218EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 6:49 a.m.8 views

CVE-2026-8494 Permalink Manager Lite <= 2.5.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title

The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in the admin URI Editor interface in all versions up to, and including, 2.5.3.3 due to insufficient output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.5AI score0.00193EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/17 6:49 a.m.8 views

CVE-2026-8607 myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wrap' Shortcode Attribute

The Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wrap' Shortcode Attribute in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping...

6.4CVSS5.5AI score0.00269EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/17 6:49 a.m.8 views

CVE-2026-0068

In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to local escalation of privilege if a user can install a malicious app with no additional execution...

10CVSS5.5AI score0.00123EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 6:48 a.m.9 views

CVE-2026-10094 Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 through SOLIDWORKS Desktop Release 2026

A Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 through SOLIDWORKS Desktop Release 2026 could allow an attacker to write arbitrary files on the server...

9.8CVSS5.4AI score0.0038EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 6:0 a.m.10 views

CVE-2026-7850 WP Magnific Popup <= 1.0 - Author+ Stored XSS via href Attribute

The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displaying image load error messages, allowing authenticated attackers with Author-level access or above to perform Stored Cross-Site Scripting attacks...

5.2AI score0.0014EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 6:0 a.m.8 views

CVE-2026-8383 LearnPress < 4.3.7 - Unauthenticated Sensitive User Information Disclosure via REST API

The LearnPress WordPress plugin before 4.3.7 does not gate the edit context on one of its REST endpoint behind the editusers capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted...

5.2AI score0.00424EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 6:0 a.m.9 views

CVE-2026-8089 weMail < 2.1.3 - Reflected Cross-Site Scripting

The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin before 2.1.3 does not properly escape a user-supplied parameter before reflecting it into an HTML attribute on a non-nonce-protected AJAX response, allowing unauthenticated...

5.2AI score0.00215EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 6:0 a.m.7 views

CVE-2026-9570 Taskbuilder < 5.0.8 - Reflected XSS via Shortcode

The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline JavaScript on a frontend page containing one of its shortcodes, leading to a Reflected Cross-Site Scripting vulnerability that can be triggered against any logged-in user...

5.2AI score0.00146EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 5:53 a.m.7 views

CVE-2026-0057

In Contacts Provider, there is a possible way to access an incoming call's phone number and associated metadata due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5AI score0.00065EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 5:53 a.m.7 views

CVE-2026-0019

In SettingsLib, there is a possible way to disable system components due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5AI score0.0008EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 5:53 a.m.8 views

CVE-2025-48643

In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5AI score0.00084EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 5:53 a.m.8 views

CVE-2025-48640

In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.6AI score0.00094EPSS
Exploits0References1
Total number of security vulnerabilities162171