Lucene search
K
VulnrichmentRecent

162689 matches found

Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.6 views

CVE-2025-69140 WordPress SweetDate Core plugin < 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in SweetDate Core 1.1.5 versions...

7.1CVSS5.1AI score0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.8 views

CVE-2025-69144 WordPress Preservation theme <= 1.10 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Preservation = 1.10 versions...

8.1CVSS5.8AI score0.00348EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.9 views

CVE-2025-69130 WordPress Entrepreneur - Booking for Small Businesses WordPress Theme theme <= 3.1.3 - PHP Object Injection vulnerability

Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme = 3.1.3 versions...

8.8CVSS5.4AI score0.00482EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.8 views

CVE-2025-69127 WordPress Plumbing theme <= 1.6 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Plumbing = 1.6 versions...

9.8CVSS5.4AI score0.00386EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.9 views

CVE-2025-69126 WordPress Fortius theme <= 2.3.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Fortius = 2.3.0 versions...

8.1CVSS5.2AI score0.00348EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.11 views

CVE-2025-69120 WordPress Dazzle theme <= 1.0.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Dazzle = 1.0.0 versions...

8.1CVSS5.1AI score0.00435EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.11 views

CVE-2025-69123 WordPress Snow Club theme <= 1.1 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Snow Club = 1.1 versions...

8.1CVSS5.2AI score0.00348EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.11 views

CVE-2025-69115 WordPress LuxMed | Medicine & Healthcare Doctor WordPress Theme theme <= 1.2.2 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme = 1.2.2 versions...

8.1CVSS5.2AI score0.00348EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.7 views

CVE-2025-69111 WordPress Reisen theme <= 1.4.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Reisen = 1.4.1 versions...

9.8CVSS5.3AI score0.00386EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.8 views

CVE-2025-69106 WordPress Imba theme <= 1.5.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Imba = 1.5.0 versions...

8.1CVSS5.2AI score0.00435EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.5 views

CVE-2025-68524 WordPress Avante theme < 3.0.5 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Avante 3.0.5 versions...

7.1CVSS5.1AI score0.0023EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.12 views

CVE-2025-59554 WordPress Advanced Ads – Tracking plugin < 3.0.7 - SQL Injection vulnerability

Unauthenticated SQL Injection in Advanced Ads – Tracking 3.0.7 versions...

9.3CVSS5.8AI score0.00383EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.7 views

CVE-2025-15657 WordPress School Management plugin <= 93.1.0 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in School Management = 93.1.0 versions...

5.3CVSS5.2AI score0.00228EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:47 p.m.7 views

CVE-2026-54193 WordPress Fusion Builder plugin <= 3.15.4 - Arbitrary File Deletion vulnerability

Contributor Arbitrary File Deletion in Fusion Builder = 3.15.4 versions...

7.7CVSS5.2AI score0.00337EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:32 p.m.6 views

CVE-2025-59872 HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability,

HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a file known as a web shell, which allows you to execute arbitrary code or operating system command...

4.3CVSS6AI score0.00454EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:18 p.m.8 views

CVE-2026-11975 Stored Cross-Site Scripting (XSS) in SimplCommerce News Module Admin Interface

Stored cross-site scripting XSS in NewsItemApiController In SimplCommerce prior to commit 6142d3b5 allows an authenticated administrator to execute arbitrary JavaScript via the ShortContent and FullContent fields, which are stored without HTML sanitization and rendered unencoded via @Html.Raw...

6.2CVSS5.3AI score0.00256EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/17 12:17 p.m.8 views

CVE-2025-62340 HCL iControl was affected by Inadequate Session Timeout vulnerability

HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period of inactivity...

3.1CVSS5.2AI score0.00204EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:13 p.m.11 views

CVE-2024-37496 WordPress Metro Magazine theme <= 1.3.7 - Broken Access Control on Notice Dismissal vulnerability

Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.3.7...

4.3CVSS5.2AI score0.00208EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:11 p.m.7 views

CVE-2024-37210 WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AliNext: from n/a through 3.3.5...

6.5CVSS5.2AI score0.00269EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 12:3 p.m.7 views

CVE-2024-35648 WordPress Emergency Password Reset plugin <= 8.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site request forgery CSRF vulnerability in Andy Moyle Emergency Password Reset allows Cross Site Request Forgery. This issue affects Emergency Password Reset: from n/a through 8.0...

4.3CVSS5.2AI score0.00127EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 11:57 a.m.5 views

CVE-2024-32949 WordPress Integrate Google Drive plugin <= 1.3.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Integrate Google Drive: from n/a through 1.3.8...

8.3CVSS5.2AI score0.00293EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 11:53 a.m.8 views

CVE-2024-32729 WordPress ChatBot Conversational Forms plugin <= 1.1.8 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in QuantumCloud Conversational Forms for ChatBot allows Path Traversal. This issue affects Conversational Forms for ChatBot: from n/a through 1.1.8...

7.5CVSS5.2AI score0.0043EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 11:50 a.m.7 views

CVE-2026-11858 Missing authorization in Quanos SCHEMA ST4 Client Update Service allows arbitrary file overwrite as SYSTEM

Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service. The update service runs as NT AUTHORITY\SYSTEM and exposes a .NET Remoting interface over a named pipe without sufficient access controls or authorization. A local authenticated...

8.4CVSS5.5AI score0.00126EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 11:42 a.m.6 views

CVE-2024-24709 WordPress Shareaholic plugin <= 9.7.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shareaholic: from n/a through 9.7.11...

4.3CVSS5.3AI score0.00192EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 11:42 a.m.7 views

CVE-2026-11857 Insecure .NET Remoting deserialization in Quanos SCHEMA ST4 Client Update Service allows local privilege escalation

Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service due to insecure deserialization in the .NET Remoting service. The service is configured with TypeFilterLevel.Full and is bound to local interfaces only through named pipes. A local...

8.4CVSS6.2AI score0.00273EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 11:39 a.m.7 views

CVE-2025-31013 WordPress Themify Folo theme <= 1.9.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themify Folo allows Reflected XSS. This issue affects Themify Folo: from n/a through 1.9.6...

7.1CVSS8.3AI score0.00146EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 11:34 a.m.7 views

CVE-2024-33685 WordPress Startupzy theme <= 1.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jegstudio Startupzy startupzy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Startupzy: from n/a through 1.1.1...

4.3CVSS5.2AI score0.00155EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 11:11 a.m.7 views

CVE-2026-10839 Open redirection vulnerability in Password Manager

Open redirection vulnerability in the authentication system allows an attacker to use manipulated values in the X-Forwarded-Host header to alter the URLs generated by the application. A successful exploit could redirect authenticated users to malicious sites following login procedures or...

5.1CVSS5.3AI score0.0042EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 11:11 a.m.6 views

CVE-2026-10837 Open redirection vulnerability in Password Manager

Open redirection vulnerability due to insufficient validation of the X-Forwarded-Host HTTP header. An attacker could create manipulated links that, when opened by a victim, cause the victim to be redirected to domains controlled by the attacker, enabling phishing or deception attacks with limited...

5.1CVSS5.3AI score0.00315EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 11:10 a.m.8 views

CVE-2026-10836 Improper neutralization of HTTP headers in Password Manager

Improper handling of HTTP headers that allows a remote attacker to manipulate the value of the Host header using specially crafted requests. A successful exploit could result in the generation of manipulated links or responses, potentially leading to limited information disclosure or compromising...

5.1CVSS5.9AI score0.00308EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 10:53 a.m.9 views

CVE-2026-5667 Information Disclosure, Information Tampering, or Denial-of-Service (DoS) Vulnerability in Multiple Home Appliances

Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners for Japan and outside Japan; Wireless LAN Adapters for Room Air Conditioners for Japan and outside Japan; Wireless LAN Adapters for Packaged Air Conditioners for Japan and outside Japan; Refrigerators for...

7.2CVSS5.3AI score0.00151EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/17 10:25 a.m.6 views

CVE-2024-34810 WordPress Skyline WP theme <= 1.0.10 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site request forgery CSRF vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery. This issue affects Skyline WP: from n/a through 1.0.10...

4.3CVSS5.1AI score0.00117EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 10:7 a.m.6 views

CVE-2026-12491 Vllm: vllm: image exif rotation & png trns transparency not normalized, causing mismatch between model input and expectations

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency tRNS data, during image processing. When images are converted to RGB, transparency informatio...

4.8CVSS5.2AI score0.00239EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/17 9:51 a.m.7 views

CVE-2026-54811 WordPress WP eMember plugin < v10.9.4 - SQL Injection vulnerability

Unauthenticated SQL Injection in WP eMember v10.9.4 versions...

9.3CVSS5.7AI score0.00291EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:51 a.m.6 views

CVE-2026-54807 WordPress Registration Form for WooCommerce plugin <= 1.0.9 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in Registration Form for WooCommerce = 1.0.9 versions...

9.8CVSS5.2AI score0.0045EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:51 a.m.7 views

CVE-2026-54805 WordPress Falang multilanguage plugin <= 1.4.2 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in Falang multilanguage = 1.4.2 versions...

8.8CVSS5.2AI score0.00389EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:51 a.m.6 views

CVE-2026-54803 WordPress SMS Alert Order Notifications plugin <= 3.9.4 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in SMS Alert Order Notifications = 3.9.4 versions...

9.8CVSS5.2AI score0.0045EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:51 a.m.7 views

CVE-2026-54802 WordPress SMS Alert Order Notifications plugin <= 3.9.3 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...

7.5CVSS5.2AI score0.00381EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:51 a.m.6 views

CVE-2026-54196 WordPress JetFormBuilder plugin <= 3.6.1 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in JetFormBuilder = 3.6.1 versions...

6.8CVSS5.2AI score0.00211EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:51 a.m.7 views

CVE-2026-54192 WordPress Popup box plugin <= 6.2.9 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Popup box = 6.2.9 versions...

7.1CVSS5.2AI score0.00192EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:51 a.m.8 views

CVE-2026-54189 WordPress JetEngine plugin <= 3.8.10 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in JetEngine = 3.8.10 versions...

7.1CVSS5.2AI score0.00146EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:51 a.m.11 views

CVE-2026-54186 WordPress JobSearch plugin <= 3.2.9 - SQL Injection vulnerability

Unauthenticated SQL Injection in JobSearch = 3.2.9 versions...

9.3CVSS5.8AI score0.00297EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:51 a.m.7 views

CVE-2026-54187 WordPress JetEngine plugin <= 3.8.10.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetEngine = 3.8.10.1 versions...

9.3CVSS5.8AI score0.00291EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:51 a.m.9 views

CVE-2026-54184 WordPress Clean Login plugin <= 1.15 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in Clean Login = 1.15 versions...

8.2CVSS5.3AI score0.00261EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:51 a.m.10 views

CVE-2026-52706 WordPress JetEngine plugin <= 3.8.10 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in JetEngine = 3.8.10 versions...

9.8CVSS5.4AI score0.00466EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:51 a.m.7 views

CVE-2026-52698 WordPress PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget plugin <= 4.2.3 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget = 4.2.3 versions...

7.4CVSS5.2AI score0.00214EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:51 a.m.8 views

CVE-2026-52696 WordPress JetBlog plugin <= 2.4.8 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in JetBlog = 2.4.8 versions...

7.5CVSS5.2AI score0.00238EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:51 a.m.8 views

CVE-2026-49084 WordPress JetEngine plugin < 3.8.9.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetEngine 3.8.9.1 versions...

9.3CVSS5.8AI score0.00283EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:51 a.m.7 views

CVE-2026-49081 WordPress User Registration Stripe plugin <= 1.3.12 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in User Registration Stripe = 1.3.12 versions...

8.2CVSS5.2AI score0.00291EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:51 a.m.8 views

CVE-2026-49079 WordPress JetSearch plugin <= 3.5.17 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetSearch = 3.5.17 versions...

9.3CVSS5.7AI score0.00346EPSS
Exploits1References1
Total number of security vulnerabilities162689