Lucene search
K
VulnrichmentRecent

161697 matches found

Vulnrichment
Vulnrichment
•added 2026/06/26 2:52 p.m.•8 views

CVE-2026-56010 WordPress Abandoned Cart Pro for WooCommerce plugin <= 10.4.0 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce = 10.4.0 versions...

8.8CVSS5.8AI score0.00378EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:52 p.m.•7 views

CVE-2026-56008 WordPress Fusion Builder plugin <= 3.15.4 - Privilege Escalation vulnerability

Contributor Privilege Escalation in Fusion Builder = 3.15.4 versions...

8.8CVSS5.8AI score0.00278EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:52 p.m.•6 views

CVE-2026-54847 WordPress Stylish Cost Calculator plugin <= 8.3.9 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Stylish Cost Calculator = 8.3.9 versions...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:52 p.m.•6 views

CVE-2026-54840 WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Newsletters = 4.13 versions...

7.3CVSS5.8AI score0.00213EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:52 p.m.•6 views

CVE-2026-54846 WordPress Syncee Premium Dropshipping & Wholesale plugin <= 1.0.27 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Syncee Premium Dropshipping & Wholesale = 1.0.27 versions...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:52 p.m.•5 views

CVE-2026-54839 WordPress Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups plugin <= 2.0.9 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Trinity Backup Backup, Migrate, Restore, Clone & Schedule Backups = 2.0.9 versions...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:52 p.m.•5 views

CVE-2026-54837 WordPress Intranet & Private Site – All-In-One Intranet plugin <= 1.8.1 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Intranet & Private Site All-In-One Intranet = 1.8.1 versions...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:52 p.m.•6 views

CVE-2026-54835 WordPress Five Star Restaurant Menu plugin <= 2.5.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Five Star Restaurant Menu = 2.5.2 versions...

7.5CVSS5.8AI score0.00238EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:52 p.m.•5 views

CVE-2026-54834 WordPress Object Cache 4 everyone plugin <= 2.3.2 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone = 2.3.2 versions...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:52 p.m.•5 views

CVE-2026-54833 WordPress Enable CORS plugin <= 2.0.3 - Backdoor vulnerability

Unauthenticated Backdoor in Enable CORS = 2.0.3 versions...

7.4CVSS5.8AI score0.00236EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:52 p.m.•5 views

CVE-2026-54832 WordPress Gutenverse Companion plugin <= 2.5.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Gutenverse Companion = 2.5.0 versions...

7.5CVSS5.8AI score0.00238EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:52 p.m.•5 views

CVE-2026-54831 WordPress GeoDirectory plugin <= 2.8.162 - SQL Injection vulnerability

Unauthenticated SQL Injection in GeoDirectory = 2.8.162 versions...

9.3CVSS5.8AI score0.00283EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:52 p.m.•5 views

CVE-2026-54827 WordPress Real Estate 7 theme <= 3.5.9 - SQL Injection vulnerability

Unauthenticated SQL Injection in Real Estate 7 = 3.5.9 versions...

9.3CVSS5.8AI score0.00283EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:52 p.m.•5 views

CVE-2026-54826 WordPress SupportCandy plugin <= 3.4.6 - Insecure Direct Object References (IDOR) vulnerability

Subscriber Insecure Direct Object References IDOR in SupportCandy = 3.4.6 versions...

7.6CVSS5.8AI score0.00288EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:52 p.m.•9 views

CVE-2026-54825 WordPress wpDataTables plugin <= 7.4 - SQL Injection vulnerability

Unauthenticated SQL Injection in wpDataTables = 7.4 versions...

9.3CVSS5.8AI score0.00283EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:52 p.m.•4 views

CVE-2026-54820 WordPress JetBooking plugin <= 4.0.4.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetBooking = 4.0.4.1 versions...

9.3CVSS5.8AI score0.00283EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:52 p.m.•4 views

CVE-2026-54824 WordPress Ads by WPQuads plugin <= 3.0.3 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Ads by WPQuads = 3.0.3 versions...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:52 p.m.•5 views

CVE-2026-52701 WordPress User Registration plugin <= 5.2.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in User Registration = 5.2.2 versions...

6.5CVSS5.8AI score0.00194EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:52 p.m.•5 views

CVE-2026-24547 WordPress SiteGround Email Marketing plugin <= 1.7.5 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in SiteGround Email Marketing = 1.7.5 versions...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:52 p.m.•7 views

CVE-2025-68075 WordPress BNE Testimonials plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting XSS in BNE Testimonials = 2.0.8 versions...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:52 p.m.•7 views

CVE-2025-68074 WordPress Image Carousel plugin <= 1.0.0.41 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting XSS in Image Carousel = 1.0.0.41 versions...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:52 p.m.•3 views

CVE-2025-68064 WordPress Goya Core plugin < 1.0.9.4 - Local File Inclusion vulnerability

Contributor Local File Inclusion in Goya Core 1.0.9.4 versions...

7.5CVSS5.8AI score0.0032EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:52 p.m.•4 views

CVE-2025-68063 WordPress Splash - Sport Club WordPress theme for Basketball, Football, Hockey theme <= 4.4.3 - Local File Inclusion vulnerability

Contributor Local File Inclusion in Splash - Sport Club WordPress Theme for Basketball, Football, Hockey = 4.4.3 versions...

7.5CVSS5.8AI score0.0032EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:52 p.m.•6 views

CVE-2025-68052 WordPress Eagle Booking plugin <= 1.3.4.3 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in Eagle Booking = 1.3.4.3 versions...

8.8CVSS5.8AI score0.00143EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:52 p.m.•6 views

CVE-2025-64637 WordPress Auros Core plugin <= 5.3.1 - Content Injection vulnerability

Unauthenticated Content Injection in Auros Core = 5.3.1 versions...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:52 p.m.•5 views

CVE-2025-66123 WordPress BookPro plugin <= 1.1.0 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in BookPro = 1.1.0 versions...

5.3CVSS5.8AI score0.00228EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:52 p.m.•3 views

CVE-2025-64636 WordPress Donation Thermometer plugin <= 2.2.7 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Donation Thermometer = 2.2.7 versions...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:52 p.m.•4 views

CVE-2025-63078 WordPress Restaurant Menu by MotoPress plugin <= 2.4.11 - Broken Access Control vulnerability

Subscriber Broken Access Control in Restaurant Menu by MotoPress = 2.4.11 versions...

4.3CVSS5.8AI score0.00243EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:52 p.m.•4 views

CVE-2025-63079 WordPress Live Copy Paste for Elementor plugin <= 1.5.3 - Broken Access Control vulnerability

Contributor Broken Access Control in Live Copy Paste for Elementor = 1.5.3 versions...

4.3CVSS5.8AI score0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:52 p.m.•5 views

CVE-2025-63041 WordPress Forget About Shortcode Buttons plugin <= 2.1.3 - Broken Access Control vulnerability

Contributor Broken Access Control in Forget About Shortcode Buttons = 2.1.3 versions...

5.4CVSS5.8AI score0.00209EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:50 p.m.•9 views

CVE-2026-45257 Arbitrary file overwrite via the KTLS receive path

The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile2, which can reference file-backed memory directly through non-anonymous MEXTPG pages or...

5.8AI score0.00154EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:44 p.m.•8 views

CVE-2026-4339 SSRF via unvalidated attachment URLs in Mattermost Agents plugin MCP server

Mattermost versions 10.11.x = 10.11.18, 11.6.x = 11.6.3, 11.5.x = 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in stdio mode to perform server-side request forgery SS...

6.5CVSS5.8AI score0.00104EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:43 p.m.•6 views

CVE-2026-9699 Mattermost Agents plugin logs unsanitized OpenAI API keys on authentication errors

Mattermost Plugins versions =11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries...

6.8CVSS5.8AI score0.00325EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:43 p.m.•5 views

CVE-2026-57527 ZAP ViewState Add-on Insecure Deserialization via JSFViewState.decode()

Zed Attack Proxy ZAP ViewState add-on before version 4 contains an insecure deserialization vulnerability that allows attackers who control a proxied web server to achieve arbitrary code execution by embedding a malicious serialized Java object in the javax.faces.ViewState HTTP response parameter...

8.8CVSS6.4AI score0.00463EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2026/06/26 2:43 p.m.•5 views

CVE-2026-45256 Missing permission check in thr_kill2(2)

When used to deliver a signal to a specific thread, thrkill22 called pcansignal to determine whether the operation was permitted but did not check the result before delivering the signal. The signal was sent even when the permission check failed. The system call returned the resulting error to th...

5.9AI score0.00092EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:42 p.m.•5 views

CVE-2026-3472 Markdown image rendering bypass in AI bot tool result posts in Mattermost

Mattermost versions 10.11.x = 10.11.18, 11.6.x = 11.6.3, 11.5.x = 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into to...

3.5CVSS5.8AI score0.00194EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 2:38 p.m.•5 views

CVE-2026-56773 Teable - Missing Authorization in v2 REST API

Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and modify or delete records across bases and tables via endpoints like GET /api/v2/tables/get and POST...

8.8CVSS5.8AI score0.00371EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/26 1:47 p.m.•5 views

CVE-2026-13426 Client4 fails to validate path parameters

The Mattermost Go module github.com/mattermost/mattermost/server/public versions v0.1.22 fail to validate path parameters when constructing API route paths which allows an attacker to redirect API calls to unintended endpoints via crafted IDs containing path traversal components. Mattermost...

5.4CVSS5.8AI score0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 1:8 p.m.•6 views

CVE-2026-57940

HTMLy 3.1.1 contains a Server-Side Request Forgery SSRF vulnerability in the RSS feed import functionality. The function getfeed in system/admin/admin.php passes user-supplied $feedurl directly to filegetcontents without any validation. An authenticated attacker with administrative privileges can...

2.1CVSS5.8AI score0.00229EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 1:1 p.m.•7 views

CVE-2026-53914

In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata...

6.7CVSS6.2AI score0.00196EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 12:38 p.m.•7 views

CVE-2026-57925

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags...

4.3CVSS5.8AI score0.00167EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 12:38 p.m.•9 views

CVE-2026-57926

In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack...

2.6CVSS5.8AI score0.00178EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 12:38 p.m.•7 views

CVE-2026-57924

In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details...

4.3CVSS5.8AI score0.00167EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 12:38 p.m.•7 views

CVE-2026-57923

In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings...

5.3CVSS5.8AI score0.00159EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 12:38 p.m.•7 views

CVE-2026-57921

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint...

4.3CVSS5.8AI score0.00177EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 12:38 p.m.•8 views

CVE-2026-57922

In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible...

3.1CVSS5.8AI score0.00143EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 12:31 p.m.•10 views

CVE-2026-40711

Dell Dell Container Storage Modules, versions csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with remote access...

8CVSS5.9AI score0.00954EPSS
Exploits1References1
Vulnrichment
Vulnrichment
•added 2026/06/26 12:20 p.m.•7 views

CVE-2026-57920

Peplink InControl 2 through 2.14.2 before 2026-06-03 allows use of a semicolon to bypass access-control rules for certain /rest/o/orgId endpoints...

7.7CVSS5.8AI score0.0022EPSS
Exploits1References1
Vulnrichment
Vulnrichment
•added 2026/06/26 12:16 p.m.•4 views

CVE-2025-64152 Apache IoTDB: Path Traversal Vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.6, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.6 and 2.0.7, which fixes the issue...

5.7AI score0.00382EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/26 12:15 p.m.•4 views

CVE-2025-55017 Apache IoTDB: Path Traversal Vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 2.0.0 before 2.0.6, from 1.0.0 before 1.3.6. Users are recommended to upgrade to version 1.3.6 and 2.0.6, which fixes the issue...

5.7AI score0.00382EPSS
Exploits0References1
Total number of security vulnerabilities161697