Lucene search
K

368557 matches found

CVE
CVE
added 2 days ago11 views

CVE-2026-12731

The CVE-2026-12731 entry concerns the weDocs WordPress plugin (Docs, Documentation, Wiki & AI Chatbot). Affected: all versions up to 2.3.0. Issue: Stored Cross-Site Scripting via the Block Attributes sectionTitleTag and articleTitleTag, caused by insufficient input sanitization and output escapin...

6.4CVSS5.9AI score0.00206EPSS
Exploits0References5
CVE
CVE
added 2 days ago15 views

CVE-2026-12920

The vulnerability affects the WordPress plugin GDPR Cookie Consent (WPLP Cookie Consent) for all versions up to and including 4.3.5. It is a generic SQL Injection via the 's' parameter caused by insufficient escaping and lack of proper SQL query preparation. Validated impact: authenticated attack...

4.9CVSS5.8AI score0.00301EPSS
Exploits0References6
CVE
CVE
added 2 days ago11 views

CVE-2026-12734

The weDocs WordPress plugin (Authenticated access level: Contributor+) is vulnerable to Stored XSS via the connectorWidth Block Attribute in all versions up to and including 2.3.0. The root cause is insufficient input sanitization and output escaping. Impact: injected scripts can execute when use...

6.4CVSS5.9AI score0.00206EPSS
Exploits0References4
CVE
CVE
added 2 days ago11 views

CVE-2026-12729

The CVE concerns the weDocs: AI Powered Knowledge Base WordPress plugin up to version 2.3.0, where the do_migration() function is exposed via the wedocs_migrate_betterdocs_to_wedocs AJAX action without nonce verification (check_ajax_referer) and without a current_user_can capability check. This a...

4.3CVSS5.6AI score0.00213EPSS
Exploits0References6
CVE
CVE
added 2 days ago7 views

CVE-2026-54919

Technical details for CVE-2026-54919 are not publicly available in the provided documents. Monitor for updates on this reserved candidate.

Exploits0
CVE
CVE
added 2 days ago9 views

CVE-2026-55248

PTSecurity PT-2026-55510/55511 reference CVE-2026-55248 as part of a Plone patch bundle described as “Classic portlet TALES injection to RCE” with auth and portlet management required, alongside CVE-2026-57149 and CVE-2026-55247 (CVSS 9.1/9.9). The connected documents thus provide a high-level im...

Exploits0
CVE
CVE
added 2 days ago8 views

CVE-2026-59185

PTSecurity reports CVE-2026-59185 as an IDOR vulnerability: an attacker could claim someone else’s GitHub App install by submitting the installation ID due to missing ownership checks. The issue affects GitHub App install ownership verification on the vulnerable endpoint, enabling potential unaut...

Exploits0
CVE
CVE
added 2 days ago8 views

CVE-2026-55247

Technical details for CVE-2026-55247 are not publicly available in the provided documents. No affected products, root cause, or remediation are specified. Monitor for updates.

Exploits0
CVE
CVE
added 3 days ago13 views

CVE-2026-54477

CVE-2026-54477 affects the Gardyn IoT Hub admin panel, where the absence of standard security headers allows clickjacking and cross-site scripting. The available data show an impact with low confidentiality and integrity impact (CVSS scores: 5.1/4.0 base metrics, MEDIUM), but no explicit details ...

5.4CVSS5.6AI score0.00238EPSS
Exploits0References3
CVE
CVE
added 3 days ago8 views

CVE-2026-4942

Technical details for CVE-2026-4942 are not publicly available in the provided documents. Monitor for updates.

Exploits0References1
CVE
CVE
added 3 days ago12 views

CVE-2026-55726

CVE-2026-55726 concerns Gardyn IoT Hub: the Azure Blob Storage container used for device logs is publicly listable without authentication, enabling access to any device log file in that container. The root cause is a misconfiguration of storage permissions, exposing logs to unauthenticated users....

6.9CVSS5.8AI score0.00359EPSS
Exploits0References3
CVE
CVE
added 3 days ago15 views

CVE-2026-13768

CVE-2026-13768 affects Gardyn Home Kit and Gardyn Studio. The root cause is exposure of a privileged iothubowner credential, which enables a malicious user to invoke IoTHub Registry Manager functions to obtain connection information for all Gardyn devices and to execute commands on a specific dev...

10CVSS6AI score0.00559EPSS
Exploits1References3
CVE
CVE
added 3 days ago13 views

CVE-2026-13053

WatchGuard Fireware OS has an authenticated out-of-bounds write vulnerability in the CLI command handler (CVE-2026-13053). A privileged, authenticated attacker could trigger code execution via a crafted CLI input. Affected versions include Fireware OS 11.0–11.12.4_Update1, 12.0–12.12, and 2025.1–...

8.6CVSS6.1AI score0.00399EPSS
Exploits0References1
CVE
CVE
added 3 days ago17 views

CVE-2026-13050

Summary (CVE-2026-13050): An out-of-bounds write in WatchGuard Fireware OS is exposed via the networkd component. An authenticated privileged user can trigger arbitrary code execution by sending specially crafted requests to the Management Web UI. Affected: Fireware OS versions 11.8 (through 11.1...

8.6CVSS6.1AI score0.00439EPSS
Exploits0References1
CVE
CVE
added 3 days ago14 views

CVE-2026-13054

CVE-2026-13054 describes a path traversal vulnerability in the WatchGuard Fireware OS Management Web UI that allows a privileged authenticated attacker to write arbitrary files on the Firebox filesystem. Affected: Fireware OS 11.0–11.12.4_Update1, 12.0–12.12, and 2025.1–2026.2. CVSS v4.0 vector i...

8.6CVSS5.9AI score0.00389EPSS
Exploits0References1
CVE
CVE
added 3 days ago15 views

CVE-2026-13079

CVE-2026-13079 describes a local privilege escalation in the WatchGuard Mobile VPN with SSL client for Windows . The issue allows a local attacker to escalate to NT AUTHORITY\SYSTEM on the machine hosting the Windows client. Affected scope includes the Windows client versions up to and including ...

7.3CVSS5.8AI score0.00108EPSS
Exploits0References1
CVE
CVE
added 3 days ago15 views

CVE-2026-8247

WatchGuard Fireware OS contains an out-of-bounds write vulnerability (CVE-2026-8247) affecting Fireware OS 11.0–11.12.4_Update1, 12.0–12.12, and 2025.1–2026.2. An unauthenticated attacker on the same local network segment can potentially execute arbitrary code. The advisory lists the vulnerable c...

7.7CVSS6AI score0.00201EPSS
Exploits0References1
CVE
CVE
added 3 days ago15 views

CVE-2026-13728

WatchGuard Fireware OS on a FireCluster is affected by CVE-2026-13728. Affected versions include Fireware OS 12.1 through 12.12, and 2025.1 through 2026.2. In exception circumstances, an embedded encryption key is used to encrypt saved credentials for Access Portal resources, which constitutes th...

5.9CVSS5.7AI score0.00162EPSS
Exploits0References1
CVE
CVE
added 3 days ago12 views

CVE-2026-13084

CVE-2026-13084 is a null pointer dereference in WatchGuard Fireware OS iked process that enables remote unauthenticated DoS via specially crafted IKEv2 messages. Affected are Fireware OS versions 11.10.2–11.12.4_Update1, 12.0–12.12, and 2025.1–2026.2; impact is high (CVSS 8.7) with network attack...

8.7CVSS5.8AI score0.00495EPSS
Exploits0References1
CVE
CVE
added 3 days ago25 views

CVE-2026-13368

WatchGuard Fireware OS contains a race condition that leads to a use-after-free in LDAP authentication for Mobile User VPN with IKEv2. A remote unauthenticated attacker could exploit this to execute arbitrary code in the iked process on Fireboxes configured to use an external LDAP authentication ...

9.2CVSS6.2AI score0.00588EPSS
Exploits0References1
Rows per page
Query Builder