Busca de CVEs
361.791 resultadosCVE-2025-68064HIGHWordPress Goya Core plugin < 1.0.9.4 - Local File Inclusion vulnerabilityEPSS 0.3%CVE-2025-68063HIGHWordPress Splash - Sport Club WordPress theme for Basketball, Football, Hockey theme <= 4.4.3 - Local File Inclusion vulnerabilityEPSS 0.3%CVE-2025-68052HIGHWordPress Eagle Booking plugin <= 1.3.4.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-66123MEDIUMWordPress BookPro plugin <= 1.1.0 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2025-64637MEDIUMWordPress Auros Core plugin <= 5.3.1 - Content Injection vulnerabilityEPSS 0.2%CVE-2025-64636MEDIUMWordPress Donation Thermometer plugin <= 2.2.7 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-63079MEDIUMWordPress Live Copy Paste for Elementor plugin <= 1.5.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-63078MEDIUMWordPress Restaurant Menu by MotoPress plugin <= 2.4.11 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-63041MEDIUMWordPress Forget About Shortcode Buttons plugin <= 2.1.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-45257HIGHArbitrary file overwrite via the KTLS receive pathEPSS 0.2%CVE-2026-4339MEDIUMSSRF via unvalidated attachment URLs in Mattermost Agents plugin MCP serverEPSS 0.1%CVE-2026-9699MEDIUMMattermost Agents plugin logs unsanitized OpenAI API keys on authentication errorsEPSS 0.3%CVE-2026-57527HIGHZAP ViewState Add-on Insecure Deserialization via JSFViewState.decode()EPSS 0.5%CVE-2026-45256MEDIUMMissing permission check in thr_kill2(2)EPSS 0.1%CVE-2026-3472LOWMarkdown image rendering bypass in AI bot tool result posts in MattermostEPSS 0.2%CVE-2026-56773HIGHTeable - Missing Authorization in v2 REST APIEPSS 0.4%CVE-2026-13426MEDIUMClient4 fails to validate path parametersEPSS 0.2%CVE-2026-57940LOWHTMLy 3.1.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the RSS feed import functionality. The function get_feed() in sysEPSS 0.2%CVE-2026-53914MEDIUMIn JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadataEPSS 0.2%CVE-2026-57926LOWIn JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attackEPSS 0.2%