Lucene search
K

22766 matches found

CVE
CVE
added 15 hours ago13 views

CVE-2026-8804

The CVE concerns Puppet’s resource_api (bundled with Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x). A vulnerability exists where the sensitive flag on parameters defined via the resource-api is not preserved, causing values such as passwords to be stored in cleartext in the agent’s l...

6.7CVSS5.9AI score
Exploits0References1
Nuclei
Nuclei
added 20 hours ago106 views

Monstra CMS 3.0.4 - HTTP Header Injection

Monstra CMS 3.0.4 is susceptible to HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter. An attacker can potentially supply invalid input and cause the server to allow redirects to attacker-controlled domains, perform cache poisoning, and/or allow improper access to...

6.1CVSS6.8AI score0.0302EPSS
Exploits1References3
Nuclei
Nuclei
added 20 hours ago33 views

WordPress W3 Total Cache <2.1.5 - Cross-Site Scripting

WordPress W3 Total Cache plugin before 2.1.5 is susceptible to cross-site scripting via the extension parameter in the Extensions dashboard, when the setting 'Anonymously track usage to improve product quality' is enabled. The parameter is output in a JavaScript context without proper escaping...

6.1CVSS6.2AI score0.01996EPSS
Exploits2References3
Nuclei
Nuclei
added 20 hours ago78 views

Sercomm VD625 Smart Modems - CRLF Injection

Sercomm AGCOMBO VD625 Smart Modems with firmware version AGSOT2.1.0 are vulnerable to Carriage Return Line Feed CRLF injection via the Content-Disposition header. id: CVE-2021-27132 info: name: Sercomm VD625 Smart Modems - CRLF Injection author: geeknik severity: critical description: Sercomm...

9.8CVSS7.2AI score0.16687EPSS
Exploits1References5
Nuclei
Nuclei
added 20 hours ago60 views

Apache mod_userdir CRLF injection

Apache CRLF injection allowing HTTP response splitting attacks on sites using moduserdir. id: CVE-2016-4975 info: name: Apache moduserdir CRLF injection author: melbadry9,nadino,xElkomy severity: medium description: Apache CRLF injection allowing HTTP response splitting attacks on sites using...

6.1CVSS6.6AI score0.19798EPSS
Exploits0References5
Nuclei
Nuclei
added 20 hours ago11 views

WP Google Maps < 9.0.48 - Cross-Site Scripting

WP Google Maps WordPress plugin 9.0.48 contains a stored XSS vulnerability caused by unsanitized user input in AJAX actions, letting unauthenticated attackers execute scripts via stored payloads. id: CVE-2025-11307 info: name: WP Google Maps 9.0.48 - Cross-Site Scripting author: 0xAkoko severity:...

8.8CVSS6AI score0.01939EPSS
Exploits0References2
Nuclei
Nuclei
added 20 hours ago21 views

LiteSpeed Cache <= 5.7 - Unauthenticated Stored XSS

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache- from n/a through 5.7. id: CVE-2023-40000 info: name: LiteSpeed Cache = 5.7 - Unauthenticated Stored XSS...

8.3CVSS7AI score0.54872EPSS
Exploits5References3
Nuclei
Nuclei
added 20 hours ago17 views

WordPress WP Fastest Cache <= 0.9.0.2 - Authenticated Arbitrary File Deletion

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete...

8.1CVSS6AI score0.01367EPSS
Exploits1References4
Nuclei
Nuclei
added 20 hours ago6 views

W3 Total Cache < 2.8.2 - Log File Exposure

The plugin is vulnerable to Information Exposure through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For example, the log file may contain nonce values that can be used in further CSRF...

7.5CVSS7.1AI score0.02169EPSS
Exploits0References3
Nuclei
Nuclei
added 20 hours ago17 views

LiteSpeed Cache <= 6.5.0.2 - Stored XSS

LiteSpeed Technologies LiteSpeed Cache versions up to 6.5.0.2 contain a stored cross-site scripting caused by improper input neutralization during web page generation, letting attackers execute malicious scripts in victim browsers, exploit requires storing malicious input. id: CVE-2024-47374 info...

7.1CVSS6AI score0.0141EPSS
Exploits0References2
EUVD
EUVD
added yesterday7 views

EUVD-2026-37817

Steeltoe's static JWKS cache shared across schemes and never invalidated...

5.9CVSS5.8AI score0.0029EPSS
Exploits0References4
EUVD
EUVD
added yesterday6 views

EUVD-2026-41427

Dapr Sentry's OIDC discovery endpoint derives the issuer and jwksuri of the /.well-known/openid-configuration document from the request Host, honoring an attacker-controlled X-Forwarded-Host header without validation when no allowed-hosts list is configured the default, and serves the document wi...

8.2CVSS5.8AI score
Exploits0References4
NVD
NVD
added yesterday4 views

CVE-2026-57623

Unauthenticated Arbitrary Code Execution in W3 Total Cache = 2.9.4 versions...

9CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday31 views

CVE-2026-57623 WordPress W3 Total Cache plugin <= 2.9.4 - Arbitrary Code Execution vulnerability

Unauthenticated Arbitrary Code Execution in W3 Total Cache = 2.9.4 versions...

9CVSS
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-57623

CVE-2026-57623 affects the WordPress W3 Total Cache plugin (versions

9CVSS5.9AI score
Exploits0References1
Nuclei
Nuclei
added yesterday162 views

WP Fastest Cache 1.2.2 - SQL Injection

The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. id: CVE-2023-6063 info: name: WP Fastest Cache 1.2.2 - SQL Injection author: DhiyaneshDK...

7.5CVSS7.2AI score0.73708EPSS
Exploits11References5
Nuclei
Nuclei
added yesterday65 views

LiteSpeed Cache <= 6.4.1 - Sensitive Information Exposure

The LiteSpeed Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.1 through the debug.log file that is publicly exposed. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the...

9.8CVSS7.4AI score0.83178EPSS
Exploits7References5
RedHat Linux
RedHat Linux
added yesterday5 views

io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records

A flaw was found in Netty's DnsResolveContext. An attacker controlling an authoritative name server for a subdomain can exploit this vulnerability by providing crafted NS records that are insufficiently validated. This allows the attacker to poison the DNS cache for parent domains, bypassing...

10CVSS5.9AI score0.00285EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added yesterday3 views

next.js: Next.js: Denial of Service via crafted POST requests to server actions

A flaw was found in Next.js. Applications utilizing Partial Prerendering via the Cache Components feature are susceptible to connection exhaustion. A remote attacker can send crafted POST requests to a server action, triggering a request-body handling deadlock. This leaves connections open,...

7.5CVSS6AI score0.00509EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added yesterday3 views

io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files

A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response...

6.9CVSS6.6AI score0.00343EPSS
Exploits1References5
Rows per page
Query Builder