Lucene search
K

32 matches found

NVD
NVD
added 2026/06/17 2:17 p.m.9 views

CVE-2026-39442

Unauthenticated PHP Object Injection in PressMart = 1.2.26 versions...

8.1CVSS0.00308EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.8 views

EUVD-2026-37684

Unauthenticated PHP Object Injection in PressMart = 1.2.26 versions...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.17 views

CVE-2026-39442 WordPress PressMart theme <= 1.2.26 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in PressMart = 1.2.26 versions...

8.1CVSS0.00308EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/23 3:14 p.m.4 views

CVE-2025-49912

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nks Email Subscription Popup email-subscribe allows Stored XSS.This issue affects Email Subscription Popup: from n/a through = 1.2.26...

5.9CVSS6AI score0.00262EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/22 3:31 p.m.3 views

EUVD-2025-35543

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nks Email Subscription Popup email-subscribe allows Stored XSS.This issue affects Email Subscription Popup: from n/a through = 1.2.26...

5.5AI score0.00262EPSS
Exploits0References2
NVD
NVD
added 2025/10/22 3:15 p.m.4 views

CVE-2025-49912

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nks Email Subscription Popup email-subscribe allows Stored XSS.This issue affects Email Subscription Popup: from n/a through = 1.2.26...

5.9CVSS0.00262EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/10/22 5:8 a.m.3 views

WordPress Email Subscription Popup plugin <= 1.2.26 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Kim YunJi in WordPress Plugin Email Subscription Popup versions = 1.2.26...

5.9CVSS6.1AI score0.00262EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.7 views

WordPress plugin Nks Email Subscription Popup Cross Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

5.9CVSS5.7AI score0.00262EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/22 12:0 a.m.4 views

PT-2025-43179

Name of the Vulnerable Software and Affected Versions Nks Email Subscription Popup versions through 1.2.26 Description The software contains a flaw due to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that malicious scrip...

5.9CVSS5.9AI score0.00262EPSS
Exploits0References4
OSV
OSV
added 2025/05/12 11:15 p.m.2 views

DEBIAN-CVE-2025-46825

Kanboard is project management software that focuses on the Kanban methodology. Versions 1.2.26 through 1.2.44 have a Stored Cross-Site Scripting XSS Vulnerability in the name parameter of the http://localhost/?controller=ProjectCreationController&action=create form. This vulnerability allows...

5.4CVSS5.4AI score0.00285EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2025/03/17 4:26 p.m.328 views

Exploit for Improper Input Validation in Cacti

CVE-2024-25641 Exploit for Cacti 1.2.26 Exploiting CVE-2024-2...

9.1CVSS9.6AI score0.86303EPSS
Exploits17
CNNVD
CNNVD
added 2025/02/18 12:0 a.m.3 views

WordPress plugin Flexible Wishlist for WooCommerce 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

4.3CVSS8.7AI score0.00154EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/02/18 12:0 a.m.5 views

PT-2025-6601 · WordPress · The Flexible Wishlist For Woocommerce

Name of the Vulnerable Software and Affected Versions: Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later plugin for WordPress versions up to, and including, 1.2.26 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on...

4.3CVSS9.3AI score0.00154EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/10/29 12:0 a.m.4 views

PT-2024-38372 · Lunary · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 1.2.26 Description: The issue allows an unauthenticated attacker to inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace character, such as xa0. This can be exploite...

6.5CVSS5.5AI score0.00418EPSS
Exploits1References6
GithubExploit
GithubExploit
added 2024/08/27 1:19 a.m.670 views

Exploit for Improper Input Validation in Cacti

CVE-2024-25641-RCE-Automated-Exploit-Cacti-1.2.26 Fully auto...

9.1CVSS9.6AI score0.86303EPSS
Exploits17
GithubExploit
GithubExploit
added 2024/08/26 1:34 p.m.564 views

Exploit for Improper Input Validation in Cacti

This repository is a PoC exploit for CVE-2024-25641, a vulnerabi...

9.1CVSS10AI score0.86303EPSS
Exploits17
Packet Storm
Packet Storm
added 2024/05/15 12:0 a.m.1331 views

Cacti 1.2.26 Remote Code Execution

---------------------------------------------------------------- Cacti = 1.2.26 import.php Remote Code Execution Vulnerability ---------------------------------------------------------------- - Software Link: https://cacti.net - Affected Versions: Version 1.2.26 and prior versions. - Vulnerabilit...

9.1CVSS9.4AI score0.86303EPSS
Exploits17
CNVD
CNVD
added 2023/12/25 12:0 a.m.25 views

Cacti cross-site scripting vulnerability (CNVD-2023-10109007)

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . Cacti versions prior to 1.2.26 cross-site scripting vulnerability ,...

5.4CVSS7.1AI score0.01481EPSS
Exploits1References1
Prion
Prion
added 2023/12/22 12:15 a.m.26 views

Design/Logic Flaw

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. Bypassing an earlier fix CVE-2023-39360 that leads to a DOM XSS attack. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the...

4.9CVSS6.5AI score0.01481EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2023/12/21 11:29 p.m.36 views

CVE-2023-49086 Cacti is vulnerable to cross-Site scripting (XSS) DOM

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. A vulnerability in versions prior to 1.2.27 bypasses an earlier fix for CVE-2023-39360, therefore leading to a DOM XSS attack. Exploitation of the vulnerability is possible for an...

5.4CVSS5.4AI score0.01481EPSS
Exploits1References6
Rows per page
Query Builder