Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

92 matches found

CVE
CVEadded 2026/02/06 11:21 a.m.21 views

CVE-2026-1293

CVE-2026-1293 affects the WordPress Yoast SEO plugin (versions prior to 26.9, i.e., up to 26.8) with a Stored Cross‑Site Scripting vulnerability in the yoast-schema block attribute. The root cause is insufficient input sanitization and output escaping, enabling authenticated attackers with Contri...

6.4CVSS5.6AI score0.00045EPSS
Exploits0References4
EUVD
EUVDadded 2026/01/07 6:35 a.m.2 views

EUVD-2026-1293

The Quote Comments plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.0. This is due to missing authorization checks in the quotecommentsaddadmin function. This makes it possible for authenticated attackers, with Subscriber-level access and above...

5.3CVSS5.4AI score0.00034EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-4584

Malicious code in bioql PyPI...

8.2CVSS6.3AI score0.00067EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2025/05/22 4:15 p.m.4 views

CVE-2020-1293

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1278...

7.8CVSS6.6AI score0.00378EPSS
Exploits0
RedhatCVE
RedhatCVEadded 2025/02/22 1:23 a.m.6 views

CVE-2025-1293

Hermes versions up to 0.4.0 improperly validated the JWT provided when using the AWS ALB authentication mode, potentially allowing for authentication bypass. This vulnerability, CVE-2025-1293, was fixed in Hermes 0.5.0...

8.2CVSS7AI score0.00067EPSS
Exploits0References1
OSV
OSVadded 2025/02/20 3:32 a.m.5 views

GHSA-VXM9-8MFW-VC6G Hermes improperly validates a JWT

Hermes versions up to 0.4.0 improperly validated the JWT provided when using the AWS ALB authentication mode, potentially allowing for authentication bypass. This vulnerability, CVE-2025-1293, was fixed in Hermes 0.5.0...

8.2CVSS7AI score0.00067EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2025/02/20 3:32 a.m.33 views

Hermes improperly validates a JWT

Hermes versions up to 0.4.0 improperly validated the JWT provided when using the AWS ALB authentication mode, potentially allowing for authentication bypass. This vulnerability, CVE-2025-1293, was fixed in Hermes 0.5.0...

8.2CVSS8.3AI score0.00067EPSS
Exploits0References4Affected Software1
NVD
NVDadded 2025/02/20 1:15 a.m.6 views

CVE-2025-1293

Hermes versions up to 0.4.0 improperly validated the JWT provided when using the AWS ALB authentication mode, potentially allowing for authentication bypass. This vulnerability, CVE-2025-1293, was fixed in Hermes 0.5.0...

8.2CVSS0.00067EPSS
Exploits0References1
CVE
CVEadded 2025/02/20 12:28 a.m.97 views

CVE-2025-1293

Hermes versions up to 0.4.0 improperly validated JWTs when using AWS ALB authentication, potentially allowing authentication bypass. Root cause: JWT validation flaw in the AWS ALB auth flow. Impact per CVE: authentication bypass with high severity (CVSSv3.1 base score 8.2). Affected versions: up ...

8.2CVSS8.3AI score0.00067EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2025/02/20 12:28 a.m.17 views

CVE-2025-1293 HashiCorp Hermes Improperly Validates AWS ALB JWTs, which May Lead to Authentication Bypass

Hermes versions up to 0.4.0 improperly validated the JWT provided when using the AWS ALB authentication mode, potentially allowing for authentication bypass. This vulnerability, CVE-2025-1293, was fixed in Hermes 0.5.0...

8.2CVSS0.00067EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/02/20 12:28 a.m.9 views

CVE-2025-1293 HashiCorp Hermes Improperly Validates AWS ALB JWTs, which May Lead to Authentication Bypass

Hermes versions up to 0.4.0 improperly validated the JWT provided when using the AWS ALB authentication mode, potentially allowing for authentication bypass. This vulnerability, CVE-2025-1293, was fixed in Hermes 0.5.0...

8.2CVSS8.3AI score0.00067EPSS
Exploits0References1
NVD
NVDadded 2024/03/13 4:15 p.m.7 views

CVE-2024-1293

The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the embedded media custom block in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00242EPSS
Exploits0References2
CVE
CVEadded 2024/03/13 3:26 p.m.54 views

CVE-2024-1293

CVE-2024-1293 covers a stored Cross-Site Scripting vulnerability in the Brizy – Page Builder WordPress plugin. The issue arises in the embedded media custom block, affecting all versions up to and including 2.4.40, due to insufficient input sanitization and output escaping. Exploitation requires ...

6.4CVSS6.1AI score0.00242EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessusadded 2023/11/07 12:0 a.m.16 views

Rocky Linux 8 : nodejs:12 (RLSA-2020:1293)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2020:1293 advisory. - An issue was discovered in International Components for Unicode ICU for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exist...

8.8CVSS7.8AI score0.0079EPSS
Exploits0References3
Circl
Circladded 2023/03/09 6:20 p.m.2 views

CVE-2023-1293

creationtimestamp| type| source ---|---|--- 2023-03-09 18:20:33+00:00| seen| https://t.me/cibsecurity/59730...

8.1CVSS6AI score0.00283EPSS
Exploits0References1
Cvelist
Cvelistadded 2023/03/09 2:30 p.m.12 views

CVE-2023-1293 SourceCodester Online Graduate Tracer System admin_cs.php mysqli_query sql injection

A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. This issue affects the function mysqliquery of the file admincs.php. The manipulation leads to sql injection. The attack may be initiated remotely. The complexity of an attack is rather high...

5CVSS8.6AI score0.00283EPSS
Exploits0References3
SUSE CVE
SUSE CVEadded 2023/02/15 5:21 a.m.1 views

SUSE CVE-2015-1293

The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors...

7.5CVSS9.1AI score0.00497EPSS
Exploits1References3
Circl
Circladded 2022/08/02 8:18 p.m.0 views

CVE-2022-1293

creationtimestamp| type| source ---|---|--- 2022-08-02 20:18:20+00:00| seen| https://t.me/cibsecurity/47423...

6.1CVSS6.1AI score0.00282EPSS
Exploits0References1
OSV
OSVadded 2022/08/02 4:15 p.m.0 views

CVE-2022-1293

The embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra conditions...

6.1CVSS5.8AI score
Exploits0References1
CVE
CVEadded 2022/08/02 3:24 p.m.52 views

CVE-2022-1293

CVE-2022-1293 is an XSS vulnerability in Citadel client versions 7.1.1 and earlier. It stems from bypassing the embedded neutralization of a Script-Related HTML Tag and can be bypassed under additional conditions. No exploit details are provided in the connected documents.

6.1CVSS5.9AI score0.00282EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder