Lucene search
K

51043 matches found

Nuclei
Nuclei
added 9 hours ago27 views

WP Mobile Detector <= 3.5 - Unrestricted File Upload

WP Mobile Detector plugin for WordPress = 3.5 contains an unrestricted file upload vulnerability caused by missing file type validation in resize.php, letting unauthenticated attackers upload arbitrary files, potentially leading to remote code execution. id: CVE-2016-15043 info: name: WP Mobile...

9.8CVSS6.3AI score0.10032EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago18 views

Newspaper Theme 6.4–6.7.1 - Privilege Escalation

Newspaper Theme versions 6.4 to 6.7.1 for WordPress lacked proper options access control through tdajaxupdatepanel, which led to a Privilege Escalation vulnerability. id: CVE-2016-10972 info: name: Newspaper Theme 6.4–6.7.1 - Privilege Escalation author: pussycat0x severity: critical description:...

9.8CVSS7.1AI score0.09268EPSS
Exploits1References1
Nuclei
Nuclei
added 9 hours ago44 views

WordPress Admin Font Editor <=1.8 - Cross-Site Scripting

WordPress Admin Font Editor plugin indexisto 1.8 and before contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.6AI score0.03432EPSS
Exploits2References5
Nuclei
Nuclei
added 9 hours ago47 views

WordPress Tidio Gallery <=1.1 - Cross-Site Scripting

WordPress plugin tidio-gallery v1.1 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6.6AI score0.04486EPSS
Exploits2References5
Nuclei
Nuclei
added 9 hours ago41 views

ScoreMe Theme - Cross-Site Scripting

WordPress ScoreMe theme through 2016-04-01 contains a reflected cross-site scripting vulnerability via the s parameter which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal...

5.4CVSS6.4AI score0.02796EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago29 views

WordPress Photoxhibit 2.1.8 - Cross-Site Scripting

WordPress Photoxhibit 2.1.8 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials an...

6.1CVSS6.6AI score0.03558EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago45 views

Brafton WordPress Plugin < 3.4.8 - Cross-Site Scripting

The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php. id: CVE-2016-10973 info: name: Brafton WordPress Plugin 3.4.8 - Cross-Site Scripting author: Harsh severity: medium description: | The Brafton plugin...

7.4CVSS6.4AI score0.01975EPSS
Exploits2References3
Nuclei
Nuclei
added 9 hours ago31 views

WordPress enhanced-tooltipglossary 3.2.8 - Cross-Site Scripting

WordPress enhanced-tooltipglossary 3.2.8 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6.6AI score0.04426EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago19 views

WordPress zm-gallery plugin 1.0 SQL Injection

zm-gallery plugin 1.0 for WordPress is susceptible to SQL injection via the order parameter. id: CVE-2016-10940 info: name: WordPress zm-gallery plugin 1.0 SQL Injection author: cckuailong,daffainfo severity: high description: zm-gallery plugin 1.0 for WordPress is susceptible to SQL injection vi...

7.2CVSS7AI score0.05596EPSS
Exploits2References5
Nuclei
Nuclei
added 9 hours ago26 views

WordPress S3 Video <=0.983 - Cross-Site Scripting

WordPress S3 Video and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials...

6.1CVSS6.6AI score0.03209EPSS
Exploits2References5
Nuclei
Nuclei
added 9 hours ago53 views

WordPress e-search <=1.0 - Cross-Site Scripting

WordPress e-search 1.0 and before contains a reflected cross-site scripting vulnerability via titleaz.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.6AI score0.0465EPSS
Exploits2References4
Nuclei
Nuclei
added 9 hours ago37 views

WordPress Simpel Reserveren <=3.5.2 - Cross-Site Scripting

WordPress plugin Simpel Reserveren 3.5.2 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.6AI score0.03977EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago28 views

WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting

WordPress HDW Video Gallery 1.2 and before contains a cross-site scripting vulnerability via playlist.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.6AI score0.0465EPSS
Exploits2References4
Nuclei
Nuclei
added 9 hours ago33 views

Safe Editor Plugin < 1.2 - CSS/JS-injection

The safe-editor plugin before 1.2 for WordPress has no sesave authentication, with resultant XSS. id: CVE-2016-10976 info: name: Safe Editor Plugin 1.2 - CSS/JS-injection author: Splint3r7 severity: medium description: | The safe-editor plugin before 1.2 for WordPress has no sesave authentication...

6.1CVSS6.4AI score0.01506EPSS
Exploits2References3
Microsoft Security Update
Microsoft Security Update
added yesterday6 views

2026-07 Cumulative Update for Windows Server 2016 for x64-based Systems (KB5099535)

2026-07 Cumulative Update for Windows Server 2016 for x64-based Systems KB5099535...

6.1AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added yesterday4 views

2026-07 Cumulative Update for .NET Framework 4.8 for Windows Server 2016 for x64 (KB5101007)

2026-07 Cumulative Update for .NET Framework 4.8 for Windows Server 2016 for x64 KB5101007...

6.1AI score
Exploits0
Microsoft KB
Microsoft KB
added yesterday19 views

May 12, 2026—KB5087537 (OS Build 14393.9140)

None None...

9.8CVSS6.8AI score0.72253EPSS
Exploits32
Microsoft KB
Microsoft KB
added yesterday7 views

Description of the security update for Microsoft Exchange Server 2016 CU23: July 14, 2026 (KB5103215)

None None...

9.6CVSS6.1AI score
Exploits0
Microsoft KB
Microsoft KB
added yesterday105 views

May 12, 2026-KB5087065 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server 2016

None None...

7.8CVSS7AI score0.00662EPSS
Exploits0
Microsoft KB
Microsoft KB
added yesterday17 views

Description of the security update for SharePoint Server 2016: June 9, 2026 (KB5002880)

None None...

9.8CVSS6.5AI score0.01982EPSS
Exploits0
Rows per page
Query Builder