Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

82 matches found

Nuclei
Nucleiadded 16 hours ago9 views

Zarinpal Paid Download - Reflected XSS

Zarinpal Paid Download WordPress plugin v2.3 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users such as admin, exploit requires...

6.1CVSS7.2AI score0.01706EPSS
Exploits1References2
NVD
NVDadded 2026/05/27 2:16 a.m.11 views

CVE-2026-6565

The Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '/wp-json/agwp/v1/tokens/save' endpoint kit title parameter in versions up to, and including, 2.5.0 due to insufficient input...

6.4CVSS0.00032EPSS
Exploits0References2
CVE
CVEadded 2026/05/13 2:22 p.m.7 views

CVE-2020-37225

Powie’s WHOIS Domain Check 0.9.31 has a persistent cross-site scripting (XSS) vulnerability in pwhois_settings.php, exploitable by authenticated attackers via unsanitized input in plugin settings (textarea/input fields). This can execute JavaScript in the admin context and may enable privilege es...

6.4CVSS5.9AI score0.00036EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/05/13 2:22 p.m.4 views

CVE-2020-37225 Powie's WHOIS Domain Check 0.9.31 Persistent Cross-Site Scripting

Powie's WHOIS Domain Check 0.9.31 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by exploiting unsanitized input fields in plugin settings. Attackers can submit malicious payloads through textarea and input elements in t...

6.4CVSS5.9AI score0.00036EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/05/13 2:22 p.m.24 views

CVE-2020-37225 Powie's WHOIS Domain Check 0.9.31 Persistent Cross-Site Scripting

Powie's WHOIS Domain Check 0.9.31 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by exploiting unsanitized input fields in plugin settings. Attackers can submit malicious payloads through textarea and input elements in t...

6.4CVSS0.00036EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/04/09 2:25 a.m.1 views

CVE-2026-3568

The MStore API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.18.3. This is due to the updateuserprofile function in controllers/flutter-user.php processing the 'metadata' JSON parameter without any allowlist, blocklist, or validatio...

4.3CVSS6AI score0.00042EPSS
Exploits0References9
OSV
OSVadded 2026/04/01 9:54 p.m.4 views

GHSA-R4V5-RWR2-Q7R4 CI4MS: Logs Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Stored DOM Blind XSS via Logs Interface Rendering Administrative Context Execution - Stored Cross-Site Scripting Blind XSS via Unsafe Rendering of User-Controlled Logged Data Description The application renders user-controlled input unsafely within the logs interface. If an...

9.1CVSS6.2AI score0.00022EPSS
Exploits1References4
EUVD
EUVDadded 2026/03/21 6:30 a.m.2 views

EUVD-2026-14014

The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.5.3 via survey result submissions. This is due to insufficient input sanitization and output escaping. The public survey page exposes the nonce required for submission, allowing...

7.2CVSS5.8AI score0.00113EPSS
Exploits0References4
NVD
NVDadded 2026/03/21 4:17 a.m.2 views

CVE-2026-2440

The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.5.3 via survey result submissions. This is due to insufficient input sanitization and output escaping. The public survey page exposes the nonce required for submission, allowing...

7.2CVSS0.00113EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/03/21 12:0 a.m.3 views

PT-2026-26837

The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.5.3 via survey result submissions. This is due to insufficient input sanitization and output escaping. The public survey page exposes the nonce required for submission, allowing...

7.2CVSS5.8AI score0.00113EPSS
Exploits0References4
CVE
CVEadded 2026/03/15 6:34 p.m.3 views

CVE-2015-20115

CVE-2015-20115 concerns RealtyScript 4.0.2 from Next Click Ventures. The connected documents confirm a stored cross-site scripting issue via the file upload parameter in admin/tools.php, caused by inadequate sanitization of uploaded files. Attackers could place JavaScript in uploads that would ex...

7.2CVSS5.9AI score0.00035EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVEadded 2026/03/05 7:30 p.m.3 views

CVE-2026-20062

A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance ASA Software in multiple context mode could allow an authenticated, local attacker with administrative privileges in one context to copy files to or from another context, including configuration files. This...

7.2CVSS6AI score0.00006EPSS
Exploits0References1
NVD
NVDadded 2026/03/04 6:16 p.m.3 views

CVE-2026-20062

A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance ASA Software in multiple context mode could allow an authenticated, local attacker with administrative privileges in one context to copy files to or from another context, including configuration files. This...

7.2CVSS0.00006EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/03/04 5:22 p.m.2 views

CVE-2026-20062

A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance ASA Software in multiple context mode could allow an authenticated, local attacker with administrative privileges in one context to copy files to or from another context, including configuration files. This...

7.2CVSS6AI score0.00006EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/03/04 5:22 p.m.29 views

CVE-2026-20062

A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance ASA Software in multiple context mode could allow an authenticated, local attacker with administrative privileges in one context to copy files to or from another context, including configuration files. This...

7.2CVSS0.00006EPSS
Exploits0References1
CVE
CVEadded 2026/03/04 5:22 p.m.37 views

CVE-2026-20062

CVE-2026-20062 has concrete details in connected PT-2026-3647/3648 entries: it is a Rust vulnerability that affects versions

7.2CVSS6AI score0.00006EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/03/04 5:22 p.m.5 views

CVE-2026-20062

A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance ASA Software in multiple context mode could allow an authenticated, local attacker with administrative privileges in one context to copy files to or from another context, including configuration files. This...

7.2CVSS6AI score0.00006EPSS
Exploits0References2Affected Software1
Cisco
Ciscoadded 2026/03/04 4:0 p.m.7 views

Cisco Secure Firewall Adaptive Security Appliance Software Multiple Context Mode SCP Unauthorized File Access Vulnerability

A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance ASA Software in multiple context mode could allow an authenticated, local attacker with administrative privileges in one context to copy files to or from another context, including configuration files. This...

7.2CVSS6AI score0.00006EPSS
Exploits0References1
OSV
OSVadded 2026/02/20 5:25 p.m.1 views

CVE-2026-27504

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in radiomobilefront.php via the stationid query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value into a hidden input value field, allowi...

5.1CVSS5.8AI score0.00049EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/01/28 12:29 p.m.25 views

CVE-2020-36993 LimeSurvey <= 4.3.10 - 'Survey Menu' Persistent Cross-Site Scripting

LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenutitle and Surveymenuparentid parameters to execute arbitrary JavaScript in administrative contexts...

5.4CVSS0.00025EPSS
Exploits1References4
Rows per page
Query Builder