Lucene search
K

18172 matches found

Circl
Circl
added yesterday4 views

CVE-2026-13252

creationtimestamp| type| source ---|---|--- 2026-07-02 12:15:08+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mpnz363ygk2i 2026-07-02 22:17:33+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpp2qeyxaa2b...

6.4CVSS5.8AI score0.00274EPSS
Exploits0References2
Circl
Circl
added yesterday4 views

CVE-2026-20243

creationtimestamp| type| source ---|---|--- 2026-07-02 09:45:20+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1941 2026-07-02 13:50:32+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mpo6fqhjmd2f 2026-07-02 13:55:08+00:00| seen|...

7.5CVSS5.7AI score0.00389EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday33 views

Schools Alert Management Script - Arbitrary File Read

Schools Alert Management Script is susceptible to an arbitrary file read vulnerability via the f parameter in img.php, aka absolute path traversal. id: CVE-2018-12054 info: name: Schools Alert Management Script - Arbitrary File Read author: wisnupramoedya severity: high description: Schools Alert...

7.5CVSS7.2AI score0.39391EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday38 views

WordPress Easy Forms for Mailchimp Plugin < 6.8.9 - Cross-Site Scripting

The Easy Forms for Mailchimp plugin before version 6.8.9 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the sqlerror parameter before outputting it back in the page when the debug option is enabled, which could allow attackers to execute...

6.1CVSS6.5AI score0.01092EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday43 views

Jenkins build-metrics 1.3 - Cross-Site Scripting

Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides. id: CVE-2019-10475 info: name: Jenkins build-metrics 1.3 - Cross-Site Scripting author: madrobot severity...

6.1CVSS6.4AI score0.57735EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday28 views

WordPress W3 Total Cache <2.1.4 - Cross-Site Scripting

WordPress W3 Total Cache plugin before 2.1.4 is susceptible to cross-site scripting within the extension parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This can allow an attacker to convince an authenticated admin into clicking a link to run...

6.1CVSS6AI score0.01905EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday61 views

WordPress Order Listener for WooCommerce <3.2.2 - SQL Injection

WordPress Order Listener for WooCommerce plugin before 3.2.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute...

9.8CVSS7.4AI score0.09792EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday33 views

ZEROF Web Server 2.0 - Cross-Site Scripting

ZEROF Web Server 2.0 allows /admin.back cross-site scripting. id: CVE-2022-25323 info: name: ZEROF Web Server 2.0 - Cross-Site Scripting author: pikpikcu severity: medium description: ZEROF Web Server 2.0 allows /admin.back cross-site scripting. impact: | Successful exploitation of this...

6.1CVSS5.9AI score0.03245EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday26 views

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS5.8AI score0.01331EPSS
Exploits1References2
Securelist
Securelist
added yesterday4 views

Missed incidents, persistent threats, and response gaps: Insights from compromise assessment projects

The following analysis presents the key findings from Kaspersky Compromise Assessment engagements performed in 2025. A compromise assessment is an independent, expert-driven service that examines whether a target network has been compromised. The service combines threat intelligence analysis...

6.5AI score
Exploits0
Circl
Circl
added 2 days ago4 views

CVE-2026-8857

creationtimestamp| type| source ---|---|--- 2026-07-01 15:57:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mplv2ozox62e 2026-07-02 02:52:01+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmzm7zulw2q 2026-07-02 07:01:22+00:00| seen|...

5.8AI score0.00267EPSS
Exploits0References3
Circl
Circl
added 2 days ago6 views

CVE-2026-46227

creationtimestamp| type| source ---|---|--- 2026-07-01 15:21:17+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mplsz4acbv2o 2026-07-02 07:15:17+00:00| seen| https://www.hkcert.org/security-bulletin/redhat-linux-kernel-multiple-vulnerabilities20260702...

7.8CVSS5.8AI score0.00104EPSS
Exploits0References2
Chainguard
Chainguard
added 2 days ago3 views

GHSA-54JR-PMX4-5PVR vulnerabilities

Vulnerabilities for packages: firefox-esr, firefox...

5.8AI score
Exploits0
Circl
Circl
added 2 days ago6 views

CVE-2026-12577

creationtimestamp| type| source ---|---|--- 2026-07-01 09:12:37+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpl6fvmdgh2o 2026-07-01 09:36:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpl7pxbybt2d 2026-07-01 15:26:19+00:00| seen|...

8.7CVSS5.8AI score0.00253EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-40922

The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.9.5. This is due to the plugin not properly validating a user's identity prior to updati...

9.8CVSS5.9AI score0.0038EPSS
Exploits0References8
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-11387 SMS Alert <= 3.9.5 - Unauthenticated Privilege Escalation via Arbitrary Password Reset

The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.9.5. This is due to the plugin not properly validating a user's identity prior to updati...

9.8CVSS0.0038EPSS
Exploits0References8
Circl
Circl
added 2 days ago3 views

CVE-2026-48276

creationtimestamp| type| source ---|---|--- 2026-07-01 02:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mpkgmzkfc726 2026-07-01 09:45:03+00:00| seen| https://www.cert.dk/news/2026-07-01/Kritiske-ColdFusion-saarbarheder-aabner-for-fuld-serverovertagelse 2026-07-01 12:00:35+00:00|...

10CVSS6AI score0.00917EPSS
Exploits0References6
Circl
Circl
added 4 days ago7 views

CVE-2026-10648

creationtimestamp| type| source ---|---|--- 2026-06-29 23:58:14+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mphoxnxguj2q 2026-06-30 01:55:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mphvjll4t22o...

6.2CVSS5.8AI score0.00109EPSS
Exploits1References2
Circl
Circl
added 4 days ago8 views

CVE-2026-57956

creationtimestamp| type| source ---|---|--- 2026-06-29 19:13:18+00:00| seen| https://bsky.app/profile/qiancx.bsky.social/post/3mph725ba3a2w 2026-06-29 19:13:18+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mph725cpjm2n 2026-06-29 21:54:04+00:00| seen|...

6.4CVSS5.8AI score0.00177EPSS
Exploits0References3
NVD
NVD
added 4 days ago9 views

CVE-2026-57955

SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers to execute arbitrary ClickHouse queries by injecting URL-encoded quotes into the rule ID path parameter of the alert-history endpoints. Attackers can manipulate the unsanitized rule ID interpolated...

8.5CVSS0.00235EPSS
Exploits0References2
Rows per page
Query Builder