Lucene search
K

171 matches found

NVD
NVD
added yesterday5 views

CVE-2026-57764

Contributor Cross Site Scripting XSS in Surbma | Yoast SEO Breadcrumb Shortcode = 1.2 versions...

6.5CVSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-57764

CVE-2026-57764 : Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Surbma | Yoast SEO Breadcrumb Shortcode, affecting versions

6.5CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added yesterday7 views

CVE-2026-57764 WordPress Surbma | Yoast SEO Breadcrumb Shortcode plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting XSS in Surbma | Yoast SEO Breadcrumb Shortcode = 1.2 versions...

6.5CVSS
Exploits0References1
Nuclei
Nuclei
added yesterday22 views

WordPress Catch Breadcrumb <1.5.4 - Cross-Site Scripting

WordPress Catch Breadcrumb plugin before 1.5.4 contains a reflected cross-site scripting vulnerability via the s parameter a search query. Also affected are 16 themes if the plugin is enabled: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean...

6.1CVSS6.2AI score0.03611EPSS
Exploits2References5
Patchstack
Patchstack
added yesterday6 views

WordPress Surbma | Yoast SEO Breadcrumb Shortcode plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Surbma | Yoast SEO Breadcrumb Shortcode versions = 1.2...

6.5CVSS5.8AI score
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/24 6:32 p.m.6 views

EUVD-2026-38800

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the File View breadcrumb renderer...

4.6CVSS5.9AI score0.00256EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 4:16 p.m.10 views

CVE-2026-50704

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the File View breadcrumb renderer...

4.6CVSS0.00256EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 2:46 p.m.5 views

CVE-2026-50704

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the File View breadcrumb renderer...

4.6CVSS5.9AI score0.00256EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 2:33 p.m.9 views

CVE-2026-50701

Frappe Framework 17.0.0-dev is affected by a Reflected DOM XSS in the dashboard-view component due to improper neutralization of user-controlled input. The CVE entry (CVE-2026-50701) shows a CVSS v4.0 base score of 5.1 (MEDIUM) with no listed exploit details in the provided documents. The vulnera...

5.1CVSS5.8AI score0.00268EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 2:33 p.m.30 views

CVE-2026-50701 Frappe Framework 17.0.0-dev - Reflected DOM XSS in dashboard-view breadcrumb rendering

A Reflected Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the dashboard-view component...

5.1CVSS0.00268EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.11 views

CVE-2026-25557

Evoluted PHP Directory Listing Script through 4.0.5 contains a reflected cross-site scripting vulnerability in index.php where the dir parameter value is reflected without HTML encoding inside the HTML title element and inside anchor href attributes in the breadcrumb navigation. Attackers can...

5.4CVSS5.5AI score0.00187EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 9:17 p.m.11 views

CVE-2026-25557

Evoluted PHP Directory Listing Script through 4.0.5 contains a reflected cross-site scripting vulnerability in index.php where the dir parameter value is reflected without HTML encoding inside the HTML title element and inside anchor href attributes in the breadcrumb navigation. Attackers can...

5.4CVSS0.00187EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 8:49 p.m.31 views

CVE-2026-25557 Evoluted PHP Directory Listing Script 4.0.5 Reflected XSS via dir parameter

Evoluted PHP Directory Listing Script through 4.0.5 contains a reflected cross-site scripting vulnerability in index.php where the dir parameter value is reflected without HTML encoding inside the HTML title element and inside anchor href attributes in the breadcrumb navigation. Attackers can...

5.4CVSS0.00187EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 8:49 p.m.7 views

CVE-2026-25557 Evoluted PHP Directory Listing Script 4.0.5 Reflected XSS via dir parameter

Evoluted PHP Directory Listing Script through 4.0.5 contains a reflected cross-site scripting vulnerability in index.php where the dir parameter value is reflected without HTML encoding inside the HTML title element and inside anchor href attributes in the breadcrumb navigation. Attackers can...

5.4CVSS5.5AI score0.00187EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 8:49 p.m.29 views

CVE-2026-25557

CVE-2026-25557 affects Evoluted PHP Directory Listing Script

5.4CVSS5.5AI score0.00187EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Evoluted PHP Directory Listing Script 跨站脚本漏洞

Evoluted PHP Directory Listing Script is a PHP-based directory indexing and file browsing script developed by the British company Evoluted. Versions of Evoluted PHP Directory Listing Script 4.0.5 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the dir...

5.4CVSS5.2AI score0.00187EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 7:16 a.m.9 views

CVE-2026-8708

The Genzel breadcrumbs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the optionspage function. This makes it possible for unauthenticated attackers to update the plugin's breadcru...

4.3CVSS0.00128EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/27 5:31 a.m.9 views

CVE-2026-8708 Genzel breadcrumbs <= 1.2 - Cross-Site Request Forgery to Settings Update via Plugin Settings Page

The Genzel breadcrumbs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the optionspage function. This makes it possible for unauthenticated attackers to update the plugin's breadcru...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/27 5:31 a.m.16 views

EUVD-2026-32090

The Genzel breadcrumbs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the optionspage function. This makes it possible for unauthenticated attackers to update the plugin's breadcru...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References4
CVE
CVE
added 2026/05/27 5:31 a.m.21 views

CVE-2026-8708

CVE-2026-8708 affects the Genzel breadcrumbs WordPress plugin (versions up to 1.2). The issue is a Cross-Site Request Forgery due to missing or incorrect nonce validation in the _options_page function, allowing unauthenticated attackers to modify plugin settings (templates, delimiter, home label/...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References4
Rows per page
Query Builder