Lucene search
K

128551 matches found

Nuclei
Nuclei
added yesterday192 views

Mongo-Express - Remote Code Execution

Mongo-Express before 1.0.0 is susceptible to remote code execution because it uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed leading to remote code execution in the context of the node server. id: CVE-2020-24391 info: nam...

9.8CVSS7.4AI score0.74519EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday19 views

ZZZCMS ZZZPHP 1.6.3 – Remote PHP Code Execution (RCE)

ZZZCMS zzzphp v1.6.3 contains a remote code execution caused by lack of restrictions in inc/zzzfile.php, letting attackers execute arbitrary PHP code via a crafted URL in the plugins/ueditor/php/controller.php?action=catchimage source parameter, exploit requires attacker to send malicious URL and...

9.8CVSS7.5AI score0.06589EPSS
Exploits1References2
NVD
NVD
added 2 days ago8 views

CVE-2026-13710

The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget's 'sgbodydescription' parameter in versions up to, and including, 3.2.6. This is due to insufficient input...

6.4CVSS0.00206EPSS
Exploits0References8
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-13710 Jeg Kit for Elementor <= 3.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sg_body_description' Parameter via 'jkit_image_box' Shortcode/Widget

The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget's 'sgbodydescription' parameter in versions up to, and including, 3.2.6. This is due to insufficient input...

6.4CVSS0.00206EPSS
Exploits0References8
CVE
CVE
added 2 days ago9 views

CVE-2026-13710

The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress is affected by a Stored Cross-Site Scripting vulnerability in the Image Box widget’s sg_body_description parameter, affecting versions up to 3.2.6. The issue stems from insufficient input sanitization and...

6.4CVSS6.2AI score0.00206EPSS
Exploits0References8
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-42861

The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget's 'sgbodydescription' parameter in versions up to, and including, 3.2.6. This is due to insufficient input...

6.4CVSS6.2AI score0.00206EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 4 days ago3 views

Security Bulletin: Consul-template is vulnerable to path redirection in writeToFile through symlink attack

Summary The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be written outside the intended directory or to overwrite an existing file. This vulnerability CVE-2026-14361 is fixed in...

4.7CVSS5.8AI score0.00105EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-58501 Zeep SSRF because Settings.forbid_external is not enforced

Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbidexternal is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker-chosen HTTP or HTTPS URLs. This issue is fix...

5.9CVSS0.00252EPSS
Exploits0References3
NVD
NVD
added 4 days ago12 views

CVE-2026-57258

The PRC file header parsing logic trusts the constructed file structure description information, assumes that the underlying array contains elements and reads them, leading to out-of-bounds reads and application crashes...

6.1CVSS0.00112EPSS
Exploits0References1
OSV
OSV
added 4 days ago6 views

DEBIAN-CVE-2026-56002

Bulletin has no description...

8.5CVSS5.9AI score0.00529EPSS
Exploits0References1
OSV
OSV
added 4 days ago6 views

ECHO-2E89-77F4-18BD

Bulletin has no description...

7.1CVSS5.9AI score0.0026EPSS
Exploits0References2
OSV
OSV
added 4 days ago6 views

MINI-2MHV-XWHX-5443

Bulletin has no description...

4.3CVSS5.9AI score0.00169EPSS
Exploits0
OSV
OSV
added 4 days ago5 views

MINI-9P9H-J38P-CHGC

Bulletin has no description...

5.4CVSS5.9AI score0.00171EPSS
Exploits0
OSV
OSV
added 4 days ago5 views

MINI-F253-3W9J-2H92

Bulletin has no description...

4.3CVSS5.9AI score0.0023EPSS
Exploits0
OSV
OSV
added 4 days ago5 views

MINI-V9RC-C4VP-FFWC

Bulletin has no description...

4.3CVSS5.9AI score0.0023EPSS
Exploits0
OSV
OSV
added 4 days ago4 views

MINI-3XWH-W8F9-5C56

Bulletin has no description...

7.8CVSS5.9AI score0.0012EPSS
Exploits0
OSV
OSV
added 4 days ago7 views

MINI-P3X8-X5FW-HC4F

Bulletin has no description...

4.2CVSS5.9AI score0.00165EPSS
Exploits0
OSV
OSV
added 4 days ago7 views

MINI-7R49-24H8-RGPF

Bulletin has no description...

4.3CVSS5.9AI score0.0023EPSS
Exploits0
OSV
OSV
added 4 days ago5 views

MINI-CJ95-7GRH-4M3J

Bulletin has no description...

6.5CVSS5.9AI score0.00229EPSS
Exploits0
OSV
OSV
added 4 days ago5 views

MINI-MJF4-89F3-W2XF

Bulletin has no description...

4.3CVSS5.9AI score0.00201EPSS
Exploits0
Rows per page
Query Builder