Lucene search
+L

15676 matches found

Nuclei
Nuclei
added 9 hours ago1019 views

Moodle LTI module Reflected - Cross-Site Scripting

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...

6.1CVSS6AI score0.03747EPSS
Exploits0References5
Nuclei
Nuclei
added 9 hours ago118 views

WordPress Site Editor <=1.1.1 - Local File Inclusion

WordPress Site Editor through 1.1.1 allows remote attackers to retrieve arbitrary files via the ajaxpath parameter to editor/extensions/pagebuilder/includes/ajaxshortcodepattern.php. id: CVE-2018-7422 info: name: WordPress Site Editor =1.1.1 - Local File Inclusion author: LuskaBol,0x240x23elu...

7.5CVSS7.7AI score0.63102EPSS
Exploits7References5
Nuclei
Nuclei
added 9 hours ago39 views

WordPress Admin Font Editor <=1.8 - Cross-Site Scripting

WordPress Admin Font Editor 1.8 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6.3AI score0.03223EPSS
Exploits2References5
CVE
CVE
added 10 hours ago7 views

CVE-2026-15457

Vulnerability summary (CVE-2026-15457) : The Kirki – Freeform Page Builder, Website Builder & Customizer WordPress plugin is vulnerable to a Directory Traversal in all versions up to and including 6.0.13 via the 'family' parameter . Authenticated attackers with editor-level access or higher can d...

4.9CVSS6.2AI score
Exploits0References10
EUVD
EUVD
added 10 hours ago5 views

EUVD-2026-45131

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.0.13 via the 'family' parameter. This makes it possible for authenticated attackers, with editor-level access and above, to delete...

4.9CVSS6.2AI score
Exploits0References10
EUVD
EUVD
added 14 hours ago4 views

EUVD-2026-45083

Grav before 2.0.4 contains a regular expression denial of service ReDoS vulnerability in the regexreplace filter and function, which are allowlisted in the Twig content sandbox. When Twig processing in page content is enabled security.twigcontent.processenabled: true, disabled by default, an...

6.5CVSS6.1AI score
Exploits0References2
NVD
NVD
added yesterday7 views

CVE-2026-59865

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, kiota info read x-ms-kiota-info.languagesInformation..dependencyInstallCommand plus dependency name and version values from an OpenAPI description and presented the spec-supplied command as Kiota's recommended install command,...

9.3CVSS
Exploits0References4
Nuclei
Nuclei
added yesterday26 views

Joomla! JCE extension < 2.9.99.5 unauthenticated RCE

Joomla JCE editor extension contains an unrestricted file upload vulnerability caused by allowing unauthenticated users to create new editor profiles, letting attackers upload and execute PHP code remotely, exploit requires no authentication. id: CVE-2026-48907 info: name: Joomla! JCE extension...

10CVSS7.2AI score0.80425EPSS
Exploits19References4
EUVD
EUVD
added yesterday5 views

EUVD-2025-210478

LogicalDOC Enterprise up to and for v9.1.1 is vulnerable to Local File Inclusion LFI in the OnlyOfficeEditor servlet class, allowing authenticated user to exploit path traversal flaws in the fileExt parameter, enabling unauthorized access to sensitive files outside the designated directories...

6AI score
Exploits0References2
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-59258 immich < 3.0.3 Shared Album Editor Ownership Takeover via updateUser

immich before 3.0.3 contains a broken access control vulnerability in the PUT /albums/:id/user/:userId endpoint that allows shared album editors to modify member roles without owner-only restrictions. Attackers with editor access can demote the album owner to editor and promote themselves to owne...

8.3CVSS0.00315EPSS
Exploits0References5
NVD
NVD
added 3 days ago22 views

CVE-2026-58534

Heap-based buffer overflow in Microsoft Input Method Editor IME allows an authorized attacker to elevate privileges locally...

8.8CVSS0.00325EPSS
Exploits0References1
CVE
CVE
added 3 days ago5 views

CVE-2026-58534

CVE-2026-58534 is a Windows IME heap-based buffer overflow vulnerability that enables local privilege escalation for an authenticated attacker. The affected component is the Microsoft Input Method Editor (IME) in Windows. The root cause, per the available sources, is a heap-based buffer overflow ...

8.8CVSS6.1AI score0.00325EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-58534 Windows Input Method Editor (IME) Elevation of Privilege Vulnerability

...

8.8CVSS0.00325EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago5 views

CVE-2026-50520 Visual Studio Code Remote Code Execution Vulnerability

...

8.4CVSS6.1AI score0.00626EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 3 days ago9 views

Windows Input Method Editor (IME) Elevation of Privilege Vulnerability

Heap-based buffer overflow in Microsoft Input Method Editor IME allows an authorized attacker to elevate privileges locally...

8.8CVSS6.2AI score0.00325EPSS
Exploits0
Rockylinux
Rockylinux
added 3 days ago6 views

gegl04 security update

An update is available for gegl04. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GEGL Generic Graphics Library is a graph-based image processing framework...

7.8CVSS7.3AI score0.00552EPSS
Exploits0
Nuclei
Nuclei
added 3 days ago32 views

LG Simple Editor <= v3.21.0 - Command Injection

LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within t...

9.8CVSS7.5AI score0.87761EPSS
Exploits4References5
NVD
NVD
added 3 days ago8 views

CVE-2026-12511

The AI Engine WordPress plugin before 3.5.5 does not sanitize a user-supplied filename before using it to write a downloaded file, allowing authenticated users with editor-level access to write attacker-controlled bytes to an arbitrary location on the server via path traversal...

8.1CVSS0.00304EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-12511 AI Engine < 3.5.5 - Editor+ Arbitrary File Write via Path Traversal

The AI Engine WordPress plugin before 3.5.5 does not sanitize a user-supplied filename before using it to write a downloaded file, allowing authenticated users with editor-level access to write attacker-controlled bytes to an arbitrary location on the server via path traversal...

0.00304EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-43626

The AI Engine WordPress plugin before 3.5.5 does not sanitize a user-supplied filename before using it to write a downloaded file, allowing authenticated users with editor-level access to write attacker-controlled bytes to an arbitrary location on the server via path traversal...

8.1CVSS6.2AI score0.00304EPSS
Exploits0References1
Rows per page
Query Builder