Lucene search
+L

3677 matches found

Cvelist
Cvelist
added 2026/02/09 11:41 a.m.27 views

CVE-2026-1960 Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes

Stored Cross-Site Scripting XSS vulnerability in Loggro Pymes, via the 'Facebook' parameter in '/loggrodemo/jbrain/ConsultaTerceros' endpoint...

5.1CVSS0.00403EPSS
Exploits0References1
CVE
CVE
added 2026/02/09 11:41 a.m.18 views

CVE-2026-1960

A Stored Cross-Site Scripting (XSS) vulnerability affects Loggro Pymes, exploitable via the Facebook parameter in the /loggrodemo/jbrain/ConsultaTerceros endpoint. The CVE-2026-1960 description (Loggro Pymes) confirms the issue and shows a CVSS v4.0 base score of 5.1 (MEDIUM) with Network attack ...

5.1CVSS5.4AI score0.00403EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.6 views

Loggro Pymes 跨站脚本漏洞

Loggro Pymes is a cloud-based business management software developed by the Spanish company Loggro. Loggro Pymes has a cross-site scripting vulnerability, which stems from incorrect handling of parameters in the file /loggrodemo/jbrain/ConsultaTerceros, specifically the parameter Facebook. This...

5.1CVSS5.6AI score0.00403EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/02/04 6:8 p.m.153 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 - PoC & Stand 📌 Quick Start 1. Deploy...

10CVSS5.3AI score0.99562EPSS
Exploits376
GithubExploit
GithubExploit
added 2026/01/31 5:43 a.m.161 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55...

10CVSS5.9AI score0.99562EPSS
Exploits390
Malwarebytes
Malwarebytes
added 2026/01/29 9:6 p.m.8 views

Meta confirms it’s working on premium subscription for its apps

Meta plans to test exclusive features that will be incorporated in paid versions of Facebook, Instagram, and WhatsApp. It confirmed these plans to TechCrunch. But these plans are not to be confused with the ad-free subscription options that Meta introduced for Facebook and Instagram in the EU, th...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/01/29 7:56 a.m.161 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182-PoC-http-exec PoC terkait CVE-2025-55182 untu...

10CVSS6AI score0.99562EPSS
Exploits376
RedhatCVE
RedhatCVE
added 2026/01/18 5:26 a.m.6 views

CVE-2025-12825

The User Registration Using Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getcf7formdata' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to retrieve form settings...

5.3CVSS5.3AI score0.00535EPSS
Exploits0References1
NVD
NVD
added 2026/01/17 5:16 a.m.9 views

CVE-2025-12825

The User Registration Using Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getcf7formdata' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to retrieve form settings...

5.3CVSS0.00535EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/17 4:34 a.m.4 views

CVE-2025-12825

The User Registration Using Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getcf7formdata' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to retrieve form settings...

5.3CVSS5.4AI score0.00535EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/17 4:34 a.m.29 views

CVE-2025-12825 User Registration Using Contact Form 7 <= 2.5 - Authenticated (Subscriber+) Information Exposure

The User Registration Using Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getcf7formdata' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to retrieve form settings...

5.3CVSS0.00535EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/17 4:34 a.m.5 views

CVE-2025-12825 User Registration Using Contact Form 7 <= 2.5 - Authenticated (Subscriber+) Information Exposure

The User Registration Using Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getcf7formdata' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to retrieve form settings...

5.3CVSS5.5AI score0.00535EPSS
Exploits0References2
CVE
CVE
added 2026/01/17 4:34 a.m.26 views

CVE-2025-12825

CVE-2025-12825 affects the WordPress plugin User Registration Using Contact Form 7. The issue is a missing capability check in get_cf7_form_data across all versions up to and including 2.5, enabling unauthorized data access (including Facebook app secrets) by unauthenticated users. Connected sour...

5.3CVSS5AI score0.00535EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/17 4:34 a.m.7 views

EUVD-2026-3149

The User Registration Using Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getcf7formdata' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to retrieve form settings...

5.3CVSS4.9AI score0.00535EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/17 12:0 a.m.16 views

PT-2026-3347

The User Registration Using Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get cf7 form data' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to retrieve form...

5.3CVSS5.3AI score0.00535EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/15 7:24 p.m.8 views

CVE-2025-14557

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Drupal Facebook Pixel facebookpixel allows Stored XSS.This issue affects Facebook Pixel: from 7.X-1.0 through 7.X-1.1...

4.8CVSS6AI score0.00188EPSS
Exploits1References1
NVD
NVD
added 2026/01/14 7:16 p.m.9 views

CVE-2025-14557

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Drupal Facebook Pixel facebookpixel allows Stored XSS.This issue affects Facebook Pixel: from 7.X-1.0 through 7.X-1.1...

4.8CVSS0.00188EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/14 6:40 p.m.29 views

CVE-2025-14557 XSS in Drupal 7 Facebook Pixel Module

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Drupal Facebook Pixel facebookpixel allows Stored XSS.This issue affects Facebook Pixel: from 7.X-1.0 through 7.X-1.1...

4.8CVSS0.00188EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/01/14 6:40 p.m.6 views

CVE-2025-14557

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Drupal Facebook Pixel facebookpixel allows Stored XSS.This issue affects Facebook Pixel: from 7.X-1.0 through 7.X-1.1...

4.8CVSS5.5AI score0.00188EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/01/14 6:40 p.m.15 views

CVE-2025-14557

CVE-2025-14557 affects Drupal Facebook Pixel module (facebook_pixel) with stored XSS due to improper input neutralization during page generation. Affected versions are 7.X-1.0 through 7.X-1.1. The vulnerability can allow malicious script injection via input fields rendered on generated pages, as ...

4.8CVSS5.6AI score0.00188EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder