Lucene search
K

1706 matches found

Nuclei
Nuclei
added yesterday48 views

Emerson Dixell XWEB-500 - Arbitrary File Write

Emerson Dixell XWEB-500 contains an arbitrary file write caused by unauthenticated access to /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi, letting attackers write any file on the system, exploit requires no authentication. id: CVE-2021-45420 info: name: Emerson...

10CVSS7.1AI score0.1755EPSS
Exploits1References3
NVD
NVD
added 4 days ago8 views

CVE-2026-13247

The Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lgxtooltipposition' parameter in all versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. This...

6.4CVSS0.00193EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-42863

The Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lgxtooltipposition' parameter in all versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. This...

6.4CVSS6.2AI score0.00193EPSS
Exploits0References5
CVE
CVE
added 4 days ago15 views

CVE-2026-13247

CVE-2026-13247 affects the WordPress plugin Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase (versions up to 5.5). The vulnerability is a stored cross-site scripting via the lgx_tooltip_position parameter caused by insufficient input sanitization and output escaping. Exploitation ...

6.4CVSS6.2AI score0.00193EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-13247

The Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lgxtooltipposition' parameter in all versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. This...

6.4CVSS6.2AI score0.00193EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-13247 Logo Slider <= 5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'lgx_tooltip_position' Parameter

The Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lgxtooltipposition' parameter in all versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. This...

6.4CVSS0.00193EPSS
Exploits0References5
Patchstack
Patchstack
added 5 days ago4 views

WordPress Logo Slider WP – Responsive Logo Carousel, Logo Gallery & Logo Showcase plugin <= 5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Logo Slider versions = 5.5...

6.4CVSS6.1AI score0.00193EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/07/06 6:26 a.m.4 views

OESA-2026-2819 gnome-tour security update

A guided tour and greeter for GNOME.Tour uses by default the logo of the distribution based on the info from /etc/os-release. The application comes with a feature to replace the logo with a welcome video shipped by the distribution. Security Fixes: slab is a pre-allocated storage for a uniform da...

5.1CVSS5.9AI score0.00167EPSS
Exploits0References2
OSV
OSV
added 2026/07/06 6:26 a.m.4 views

OESA-2026-2817 gnome-tour security update

A guided tour and greeter for GNOME.Tour uses by default the logo of the distribution based on the info from /etc/os-release. The application comes with a feature to replace the logo with a welcome video shipped by the distribution. Security Fixes: slab is a pre-allocated storage for a uniform da...

5.1CVSS5.9AI score0.00167EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 1:17 p.m.7 views

CVE-2026-53907

MCO is vulnerable to Stored Cross‑Site Scripting XSS via the application logo upload functionality. An attacker with the ability to change the application logo can upload a crafted SVG file containing malicious JavaScript code that is executed when the logo is rendered or opened. Because vendor...

5.4CVSS0.0014EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 11:58 a.m.8 views

EUVD-2026-40953

MCO is vulnerable to Stored Cross‑Site Scripting XSS via the application logo upload functionality. An attacker with the ability to change the application logo can upload a crafted SVG file containing malicious JavaScript code that is executed when the logo is rendered or opened. Because vendor...

7.1CVSS5.8AI score0.00208EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 11:58 a.m.22 views

CVE-2026-53907

MCO is vulnerable to a Stored Cross‑Site Scripting (XSS) flaw in the application logo upload feature. A user who can change the logo can upload a crafted SVG containing JavaScript that executes when the logo renders, enabling code execution in the origin context. The vulnerability is confirmed fo...

5.4CVSS5.8AI score0.0014EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.5 views

PT-2026-54833

Name of the Vulnerable Software and Affected Versions MCO version 25.3.3.1 Description The software is subject to Stored Cross-Site Scripting XSS, a flaw where malicious scripts are permanently stored on the target server. This occurs through the application logo upload functionality, allowing an...

5.4CVSS5.8AI score0.0014EPSS
Exploits0References7
NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-47277

Runtipi is a personal homeserver orchestrator. In versions 4.9.1 through 4.9.3, Runtipi serves marketplace app logos from files inside cloned app-store repositories through an unauthenticated endpoint, which leads to arbitrary file read through app-store logo symlinks. The path guard checks only...

6.5CVSS0.00399EPSS
Exploits0References2
CVE
CVE
added 2026/06/16 9:43 p.m.23 views

CVE-2026-47277

Runtipi pre-4.10.0 is affected by an unauthenticated arbitrary file read through app-store logo symlinks. In versions 4.9.1–4.9.3, the public endpoint serves marketplace logos from files inside cloned app-store repositories; a logo symlink (e.g., metadata/logo.jpg) can cause the target file to be...

6.5CVSS5.3AI score0.00399EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-50119

Runtipi is a personal homeserver orchestrator. In versions 4.9.1 through 4.9.3, Runtipi serves marketplace app logos from files inside cloned app-store repositories through an unauthenticated endpoint, which leads to arbitrary file read through app-store logo symlinks. The path guard checks only...

6.5CVSS5.4AI score0.00399EPSS
Exploits0References3
NVD
NVD
added 2026/06/13 7:16 a.m.17 views

CVE-2026-9061

The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storing it and outputting it on the Store Locator WordPress plugin before 1.6.9 admin page, allowing high-privileged users such as administrators to perform Stored Cross-Site Scripting attacks...

3.5CVSS0.00145EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/13 6:0 a.m.12 views

EUVD-2026-36643

The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storing it and outputting it on the Store Locator WordPress plugin before 1.6.9 admin page, allowing high-privileged users such as administrators to perform Stored Cross-Site Scripting attacks...

5.3AI score0.00145EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/13 6:0 a.m.32 views

CVE-2026-9061 Agile Store Locator < 1.6.9 - Admin+ Stored XSS via logo_name

The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storing it and outputting it on the Store Locator WordPress plugin before 1.6.9 admin page, allowing high-privileged users such as administrators to perform Stored Cross-Site Scripting attacks...

0.00145EPSS
Exploits0References1
CVE
CVE
added 2026/06/13 6:0 a.m.22 views

CVE-2026-9061

CVE-2026-9061 affects the Store Locator WordPress plugin prior to 1.6.9. The description in the provided documents states that store logo metadata is not sanitized/escaped before storage and output on the admin page, allowing high-privilege users (e.g., administrators) to perform a Stored XSS att...

3.5CVSS5.3AI score0.00145EPSS
Exploits0References1
Rows per page
Query Builder