Lucene search
K

61812 matches found

NVD
NVD
added 10 hours ago4 views

CVE-2026-57682

Unauthenticated Cross Site Scripting XSS in Simple Link Directory = 15.0.5 versions...

7.1CVSS
Exploits0References1
NVD
NVD
added 10 hours ago3 views

CVE-2026-57353

Subscriber Broken Access Control in Link Whisper Premium = 2.9.0 versions...

6.5CVSS
Exploits0References1
Cvelist
Cvelist
added 11 hours ago7 views

CVE-2026-57682 WordPress Simple Link Directory plugin <= 15.0.5 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Simple Link Directory = 15.0.5 versions...

7.1CVSS
Exploits0References1
CVE
CVE
added 11 hours ago5 views

CVE-2026-57682

The CVE-2026-57682 entry affects the WordPress plugin “Simple Link Directory” version ≤ 15.0.5, with an unauthenticated Cross Site Scripting (XSS) vulnerability. The connected records confirm the vulnerability type (XSS) and affected version, but do not provide concrete root-cause details, exploi...

7.1CVSS5.8AI score
Exploits0References1
EUVD
EUVD
added 11 hours ago4 views

EUVD-2026-41291

Unauthenticated Cross Site Scripting XSS in Simple Link Directory = 15.0.5 versions...

7.1CVSS5.8AI score
Exploits0References1
CVE
CVE
added 11 hours ago5 views

CVE-2026-57353

The CVE concerns WordPress Link Whisper Premium plugin &lt;= 2.9.0 with a Broken Access Control issue. The accompanying CVSS data (Patchstack, v3.1) indicates an external attack over network, with low privileges and no user interaction, potentially affecting integrity (I: High) while confidential...

6.5CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 11 hours ago7 views

CVE-2026-57353 WordPress Link Whisper Premium plugin <= 2.9.0 - Broken Access Control vulnerability

Subscriber Broken Access Control in Link Whisper Premium = 2.9.0 versions...

6.5CVSS
Exploits0References1
Nuclei
Nuclei
added 12 hours ago34 views

D-LINK DNS-320L,DNS-320LW and DNS-327L - Information Disclosure

A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler. id: CVE-2024-3274 info: name: D-LINK...

5.3CVSS5.5AI score0.33484EPSS
Exploits0References3
Nuclei
Nuclei
added 12 hours ago39 views

Wordpress Multiple Themes - Reflected Cross-Site Scripting

All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2,...

6.1CVSS6.8AI score0.00972EPSS
Exploits2References3
Nuclei
Nuclei
added 12 hours ago79 views

Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting

PAN-OS management web interface is vulnerable to reflected cross-site scripting. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute...

8.8CVSS7.2AI score0.2389EPSS
Exploits0References5
Nuclei
Nuclei
added 12 hours ago55 views

D-Link DSL 2888a - Authentication Bypass/Remote Command Execution

D-Link DSL-2888A devices with firmware prior to AU2.31V1.1.47ae55 are vulnerable to authentication bypass issues which can lead to remote command execution. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality. id: CVE-2020-24579 info: name: D-Li...

8.8CVSS7.4AI score0.09997EPSS
Exploits1References5
Nuclei
Nuclei
added 12 hours ago56 views

D-Link DIR-600M - Authentication Bypass

D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices can be accessed directly without authentication and lead to disclosure of information about the WAN, which can then be leveraged by an attacker to modify the data fields of the page. id: CVE-2019-13101 info: name: D-Link DIR-600M - Authentication...

9.8CVSS7.2AI score0.67091EPSS
Exploits2References5
Nuclei
Nuclei
added 12 hours ago54 views

D-Link Central WifiManager - Server-Side Request Forgery

D-Link Central WifiManager is susceptible to server-side request forgery. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, as demonstrated by an...

8.6CVSS6.9AI score0.44101EPSS
Exploits3References5
Nuclei
Nuclei
added 12 hours ago41 views

D-Link DIR-615 - Unauthorized Access

D-Link DIR-615 devices with firmware 20.06 are susceptible to unauthorized access. An attacker can access the WAN configuration page wan.htm without authentication, which can lead to disclosure of WAN settings, data modification, and/or other unauthorized operations. id: CVE-2021-42627 info: name...

9.8CVSS7.3AI score0.67443EPSS
Exploits0References5
Nuclei
Nuclei
added 12 hours ago40 views

D-Link DIR-610 Devices - Information Disclosure

D-Link DIR-610 devices allow information disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZEDGROUP=1 to getcfg.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. id: CVE-2020-9376 info: name: D-Link DIR-610 Devices - Information Disclosure author:...

7.5CVSS7.1AI score0.16586EPSS
Exploits1References5
Nuclei
Nuclei
added 12 hours ago11 views

Zarinpal Paid Download - Reflected XSS

Zarinpal Paid Download WordPress plugin v2.3 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users such as admin, exploit requires...

6.1CVSS7.2AI score0.00564EPSS
Exploits1References2
Nuclei
Nuclei
added 12 hours ago10 views

Guten Free Options - Cross Site Scripting

Guten Free Options WordPress plugin = 0.9.5 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to click malicious link. id: CVE-2024-13492 info: name: Guten Free...

6.1CVSS7.2AI score0.00561EPSS
Exploits1References1
Nuclei
Nuclei
added 12 hours ago26 views

TP-Link TL-WR840N - Command Injection

The TP-Link TL-WR840NESV6.20180709 router contains a command injection vulnerability in the oalsetIp6DefaultRoute component. This vulnerability allows authenticated attackers to execute arbitrary system commands, leading to complete device compromise. id: CVE-2022-25061 info: name: TP-Link...

9.8CVSS7.2AI score0.72495EPSS
Exploits1References5
Nuclei
Nuclei
added 12 hours ago13 views

WordPress Broken Link Notifier < 1.3.1 - Unauthenticated SSRF

The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.0 via the ajaxblinks function which ultimately calls the checkurlstatuscode function. This makes it possible for unauthenticated attackers to make web requests to...

7.2CVSS5.9AI score0.00623EPSS
Exploits0References3
Nuclei
Nuclei
added 12 hours ago28 views

D-Link DIR-859 - Information Disclosure

A critical information disclosure vulnerability exists in D-Link devices where sensitive device account information including credentials can be retrieved by sending an unauthenticated request to /getcfg.php endpoint with the parameter SERVICES=DEVICE.ACCOUNT. This could allow attackers to obtain...

9.8CVSS7.1AI score0.32261EPSS
Exploits1References2
Rows per page
Query Builder