Lucene search
K

156 matches found

Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.9 views

PT-2026-29062

Name of the Vulnerable Software and Affected Versions Smoothwall Express versions prior to 3.1 Update 13 Description Smoothwall Express is affected by a reflected cross-site scripting issue. The /redirect.cgi endpoint does not properly sanitize the url parameter, allowing attackers to inject...

5.4CVSS6AI score0.00155EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/03/26 3:14 p.m.3 views

CVE-2025-12518

beefree.io SDK is vulnerable to Stored XSS in Social Media icon URL parameter in email builder functionality. Malicious attacker can inject arbitrary HTML and JS into template, which will be rendered/executed when visiting preview page. However due to beefree's Content Security Policy not all...

5.3CVSS5.9AI score0.00285EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/23 6:46 p.m.3 views

CVE-2026-33716

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the standalone live stream control endpoint at plugin/Live/standAloneFiles/control.json.php accepts a user-supplied streamerURL parameter that overrides where the server sends token verification requests. An...

9.4CVSS5.8AI score0.00437EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2026/03/23 8:53 a.m.7 views

WordPress WowOptin: Next-Gen Popup Maker plugin <= 1.4.29 - Unauthenticated Server-Side Request Forgery via 'link' Parameter in REST API vulnerability

Unauthenticated Server-Side Request Forgery via 'link' Parameter in REST API vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin WowOptin versions = 1.4.29...

7.2CVSS5.8AI score0.00299EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/21 1:24 a.m.28 views

CVE-2026-4302 WowOptin: Next-Gen Popup Maker <= 1.4.29 - Unauthenticated Server-Side Request Forgery via 'link' Parameter in REST API

The WowOptin: Next-Gen Popup Maker plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.4.29. This is due to the plugin exposing a publicly accessible REST API endpoint optn/v1/integration-action with a permissioncallback of returntrue that...

7.2CVSS0.00299EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/03/18 11:3 a.m.5 views

CVE-2025-12518 Stored XSS in beefree.io

beefree.io SDK is vulnerable to Stored XSS in Social Media icon URL parameter in email builder functionality. Malicious attacker can inject arbitrary HTML and JS into template, which will be rendered/executed when visiting preview page. However due to beefree's Content Security Policy not all...

5.3CVSS5.9AI score0.00285EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/05 3:23 a.m.4 views

CVE-2026-3034 OoohBoi Steroids for Elementor <= 2.1.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple URL Controls

The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the obspaceratlink, obbbadlink, and obteleporterlink URL parameters in all versions up to, and including, 2.1.24. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS6.1AI score0.00197EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/10 3:1 a.m.32 views

CVE-2026-0505 Multiple vulnerabilities in BSP Applications of SAP Document Management System

The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the...

6.1CVSS0.00211EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/06 8:25 a.m.6 views

EUVD-2026-5652

The Events Listing Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Event URL' parameter in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

6.4CVSS5.6AI score0.00248EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.10 views

PT-2026-2994

Name of the Vulnerable Software and Affected Versions Web Application affected versions not specified Description A flaw exists in a web application where improper handling of a URL parameter could allow attackers to execute code in a user's browser following login. Successful exploitation may...

6.1CVSS6.7AI score0.00347EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/12/13 3:59 a.m.4 views

CVE-2025-13885

The Zenost Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' and 'target' parameters in the button shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.1AI score0.00181EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/12 3:20 a.m.5 views

EUVD-2025-202970

The Zenost Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' and 'target' parameters in the button shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS4.7AI score0.00181EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/12 12:30 a.m.5 views

EUVD-2025-202934

KodExplorer 4.52 contains an open redirect vulnerability in the user login page that allows attackers to manipulate the 'link' parameter. Attackers can craft malicious URLs in the link parameter to redirect users to arbitrary external websites after authentication...

5.3CVSS6.4AI score0.00283EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.6 views

PT-2025-50828

The Zenost Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' and 'target' parameters in the button shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.1AI score0.00181EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.4 views

WordPress plugin Simple CSV Table 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A path traversal...

6.5CVSS6.4AI score0.00613EPSS
Exploits0References3
NVD
NVD
added 2025/12/11 10:15 p.m.5 views

CVE-2025-34504

KodExplorer 4.52 contains an open redirect vulnerability in the user login page that allows attackers to manipulate the 'link' parameter. Attackers can craft malicious URLs in the link parameter to redirect users to arbitrary external websites after authentication...

6.1CVSS0.00283EPSS
Exploits1References4
OSV
OSV
added 2025/12/11 9:43 p.m.2 views

CVE-2025-34504 KodExplorer 4.52 Open Redirect Vulnerability via User Login Endpoint

KodExplorer 4.52 contains an open redirect vulnerability in the user login page that allows attackers to manipulate the 'link' parameter. Attackers can craft malicious URLs in the link parameter to redirect users to arbitrary external websites after authentication...

5.3CVSS6AI score0.00283EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/12/11 9:43 p.m.2 views

CVE-2025-34504 KodExplorer 4.52 Open Redirect Vulnerability via User Login Endpoint

KodExplorer 4.52 contains an open redirect vulnerability in the user login page that allows attackers to manipulate the 'link' parameter. Attackers can craft malicious URLs in the link parameter to redirect users to arbitrary external websites after authentication...

5.3CVSS6.5AI score0.00283EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/11 9:43 p.m.22 views

CVE-2025-34504 KodExplorer 4.52 Open Redirect Vulnerability via User Login Endpoint

KodExplorer 4.52 contains an open redirect vulnerability in the user login page that allows attackers to manipulate the 'link' parameter. Attackers can craft malicious URLs in the link parameter to redirect users to arbitrary external websites after authentication...

5.3CVSS0.00283EPSS
Exploits1References4
CVE
CVE
added 2025/12/11 9:43 p.m.10 views

CVE-2025-34504

CVE-2025-34504 affects KodExplorer 4.52. The vulnerability is an open redirect on the user login page where the attacker-controlled link parameter can redirect authenticated users to arbitrary external sites. Root cause: improper validation of the login URL’s link parameter. Impact: potential cre...

6.1CVSS6.5AI score0.00283EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder