Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

EUVD
EUVDadded 2025/11/19 6:31 a.m.4 views

EUVD-2025-198126

The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.10.0. This is due to the plugin not properly verifying that a user is authorized to perform actions on the REST API /wp-json/yith/wishlist/v1/lists endpoint which uses...

5.3CVSS5.3AI score0.0026EPSS
Exploits0References7
Snyk
Snykadded 2025/01/10 9:31 p.m.1 views

Cross-site Scripting (XSS)

Overview microweber/microweber is a new generation CMS with drag and drop. Affected versions of this package are vulnerable to Cross-site Scripting XSS by an admin user who injects a malicious script into the "List name" field of a new campaign at the /admin/modules/newsletter/lists endpoint. The...

4.8CVSS5.3AI score0.0109EPSS
Exploits4References2
OSV
OSVadded 2022/05/26 2:15 p.m.2 views

CVE-2022-29676

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan...

7.2CVSS7.1AI score0.00896EPSS
Exploits1References1
Rows per page
Query Builder