Lucene search
K

1661 matches found

Nuclei
Nuclei
added 6 hours ago39 views

Wordpress Multiple Themes - Reflected Cross-Site Scripting

All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2,...

6.1CVSS6.8AI score0.00972EPSS
Exploits2References3
Nuclei
Nuclei
added 6 hours ago10 views

Guten Free Options - Cross Site Scripting

Guten Free Options WordPress plugin = 0.9.5 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to click malicious link. id: CVE-2024-13492 info: name: Guten Free...

6.1CVSS7.2AI score0.00561EPSS
Exploits1References1
Nuclei
Nuclei
added 6 hours ago8 views

Giga Messenger WordPress - Cross-Site Scripting

Giga Messenger WordPress plugin = 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

6.1CVSS7.2AI score0.00561EPSS
Exploits1References2
NVD
NVD
added 2 days ago8 views

CVE-2026-48307

ColdFusion versions 2025.9, 2023.20 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially resulting in arbitrary code execution in the context of the current user...

8.8CVSS0.00314EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-48307 ColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially resulting in arbitrary code execution in the context of the current user...

8.8CVSS0.00314EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2 days ago4 views

PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation

A flaw was found in PHP, specifically within the PHP-FPM status page. Due to improper sanitation of user data, a remote attacker can craft a malicious URL. When a user views the PHP-FPM status page with this crafted URL, it can lead to the execution of arbitrary JavaScript code Cross-Site Scripti...

8.8CVSS6.2AI score0.0021EPSS
Exploits1References5
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-40084

A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDo...

8.8CVSS6.1AI score0.00297EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/22 11:16 p.m.8 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the navigateTo open option. An attacker can execute arbitrary scripts in the application's origin by supplying a crafted open parameter containing a script-capable URL. Details Cross-site scripting or XSS is...

9.6CVSS5.9AI score0.00234EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Zabbix

Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected from a web application to the victim’s browser. The script is activated through a link, which sends a request to a website with a vulnerability that allows the execution of malicious scripts...

6.1CVSS6.2AI score0.00559EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-50077

Adobe Acrobat PDF Extension Chrome versions 26.5.2.2 and earlier are affected by a UXSS-class cross-origin data disclosure vulnerability. An attacker could exploit this vulnerability to gain access to data regarding the victim's session. Exploitation of this issue requires user interaction in tha...

8.2CVSS5.3AI score0.00719EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 12:25 p.m.7 views

OESA-2026-2632 evolution-data-server security update

The evolution-data-server package provides a personal information management application that provides integrated mail, calendaring and address book functionality. The evolution-data-server package provides a single database for common, desktop-wide information, such as a user's address book or...

5.6CVSS5.5AI score0.00189EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.10 views

CVE-2026-46546

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to version 2.53.0, an authenticated user could supply specially crafted content in certain user-editable fields that, when surfaced in page metadata, caused visitors' browsers to navigate to...

2.1CVSS5.3AI score0.00234EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 1:16 a.m.10 views

CVE-2026-46546

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to version 2.53.0, an authenticated user could supply specially crafted content in certain user-editable fields that, when surfaced in page metadata, caused visitors' browsers to navigate to...

2.1CVSS0.00234EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 6:30 p.m.10 views

EUVD-2026-35624

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Redirect Open Redirect vulnerability that could lead to account takeover. An attacker could construct a malicious URL that redirects a victim to an attacker-controlled site. Exploitation of this iss...

4.3CVSS5.5AI score0.00254EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 5:17 p.m.7 views

CVE-2026-47991

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Redirect Open Redirect vulnerability that could lead to account takeover. An attacker could construct a malicious URL that redirects a victim to an attacker-controlled site. Exploitation of this iss...

6.1CVSS0.00254EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.16 views

CVE-2026-47991 Adobe Experience Manager | URL Redirection to Untrusted Site ('Open Redirect') (CWE-601)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Redirect Open Redirect vulnerability that could lead to account takeover. An attacker could construct a malicious URL that redirects a victim to an attacker-controlled site. Exploitation of this iss...

4.3CVSS5.5AI score0.00254EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 4:48 p.m.20 views

CVE-2026-47991

Adobe Experience Manager (AEM) 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Open Redirect vulnerability (CWE-601). An attacker can induce a user to click a malicious URL that redirects to a site under the attacker’s control, potentially enabling account takeover. Exploitation requires ...

6.1CVSS5.5AI score0.00254EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.11 views

PT-2026-47528

SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could compromise accounts by stealing user credentials. Successful exploitation requires adversaries to possess advanced knowledge of the system...

4.2CVSS5.6AI score0.00174EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.12 views

PT-2026-48081

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Redirect Open Redirect vulnerability that could lead to account takeover. An attacker could construct a malicious URL that redirects a victim to an attacker-controlled site. Exploitation of this iss...

4.3CVSS5.5AI score0.00254EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.8 views

CVE-2026-44925

Cross-Site Request Forgery CSRF vulnerability in InfoScale v.9.1.3 Operations Manager VIOM allows an attacker to force the user with an active session into clicking a malicious HTML link, which triggers unintended modifications on VIOM web application without the user's knowledge...

8.8CVSS5.5AI score0.00198EPSS
Exploits0References1
Rows per page
Query Builder