Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4430 matches found

Snyk
Snykadded 2026/03/06 9:3 p.m.2 views

Cross-site Scripting (XSS)

Overview std/html/template is a Go standard library package std/html/template Affected versions of this package are vulnerable to Cross-site Scripting XSS. Go Vulnerability Report:Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the met...

6.1CVSS5.5AI score0.00013EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/03/06 7:52 a.m.4 views

CVE-2026-2893

The Page and Post Clone plugin for WordPress is vulnerable to SQL Injection via the 'metakey' parameter in the contentclone function in all versions up to, and including, 6.3. This is due to insufficient escaping on the user-supplied metakey value and insufficient preparation on the existing SQL...

6.5CVSS5.8AI score0.00038EPSS
Exploits0References1
EUVD
EUVDadded 2026/03/06 12:31 a.m.0 views

EUVD-2026-9887

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the gspbpostcss post meta value and the dynamicAttributes block attribute in all versions up to, and including, 12.8.5 due to insufficient input sanitization and output escapin...

6.4CVSS6AI score0.00045EPSS
Exploits0References5
Tenable Nessus
Tenable Nessusadded 2026/03/06 12:0 a.m.2 views

Golang 1.25.x < 1.25.8 / 1.26.x < 1.26.1 Multiple Vulnerabilities

The version of Golang running on the remote host is prior to 1.25.8, or 1.26.x prior to 1.26.1. It is, therefore, affected by multiple vulnerabilities as referenced in the advisory. - The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted...

7.5CVSS5.8AI score0.00044EPSS
Exploits0References7
CNNVD
CNNVDadded 2026/03/06 12:0 a.m.2 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from URLs that are inserted into the content attribute of HTML meta tags without being...

6.1CVSS7.1AI score0.00013EPSS
Exploits0References4
NVD
NVDadded 2026/03/05 10:16 p.m.3 views

CVE-2026-2593

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the gspbpostcss post meta value and the dynamicAttributes block attribute in all versions up to, and including, 12.8.5 due to insufficient input sanitization and output escapin...

6.4CVSS0.00045EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/03/05 9:24 p.m.2 views

CVE-2026-2593 Greenshift – animation and page builder blocks <= 12.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the gspbpostcss post meta value and the dynamicAttributes block attribute in all versions up to, and including, 12.8.5 due to insufficient input sanitization and output escapin...

6.4CVSS5.9AI score0.00045EPSS
Exploits0References4
CVE
CVEadded 2026/03/05 9:24 p.m.9 views

CVE-2026-2593

CVE-2026-2593 affects Greenshift – animation and page builder blocks plugin for WordPress. The vulnerability is a stored cross-site scripting (XSS) flaw via the _gspb_post_css post meta value and the dynamicAttributes block attribute, exploitable in all versions up to and including 12.8.5. It req...

6.4CVSS6AI score0.00045EPSS
Exploits0References4
EUVD
EUVDadded 2026/03/05 9:30 a.m.5 views

EUVD-2026-9811

The Page and Post Clone plugin for WordPress is vulnerable to SQL Injection via the 'metakey' parameter in the contentclone function in all versions up to, and including, 6.3. This is due to insufficient escaping on the user-supplied metakey value and insufficient preparation on the existing SQL...

6.5CVSS6AI score0.00038EPSS
Exploits0References5
NVD
NVDadded 2026/03/05 8:15 a.m.6 views

CVE-2026-2893

The Page and Post Clone plugin for WordPress is vulnerable to SQL Injection via the 'metakey' parameter in the contentclone function in all versions up to, and including, 6.3. This is due to insufficient escaping on the user-supplied metakey value and insufficient preparation on the existing SQL...

6.5CVSS0.00038EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/03/05 7:30 a.m.30 views

CVE-2026-2893 Page and Post Clone <= 6.3 - Authenticated (Contributor+) SQL Injection via 'meta_key' Parameter

The Page and Post Clone plugin for WordPress is vulnerable to SQL Injection via the 'metakey' parameter in the contentclone function in all versions up to, and including, 6.3. This is due to insufficient escaping on the user-supplied metakey value and insufficient preparation on the existing SQL...

6.5CVSS0.00038EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/03/05 7:30 a.m.3 views

CVE-2026-2893 Page and Post Clone <= 6.3 - Authenticated (Contributor+) SQL Injection via 'meta_key' Parameter

The Page and Post Clone plugin for WordPress is vulnerable to SQL Injection via the 'metakey' parameter in the contentclone function in all versions up to, and including, 6.3. This is due to insufficient escaping on the user-supplied metakey value and insufficient preparation on the existing SQL...

6.5CVSS6AI score0.00038EPSS
Exploits0References4
CVE
CVEadded 2026/03/05 7:30 a.m.13 views

CVE-2026-2893

CVE-2026-2893 : The Page and Post Clone plugin for WordPress is vulnerable to a SQL Injection via the meta_key parameter in the content_clone() function in all versions up to and including 6.3. The issue stems from insufficient escaping of the user-supplied meta_key value and inadequate preparati...

6.5CVSS6AI score0.00038EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/03/05 7:30 a.m.4 views

CVE-2026-2893

The Page and Post Clone plugin for WordPress is vulnerable to SQL Injection via the 'metakey' parameter in the contentclone function in all versions up to, and including, 6.3. This is due to insufficient escaping on the user-supplied metakey value and insufficient preparation on the existing SQL...

6.5CVSS6AI score0.00038EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/03/05 12:0 a.m.4 views

WordPress plugin Page and Post Clone SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.9AI score0.00038EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/03/05 12:0 a.m.5 views

PT-2026-23415

The Page and Post Clone plugin for WordPress is vulnerable to SQL Injection via the 'meta key' parameter in the content clone function in all versions up to, and including, 6.3. This is due to insufficient escaping on the user-supplied meta key value and insufficient preparation on the existing S...

6.5CVSS6AI score0.00038EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/03/05 12:0 a.m.0 views

PT-2026-23519

Name of the Vulnerable Software and Affected Versions Greenshift – animation and page builder blocks plugin for WordPress versions through 12.8.5 Description The Greenshift plugin for WordPress is susceptible to Stored Cross-Site Scripting. The issue stems from inadequate input sanitization and...

6.4CVSS5.8AI score0.00045EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/03/02 10:23 p.m.3 views

CVE-2026-2583 Blocksy <= 2.1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via `blocksy_meta` Fields

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the blocksymeta metadata fields in all versions up to, and including, 2.1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...

6.4CVSS6AI score0.00043EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/03/02 10:23 p.m.21 views

CVE-2026-2583 Blocksy <= 2.1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via `blocksy_meta` Fields

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the blocksymeta metadata fields in all versions up to, and including, 2.1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...

6.4CVSS0.00043EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/03/02 10:23 p.m.4 views

CVE-2026-2583

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the blocksymeta metadata fields in all versions up to, and including, 2.1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...

6.4CVSS6AI score0.00043EPSS
Exploits0References3
Rows per page
Query Builder