Lucene search
K

21 matches found

Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.12 views

PT-2026-48750

Unauthenticated Broken Authentication in Booknetic = 4.8.5 versions...

8.1CVSS5.2AI score0.00322EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.8 views

CVE-2026-33386

QuickCMS is vulnerable to Cross-Site Scripting XSS through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑Middle MITM attack by impersonating the opensolution.org server and serving arbitrary HTML or JavaScript at the plugin list endpoint. When a...

2.3CVSS5.6AI score0.00185EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.12 views

CVE-2025-11762

The HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.32 via the leadin/public/admin/class-adminconstants.php file. This makes it possible for authenticated attackers, with...

4.3CVSS5.4AI score0.00193EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 4:16 p.m.13 views

CVE-2026-33386

QuickCMS is vulnerable to Cross-Site Scripting XSS through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑Middle MITM attack by impersonating the opensolution.org server and serving arbitrary HTML or JavaScript at the plugin list endpoint. When a...

2.3CVSS0.00185EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/29 3:12 p.m.9 views

CVE-2026-33386

QuickCMS is vulnerable to Cross-Site Scripting XSS through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑Middle MITM attack by impersonating the opensolution.org server and serving arbitrary HTML or JavaScript at the plugin list endpoint. When a...

4.8CVSS5.9AI score0.00185EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 3:12 p.m.14 views

EUVD-2026-33339

QuickCMS is vulnerable to Cross-Site Scripting XSS through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑Middle MITM attack by impersonating the opensolution.org server and serving arbitrary HTML or JavaScript at the plugin list endpoint. When a...

4.8CVSS5.9AI score0.00185EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/29 3:12 p.m.37 views

CVE-2026-33386 XSS in QuickCMS

QuickCMS is vulnerable to Cross-Site Scripting XSS through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑Middle MITM attack by impersonating the opensolution.org server and serving arbitrary HTML or JavaScript at the plugin list endpoint. When a...

2.3CVSS0.00185EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

QuickCMS 跨站脚本漏洞

QuickCMS is an open-source content management system developed by QuickCMS. QuickCMS has a cross-site scripting vulnerability. This vulnerability stems from an insecure HTTP-based plugin acquisition mechanism that makes it vulnerable to cross-site scripting attacks. Malicious attackers can...

4.8CVSS5.7AI score0.00185EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/24 7:45 a.m.6 views

CVE-2025-11762 HubSpot All-In-One Marketing - Forms, Popups, Live Chat <= 11.3.32 - Missing Authorization to Authenticated (Contributor+) Installed Plugin Disclosure

The HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.32 via the leadin/public/admin/class-adminconstants.php file. This makes it possible for authenticated attackers, with...

4.3CVSS5.2AI score0.00193EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/23 9:22 p.m.22 views

CVE-2026-32277 Connect-CMS has DOM-based Cross-Site Scripting (XSS) in the Cabinet Plugin List View

Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0, a DOM-based Cross-Site Scripting XSS issue exists in the Cabinet Plugin list view. Versions 1.41.1 and 2.41.1 contain a patch...

8.7CVSS0.00327EPSS
Exploits0References4
OSV
OSV
added 2026/03/23 9:22 p.m.3 views

CVE-2026-32277 Connect-CMS has DOM-based Cross-Site Scripting (XSS) in the Cabinet Plugin List View

Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0, a DOM-based Cross-Site Scripting XSS issue exists in the Cabinet Plugin list view. Versions 1.41.1 and 2.41.1 contain a patch...

8.7CVSS5.8AI score0.00327EPSS
Exploits0References6
OSV
OSV
added 2026/03/23 8:35 p.m.4 views

GHSA-CMFH-MPMF-FMQ4 Connect-CMS has DOM-based Cross-Site Scripting (XSS) in the Cabinet Plugin List View

Security Advisory — Cabinet Plugin DOM-based XSS Summary A DOM-based Cross-Site Scripting XSS issue exists in the Cabinet Plugin list view. Affected Versions - 1.x series: = 1.35.0, = 2.35.0, = 2.41.0 Patched Versions - 1.41.1 - 2.41.1 Description In the Cabinet Plugin list view, DOM-based...

8.7CVSS5.9AI score0.00327EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/03/30 12:0 a.m.6 views

WordPress Plugin List category posts 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

6.4CVSS7.4AI score0.0045EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/01/11 12:0 a.m.5 views

WordPress Plugin List category posts Security Breach

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.5CVSS5.8AI score0.0044EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/07/28 12:0 a.m.5 views

PT-2023-27101 · WordPress · Inisev

Name of the Vulnerable Software and Affected Versions: Inisev WordPress plugins affected versions not specified Description: The issue allows unauthenticated attackers to install plugins from a limited list via a forged request, granted they can trick a site administrator into performing an actio...

4.3CVSS9.4AI score0.00512EPSS
Exploits1References29
CNNVD
CNNVD
added 2023/07/05 12:0 a.m.6 views

Uptime Kuma 路径遍历漏洞

Uptime Kuma is an easy-to-use, self-hosted monitoring tool from Louis Lam Personal Developer. A path traversal vulnerability exists in Uptime Kuma versions prior to 1.22.1, which stems from allowing authenticated users to install plugins from the official plugin list, which is susceptible to path...

8.1CVSS7.6AI score0.00975EPSS
Exploits1References6
vulnersOsv
vulnersOsv
added 2022/05/17 1:26 a.m.5 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +923 more potentially affected by CVE-2014-2059 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.532.1.JENKINS-19453)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =0.0.1, =0.9, =1.0, =1.0.0, =1.0, =1.0-beta-1, =2.1, =1.0, =1.1, =2.0.6 - com.cisco.step.jenkins.plugins:jenkow-parent =0.1 and more Source cves: CVE-2014-2059 Source advisory: OSV:GHSA-V759-3FH9-84MX...

6.5CVSS5.8AI score0.02527EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/04 12:29 a.m.4 views

com.base2services.jenkins:github-sqs-plugin (>=1.0 <=1.5), com.buildcoin.plugins.jenkins:buildcoin-plugin (>=1.0 <=1.4) +162 more potentially affected by CVE-2012-0325 via org.jenkins-ci.main:jenkins-core (>=1.425 <=1.453)

org.jenkins-ci.main:jenkins-core MAVEN version =1.425, =1.0, =1.0, =1.1, =1.02.03, =2.0.1, =1.0.0, =0.3.2, =1.7, =1.1, =1.0, =1.3 and more Source cves: CVE-2012-0325 Source advisory: OSV:GHSA-CC55-C9J4-M7CX...

4.3CVSS5.8AI score0.01137EPSS
Exploits0
Gitee
Gitee
added 2020/11/25 11:4 p.m.30 views

Exploit for Code Injection in Microsoft

somepocsuite 用于企业内部进行漏洞排查与验证的的pocsuite3验证POC代码(pocsuite3是知道创宇安全团队的开源漏洞测试框架)。 由于原Pocsuite已停止更新,因此将原来的POC代码全部重新改写并迁移到pocsuite3,原POC备份在PocsuiteV2中。 插件代码编写 使用pocsuite3 漏洞测试框架,插件编写请参考 pocsuite3 项目插件编写要求。 PoC 编写规范及要求说明 | 序号 | poc | 说明 | | ---- | --------------------------------------- |...

10CVSS8AI score0.99999EPSS
Exploits497
0day.today
0day.today
added 2014/08/30 12:0 a.m.70 views

NRPE 2.15 - Remote Code Execution Vulnerability

NRPE version 2.15 remote command execution exploit written in Python. !/usr/bin/python Exploit Title : NRPE http://www.abcompcons.com/files/nrpeclient.py pyOpenSSL Library required http://pyopenssl.sourceforge.net/ email protected pip-python install pyOpenSSL NRPE = 2.15 Remote Command Execution...

7.5CVSS0.6AI score0.15312EPSS
Exploits6
Rows per page
Query Builder