106789 matches found
EUVD-2024-55564
Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
CVE-2026-6127 Elementor Website Builder <= 4.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API
The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the elementordata meta field in versions up to, and including, 4.0.4. This is due to insufficient input sanitization when processing form-encoded REST API requests. The plugin registers the...
EUVD-2026-26479
The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the elementordata meta field in versions up to, and including, 4.0.4. This is due to insufficient input sanitization when processing form-encoded REST API requests. The plugin registers the...
Exploit for CVE-2026-31431
CVE-2026-31431 / GHSA-2274-3hgr-wxv6 ā algifaead Remediator...
PT-2026-36547
Name of the Vulnerable Software and Affected Versions nextlevelbuilder ui-ux-pro-max-skill versions prior to 2.5.1 Description A flaw in the Tailwind Config Generator component allows remote code injection. The issue exists within the format plugins function located in the...
CVE-2025-69606
Cross-Site Scripting XSS vulnerability was discovered in the GSVoIP web panel version 2.0.90. The msg parameter in the /painel/gateways.php/error endpoint does not properly sanitize user-supplied input, allowing attackers to inject arbitrary JavaScript into the HTML response. A remote attacker ca...
EUVD-2025-209607
Cross-Site Scripting XSS vulnerability was discovered in the GSVoIP web panel version 2.0.90. The msg parameter in the /painel/gateways.php/error endpoint does not properly sanitize user-supplied input, allowing attackers to inject arbitrary JavaScript into the HTML response. A remote attacker ca...
TOTOLINK NR1800X ę³Øå „ę¼ę“
TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE device from TOTOLINK Corporation. It aims to provide fast and convenient NR fixed data services for homes and offices. The TOTOLINK NR1800X version 9.1.0u.6279B20210910 contains a vulnerability that stems from the operation of the...
PT-2026-36548
Name of the Vulnerable Software and Affected Versions nextlevelbuilder ui-ux-pro-max-skill versions prior to 2.5.1 Description A remote cross-site scripting issue exists in the Slide Generator component. The problem occurs within the data.get function of the...
Kompany MCP Server å½ä»¤ę³Øå „ę¼ę“
Kompany MCP Server is a collaboration tool for Eyal Individual Developers that connects an AI assistant to a task management platform. Kompany MCP Server suffers from a command injection vulnerability that stems from the incorrect manipulation of the parameter devscript in the file...
TOTOLINK A8000RU å½ä»¤ę³Øå „ę¼ę“
TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from an unknown function in the CGI Handler component file /cgi-bin/cstecgi.cgi, which manipulates th...
CVE-2025-69606
Cross-Site Scripting XSS vulnerability was discovered in the GSVoIP web panel version 2.0.90. The msg parameter in the /painel/gateways.php/error endpoint does not properly sanitize user-supplied input, allowing attackers to inject arbitrary JavaScript into the HTML response. A remote attacker ca...
CVE-2026-3346
IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...
Exploit for CVE-2026-31431
CVE-2026-31431-Copy-Fail---Vulnerability-Detection-Script Dete...
Exploit for CVE-2026-41940
cpanel-cve-2026-41940-fix One-shot detection and remediatio...
CVE-2026-36761
A stored cross-site scripting XSS vulnerability in the /msg/msgInner/save endpoint of JeeSite v5.15.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the msgContent parameter...
Exploit for CVE-2026-31431
CVE-2026-31431 - Script de Verificacao e Mitigacao Este repos...
Exploit for CVE-2026-31431
CVE-2026-31431 Copy Fail Checker Verifica si un host Linux...
Exploit for CVE-2026-31431
Copy Fail - CVE-2026-31431 Detector and Mitigator !Bashhtt...
Exploit for CVE-2026-31431
CVE-2026-31431-exploitpy2py3 A script...