Lucene search
K

673 matches found

Nuclei
Nuclei
added yesterday28 views

Shield Security Plugin < 20.0.6 - Cross-Site Scripting

The Shield Security WordPress plugin before 20.0.6 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the 'navsub' parameter in the admin dashboard, allowing authenticated users to execute arbitrary JavaScript in the context of other...

6.1CVSS5.9AI score0.01444EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday43 views

Registrations for the Events Calendar < 2.7.6 - SQL Injection

The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the eventid in the rtecsendunregisterlink AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an unauthenticated SQL injection. id:...

9.8CVSS7.3AI score0.07474EPSS
Exploits2References3
CVE
CVE
added last week8 views

CVE-2026-56035

Technical details about CVE-2026-56035 are not publicly provided in the supplied documents; only basic description and affected product/version are listed. Monitor for updates.

8.6CVSS5.8AI score0.00275EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/25 6:7 a.m.5 views

Unsafe Dependency Resolution

Overview org.jenkins-ci.plugins:script-security is a package that allows Jenkins administrators to control what in-process scripts can be run by less-privileged users. Affected versions of this package are vulnerable to Unsafe Dependency Resolution via Groovy AST transformation annotations during...

8.5CVSS6.2AI score0.00594EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.5 views

Jenkins plugins Multiple Vulnerabilities (2026-06-24)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing...

8.8CVSS6.3AI score0.00595EPSS
Exploits0References29
EUVD
EUVD
added 2026/06/15 8:18 p.m.7 views

EUVD-2026-36814

Unauthenticated Broken Authentication in CloudSecure WP Security = 1.4.7 versions...

8.1CVSS5.2AI score0.00405EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/06 1:26 a.m.9 views

CVE-2026-8438 All-In-One Security (AIOS) <= 5.4.7 - Unauthenticated Stored Cross-Site Scripting via REST API Request Path

The All-In-One Security AIOS – Security and Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.4.7. This is due to insufficient input sanitization in the getrestroute function and missing output escaping in the columndefault method of the...

7.2CVSS5.8AI score0.00338EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.16 views

PT-2026-47122

Name of the Vulnerable Software and Affected Versions All-In-One Security AIOS – Security and Firewall plugin for WordPress versions prior to 5.4.8 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization in the get rest route function and missing output escaping in t...

7.2CVSS5.7AI score0.00338EPSS
Exploits0References15
The Hacker News
The Hacker News
added 2026/05/28 1:33 p.m.16 views

ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More

Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy loaders, fake installers, recycled social-engineering bait, and enough exposed infrastructure to make you wonder if prod is just a public beta now - meanwhile...

9.8CVSS6.5AI score0.01456EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/07 12:8 a.m.7 views

io.github.andrekurait.trafficcapture:dockerSolution (>=0.1.3 <=0.1.5), io.github.andrekurait.trafficcapture:trafficCaptureProxyServer (>=0.1.3 <=0.1.5) +6 more potentially affected by unknown CVE via org.opensearch.plugin:opensearch-security (>=2.11.1.0 <=2.19.3.0)

org.opensearch.plugin:opensearch-security MAVEN version =2.11.1.0, =0.1.3, =0.1.3, =0.1.3, =0.1.2, =0.1.2, =0.1.2, =0.1.0, =0.1.0, =0.2.3.10 Source cves: unknown CVE Source advisory: OSV:GHSA-22VX-2X23-98W6...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/07 12:8 a.m.5 views

GHSA-22VX-2X23-98W6 OpenSearch vulnerable to improper authorization for Rollover Requests

Description A flaw was identified in the OpenSearch Security plugin's handling of index rollover requests. When a rollover request included an explicit target index name, the security plugin did not properly evaluate access control permissions against the target index. This could allow a user wit...

2.2CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/07 12:8 a.m.11 views

OpenSearch vulnerable to improper authorization for Rollover Requests

Description A flaw was identified in the OpenSearch Security plugin's handling of index rollover requests. When a rollover request included an explicit target index name, the security plugin did not properly evaluate access control permissions against the target index. This could allow a user wit...

5.8AI score
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/07 12:7 a.m.8 views

io.github.andrekurait.trafficcapture:dockerSolution (>=0.1.3 <=0.1.5), io.github.andrekurait.trafficcapture:trafficCaptureProxyServer (>=0.1.3 <=0.1.5) +6 more potentially affected by unknown CVE via org.opensearch.plugin:opensearch-security (=2.11.1.0)

org.opensearch.plugin:opensearch-security MAVEN version =2.11.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.opensearch.plugin:opensearch-security and may be impacted: - io.github.andrekurait.trafficcapture:dockerSolution =0.1.3, =0.1.3, =0.1....

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.13 views

RHCOS 3 : OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2020:2478)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2478 advisory. - jenkins-git-client-plugin: OS command injection via 'git ls-remote' CVE-2019-10392 - jenkins-script-security-plugin: sandbox...

8.8CVSS6.2AI score0.25779EPSS
Exploits1References18
Github Security Blog
Github Security Blog
added 2026/04/29 3:30 p.m.23 views

Jenkins Script Security Plugin: Missing permission checks allow enumeration of pending and approved classpaths

Jenkins Script Security Plugin versions 1399.ve6a66547f6e1 and earlier do not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths. Script Security Plugin 1402.v94c9ce464861 requires...

4.3CVSS5.8AI score0.00174EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/04/29 2:16 p.m.40 views

CVE-2026-42519

A missing permission check in Jenkins Script Security Plugin 1399.ve6a66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths...

4.3CVSS0.00174EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/29 1:31 p.m.38 views

EUVD-2026-26220

A missing permission check in Jenkins Script Security Plugin 1399.ve6a66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths...

4.3CVSS5.2AI score0.00174EPSS
Exploits0References1
CVE
CVE
added 2026/04/29 1:31 p.m.48 views

CVE-2026-42519

The provided documents describe CVE-2026-42519 as a vulnerability in the Jenkins Script Security Plugin (version 1399.ve6a_66547f6e1 and earlier). The root cause is a missing permission check that permits users with Overall/Read permission to enumerate pending and approved Script Security classpa...

4.3CVSS5.2AI score0.00174EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/29 1:31 p.m.4 views

CVE-2026-42519

A missing permission check in Jenkins Script Security Plugin 1399.ve6a66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths...

4.3CVSS5.2AI score0.00174EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/29 1:31 p.m.69 views

CVE-2026-42519

A missing permission check in Jenkins Script Security Plugin 1399.ve6a66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths...

0.00174EPSS
Exploits0References1
Rows per page
Query Builder