Lucene search
+L

675 matches found

CVE
CVE
added 2026/04/29 1:31 p.m.51 views

CVE-2026-42519

The provided documents describe CVE-2026-42519 as a vulnerability in the Jenkins Script Security Plugin (version 1399.ve6a_66547f6e1 and earlier). The root cause is a missing permission check that permits users with Overall/Read permission to enumerate pending and approved Script Security classpa...

4.3CVSS5.2AI score0.00174EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.8 views

PT-2026-35913

A missing permission check in Jenkins Script Security Plugin 1399.ve6a 66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths...

4.3CVSS5.2AI score0.00174EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.7 views

PT-2026-26249

Authorization Bypass Through User-Controlled Key vulnerability in Really Simple Plugins B.V. Really Simple Security Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simple Security Pro: from n/a through 9.5.4.0...

6.5CVSS5.8AI score0.00219EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.9 views

xygeni-action 安全漏洞

Oxyni-action is a GitHub code security scanning workflow plugin developed by Xygeni. Oxyni-action has a security vulnerability that stems from tag poisoning, which can lead to supply chain attacks, allowing attackers to execute arbitrary commands on the CI runner...

9.8CVSS6.2AI score0.00496EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/06 3:36 p.m.3 views

CVE-2026-26017

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check...

7.7CVSS5.8AI score0.00385EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/02/23 8:10 a.m.11 views

WordPress Shield Security plugin <= 21.0.8 - Unauthenticated Reflected Cross-Site Scripting via 'message' Parameter vulnerability

Unauthenticated Reflected Cross-Site Scripting via 'message' Parameter vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Shield Security versions = 21.0.8...

6.1CVSS5.3AI score0.00266EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/20 7:21 a.m.7 views

CVE-2026-0561

The Shield Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 21.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

6.1CVSS5.8AI score0.00266EPSS
Exploits0References1
NVD
NVD
added 2026/02/19 7:17 a.m.9 views

CVE-2026-0561

The Shield Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 21.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

6.1CVSS0.00266EPSS
Exploits0References3
NVD
NVD
added 2026/02/19 7:17 a.m.6 views

CVE-2025-14427

The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MfaEmailDisable action in all versions up to, and including, 21.0.9. This makes it possible for...

4.3CVSS0.00198EPSS
Exploits0References2
CVE
CVE
added 2026/02/19 4:36 a.m.24 views

CVE-2026-0561

CVE-2026-0561 affects the Shield Security plugin for WordPress up to version 21.0.8. It enables unauthenticated, reflected Cross-Site Scripting via the 'message' parameter due to insufficient input sanitization and output escaping. The impact is described as injecting arbitrary web scripts on pag...

6.1CVSS5.8AI score0.00266EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/19 4:36 a.m.6 views

CVE-2025-14427 Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches <= 21.0.9 - Missing Authorization to Authenticated (Subscriber+) Email MFA Update

The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MfaEmailDisable action in all versions up to, and including, 21.0.9. This makes it possible for...

4.3CVSS5.5AI score0.00198EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.11 views

PT-2026-20617

The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MfaEmailDisable action in all versions up to, and including, 21.0.9. This makes it possible for...

4.3CVSS5.5AI score0.00198EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/23 2:28 p.m.4 views

CVE-2026-24532 WordPress SiteLock Security plugin <= 5.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in SiteLock SiteLock Security – WP Hardening, Login Security & Malware Scans sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security – WP Hardening, Login Security & Malware Scans: from n/a through =...

4.3CVSS5.9AI score0.00235EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/01/22 8:1 p.m.304 views

Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security

CVE-2024-10924 / Auth Bypass 2FA to RCE Exploit - Author: J...

9.8CVSS5.9AI score0.81722EPSS
Exploits21
Github Security Blog
Github Security Blog
added 2026/01/14 4:54 p.m.12 views

Shopware Has Improper Control of Generation of Code in Twig rendered views

Impact We fixed with CVE-2023-2017 Twig filters to only be executed with allowed functions. However there was a regression that lead to an array and array crafted PHP Closure not checked being against allow list for the map... override Patches Patched in 6.7.6.1 Workarounds Install the security...

7.2CVSS6.8AI score0.00407EPSS
Exploits1References5Affected Software2
OSV
OSV
added 2026/01/14 4:54 p.m.2 views

GHSA-7CW6-7H3H-V8PF Shopware Has Improper Control of Generation of Code in Twig rendered views

Impact We fixed with CVE-2023-2017 Twig filters to only be executed with allowed functions. However there was a regression that lead to an array and array crafted PHP Closure not checked being against allow list for the map... override Patches Patched in 6.7.6.1 Workarounds Install the security...

7.2CVSS6.7AI score0.00407EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.17 views

CVE-2023-4549

The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form...

6.1CVSS5.7AI score0.00627EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:14 a.m.9 views

CVE-2016-10898

The total-security plugin before 3.4.1 for WordPress has XSS...

6.1CVSS7.1AI score0.00913EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:34 a.m.4 views

CVE-2017-18541

The xo-security plugin before 1.5.3 for WordPress has XSS...

6.1CVSS6.9AI score0.00915EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:21 a.m.15 views

CVE-2021-41188

Shopware is open source e-commerce software. Versions prior to 5.7.6 contain a cross-site scripting vulnerability. This issue is patched in version 5.7.6. Two workarounds are available. Using the security plugin or adding a particular following config to the .htaccess file will protect against...

5.7CVSS6.2AI score0.00737EPSS
Exploits0References1
Rows per page
Query Builder