Lucene search
K

21261 matches found

Nuclei
Nuclei
added 5 hours ago11 views

Giga Messenger WordPress - Cross-Site Scripting

Giga Messenger WordPress plugin = 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

6.1CVSS7AI score0.00567EPSS
Exploits1References2
Nuclei
Nuclei
added 5 hours ago60 views

Joplin 3.3.3 Server - Privilege Escalation

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Prior to version 3.3.3, a privilege escalation vulnerability exists in the Joplin server, allowing non-admin users to exploit the API endpoint PATCH /api/users/-id t...

8.8CVSS6AI score0.01705EPSS
Exploits1References2
CVE
CVE
added yesterday7 views

CVE-2026-12385

CVE-2026-12385 affects the Smart Slider 3 WordPress plugin up to version 3.5.1.37. The issue is a Sensitive Information Exposure via the keyword parameter, enabling authenticated attackers with contributor-level access and above to extract titles and full content excerpts from private, draft, pen...

4.3CVSS6.1AI score
Exploits0References7
Circl
Circl
added yesterday4 views

CVE-2026-57719

creationtimestamp| type| source ---|---|--- 2026-07-13 11:20:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqjl4ur7zb2b 2026-07-13 11:23:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjlchorxn24 2026-07-13 11:29:15+00:00| seen|...

10CVSS6.1AI score0.00522EPSS
Exploits0References4
Circl
Circl
added yesterday5 views

CVE-2026-57726

creationtimestamp| type| source ---|---|--- 2026-07-13 11:18:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjkzjborp27 2026-07-13 11:18:32+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjl23jjqs2w 2026-07-13 11:22:05+00:00| seen|...

9.3CVSS6.1AI score0.004EPSS
Exploits0References4
NVD
NVD
added yesterday5 views

CVE-2026-61971

Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture metronet-profile-picture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Profile Picture: from n/a through = 2.6.3...

2.7CVSS0.00314EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-57771

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Milan Petrovic GD Rating System gd-rating-system allows Blind SQL Injection.This issue affects GD Rating System: from n/a through = 3.7...

8.5CVSS0.00357EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-57734

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Composer td-composer allows Reflected XSS.This issue affects tagDiv Composer: from n/a through = 5.4.3...

7.1CVSS0.00251EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57719

Unrestricted Upload of File with Dangerous Type vulnerability in CodeRevolution Aimogen Pro aimogen-pro allows Using Malicious Files.This issue affects Aimogen Pro: from n/a through = 2.8.3...

10CVSS0.00522EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57391

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tangible Loops & Logic tangible-loops-and-logic allows Stored XSS.This issue affects Loops & Logic: from n/a through = 4.2.3...

6.5CVSS0.00235EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57383

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eyecix JobSearch wp-jobsearch allows Stored XSS.This issue affects JobSearch: from n/a through = 3.2.9...

7.1CVSS0.00251EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57382

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mitchell Bennis Simple File List simple-file-list allows Reflected XSS.This issue affects Simple File List: from n/a through = 6.3.8...

7.1CVSS0.00251EPSS
Exploits0References1
Circl
Circl
added yesterday4 views

CVE-2026-10103

creationtimestamp| type| source ---|---|--- 2026-07-13 09:48:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjfz3xeav2g 2026-07-13 09:49:50+00:00| seen| https://bsky.app/profile/qiancx.bsky.social/post/3mqjg3ih5wi2l 2026-07-13 09:49:51+00:00| seen|...

4.3CVSS6.1AI score0.00145EPSS
Exploits0References5
Circl
Circl
added yesterday4 views

CVE-2026-9708

creationtimestamp| type| source ---|---|--- 2026-07-13 09:41:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjflymjrr25 2026-07-13 09:51:01+00:00| seen| https://bsky.app/profile/qiancx.bsky.social/post/3mqjg5lvm5z2d 2026-07-13 09:51:01+00:00| seen|...

4.9CVSS6.1AI score0.0021EPSS
Exploits0References4
Circl
Circl
added yesterday5 views

CVE-2026-6850

creationtimestamp| type| source ---|---|--- 2026-07-13 09:38:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjfgfdc4x26 2026-07-13 09:48:04+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjfycu6co22 2026-07-13 09:48:06+00:00| seen|...

6.5CVSS6.1AI score0.00235EPSS
Exploits0References6
CVE
CVE
added yesterday9 views

CVE-2026-61971

The CVE covers the WordPress plugin Metronet Profile Picture (Cozmoslabs User Profile Picture) insecure direct object references affecting versions

2.7CVSS6.1AI score0.00314EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday16 views

CVE-2026-57398 WordPress Real Estate Manager Pro plugin <= 12.8.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebCodingPlace Real Estate Manager Pro real-estate-manager-pro allows Reflected XSS.This issue affects Real Estate Manager Pro: from n/a through = 12.8.3...

7.1CVSS0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday15 views

CVE-2026-57391 WordPress Loops & Logic plugin <= 4.2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tangible Loops & Logic tangible-loops-and-logic allows Stored XSS.This issue affects Loops & Logic: from n/a through = 4.2.3...

6.5CVSS0.00235EPSS
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-57734

The CVE concerns WordPress tagDiv Composer (td-composer). Affected: tagDiv Composer

7.1CVSS6.1AI score0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday16 views

CVE-2026-57379 WordPress FormyChat plugin <= 2.15.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPPOOL FormyChat social-contact-form allows Stored XSS.This issue affects FormyChat: from n/a through = 2.15.3...

7.1CVSS0.00251EPSS
Exploits0References1
Rows per page
Query Builder