Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded yesterday8 views

EUVD-2026-37041

The File Sharing & Download Manager – User Private Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fldrttl' parameter in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.5AI score0.00235EPSS
Exploits0References9
Positive Technologies
Positive Technologiesadded 2026/03/26 12:0 a.m.7 views

PT-2026-28184

The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepare object for database' function. This makes it possible for...

9.8CVSS5.8AI score0.00353EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2026/01/06 3:21 a.m.3 views

CVE-2025-13746 ForumWP – Forum & Discussion Board <= 2.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Display Name

The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User's Display Name in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS4.7AI score0.00188EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2025/12/10 5:27 a.m.2 views

CVE-2025-13604

The Login Security, FireWall, Malware removal by CleanTalk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the page URL in all versions up to, and including, 2.168 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...

7.2CVSS5.2AI score0.00259EPSS
Exploits0References1
Patchstack
Patchstackadded 2025/03/28 12:54 p.m.4 views

WordPress Microblog Poster plugin <= 2.1.6 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Microblog Poster versions = 2.1.6...

7.1CVSS6.1AI score0.00109EPSS
Exploits0Affected Software1
CNNVD
CNNVDadded 2025/02/26 12:0 a.m.3 views

SunGrow iSolarCloud 安全漏洞

SunGrow iSolarCloud is an Android app for new energy power plant management from China SunGrow SunGrow. It is used for power plant data collection, monitoring, operation and maintenance and operation management. A security vulnerability exists in SunGrow iSolarCloud Android app version...

7.4CVSS6.6AI score0.00219EPSS
Exploits0References3
Patchstack
Patchstackadded 2025/01/21 10:56 p.m.3 views

WordPress WP Hotel Booking plugin <= 2.1.6 - Missing Authorization to Authenticated (Subscriber+) User Email Retrieval vulnerability

Missing Authorization to Authenticated Subscriber+ User Email Retrieval vulnerability discovered by Krzysztof Zając in WordPress Plugin WP Hotel Booking versions = 2.1.6...

4.3CVSS7AI score0.00332EPSS
Exploits0References1Affected Software1
CNVD
CNVDadded 2020/05/06 12:0 a.m.2 views

Apache Syncope Code Injection Vulnerability

Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. A code injection vulnerability exists in Apache Syncope versions prior to...

9.8CVSS7.9AI score0.04821EPSS
Exploits0References1
Rows per page
Query Builder