Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

594 matches found

Nuclei
Nucleiadded 12 hours ago8 views

Giga Messenger WordPress - Cross-Site Scripting

Giga Messenger WordPress plugin = 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

6.1CVSS7.2AI score0.00561EPSS
Exploits1References2
Cvelist
Cvelistadded 2 days ago30 views

CVE-2026-54834 WordPress Object Cache 4 everyone plugin <= 2.3.2 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone = 2.3.2 versions...

7.5CVSS0.00294EPSS
Exploits0References1
Cvelist
Cvelistadded 3 days ago29 views

CVE-2026-46733

Dell Display and Peripheral Manager DDPM Windows, versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution...

7.8CVSS0.00101EPSS
Exploits0References1
EUVD
EUVDadded 3 days ago5 views

EUVD-2026-39363

Subscriber Sensitive Data Exposure in Visual Link Preview = 2.3.1 versions...

7.4CVSS5.8AI score0.00264EPSS
Exploits0References1
CVE
CVEadded 3 days ago14 views

CVE-2026-54821

The CVE-2026-54821 entry concerns the WordPress Visual Link Preview plugin, affected versions are

7.4CVSS5.8AI score0.00264EPSS
Exploits0References1
AstraLinux
AstraLinuxadded 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/amd/display: Atom Integrated System Info v22 for DCN35 A new request from KMD/VBIOS is to support a new UMA carveout model. This resolves a null dereference issue when accessing Ctx-dcbios-integratedinfo, as this variable...

5.5CVSS6.3AI score0.00227EPSS
Exploits0References2
Debian CVE
Debian CVEadded 2026/06/18 6:0 p.m.6 views

CVE-2026-55392

NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfssbisvalid function fails to validate slogblocksize field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images trigger undefined behavior through oversized shifts or out-of-memory conditions, crashi...

6.7CVSS5.3AI score0.00105EPSS
Exploits0
NVD
NVDadded 2026/06/17 10:16 p.m.12 views

CVE-2026-48997

e107 is a content management system CMS. Versions 2.3.5 and earlier contain a command injection vulnerability in the ImageMagick resize destination path. In resizeimage, the source path is escaped with escapeshellarg, but the destination path is inserted inside raw double quotes in the convert...

7.1CVSS0.00747EPSS
Exploits0References2
Patchstack
Patchstackadded 2026/06/17 12:58 p.m.6 views

WordPress Visual Link Preview plugin <= 2.3.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by she11f in WordPress Plugin Visual Link Preview versions = 2.3.1...

7.4CVSS5.8AI score0.00264EPSS
Exploits0Affected Software1
EUVD
EUVDadded 2026/06/15 9:30 p.m.6 views

EUVD-2026-36988

Unauthenticated Broken Access Control in WPAdverts = 2.3.0 versions...

6.5CVSS5.1AI score0.00242EPSS
Exploits0References2
NVD
NVDadded 2026/06/15 9:17 p.m.6 views

CVE-2026-48889

Subscriber Privilege Escalation in Amelia = 2.3 versions...

8.8CVSS0.00378EPSS
Exploits0References1
NVD
NVDadded 2026/06/15 9:16 p.m.7 views

CVE-2025-68851

Unauthenticated Cross Site Scripting XSS in Okay Toolkit = 2.3 versions...

7.1CVSS0.00186EPSS
Exploits0References1
CVE
CVEadded 2026/06/15 8:17 p.m.16 views

CVE-2025-68851

CVE-2025-68851 refers to the WordPress Okay Toolkit plugin (&lt;= 2.3) and describes an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability. The vulnerability was identified by Skalucy. The provided documents do not specify the exact vulnerable input, affected product version(s) be...

7.1CVSS5.1AI score0.00186EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/06/15 12:0 a.m.7 views

PT-2026-49351

Unauthenticated Cross Site Scripting XSS in Okay Toolkit = 2.3 versions...

7.1CVSS5.1AI score0.00186EPSS
Exploits0References2
OSV
OSVadded 2026/06/12 8:7 p.m.8 views

GHSA-P5J5-4J3Q-8MQ8 TYPO3 HTML Sanitizer allows Cross-site Scripting

Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2. Credits to Doyensec in collaboration with Claude and Anthropic Research for reporting this vulnerability...

5.1CVSS5AI score0.00366EPSS
Exploits0References6
EUVD
EUVDadded 2026/06/11 6:55 p.m.10 views

EUVD-2026-36301

SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, API tokens used to authenticate all REST API requests are stored as plaintext strings in the apitokens database table. Any attacker who obtains read access to the database — through SQL injection, a leaked backup, a...

8.1CVSS5.5AI score0.00197EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/06/11 12:0 a.m.11 views

PT-2026-48727

Name of the Vulnerable Software and Affected Versions SolidInvoice versions prior to 2.3.17 Description The company logo upload feature lacks validation for uploaded file types. An authenticated administrator can upload an SVG file containing base64-encoded JavaScript. This script is injected...

8.1CVSS4.9AI score0.0031EPSS
Exploits0References6
CVE
CVEadded 2026/06/09 7:49 a.m.23 views

CVE-2026-11616

The CVE pertains to the WordPress plugin Events Calendar for GeoDirectory, affected in versions up to and including 2.3.28. The root cause is an ajax_ayi_action() path that applies strip_tags(esc_sql()) without an allow-list to attacker-controlled POST values, forwarding them to update_ayi_data()...

8.8CVSS5.5AI score0.00275EPSS
Exploits0References4
Patchstack
Patchstackadded 2026/06/08 1:0 p.m.8 views

WordPress Accordions plugin <= 2.3.23 - Authenticated (Custom+) Stored Cross-Site Scripting vulnerability

Authenticated Custom+ Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Accordion versions = 2.3.23...

6.4CVSS5.4AI score0.00155EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2026/06/08 12:6 p.m.9 views

EUVD-2026-35053

Improper neutralization of HTML-encoded characters in the URL validation function in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an authenticated user to bypass URL validation and inject malicious URLs such as javascript: URIs, resulting in cross-site scripting when another...

8.5CVSS5.2AI score0.0014EPSS
Exploits0References1
Rows per page
Query Builder