Lucene search
K

600 matches found

Nuclei
Nuclei
added 13 hours ago11 views

Giga Messenger WordPress - Cross-Site Scripting

Giga Messenger WordPress plugin = 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

6.1CVSS7AI score0.00567EPSS
Exploits1References2
CVE
CVE
added yesterday17 views

CVE-2026-51538

EIPStackGroup OpENer 2.3.0 commit 76b95cf suffers from an Incorrect Access Control vulnerability in its handling of encapsulation sessions. When the server processes critical encapsulation commands, it verifies whether the provided sessionhandle exists in the global session list, but it fails to...

9.1CVSS6.1AI score
Exploits0References2
NVD
NVD
added 2026/07/02 11:16 a.m.11 views

CVE-2026-54431

In liboauth2 the Demonstrating Proof-of-Possession DPoP verifier accepts a proof whose JSON Web Key jwk header contains private key material. RFC 9449 section 4.3 step 7 requires the verifier to reject such a proof but oauth2tokenverify function returns success for a malformed DPoP proof that...

5.1CVSS0.00128EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-434 Remote unauthenticated attackers able to upload files in Onionshare

OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality...

9.8CVSS7.2AI score0.0232EPSS
Exploits1References7
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-270 OS Command Injection in Apache Airflow

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider...

9.8CVSS7.4AI score0.03944EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/29 12:0 a.m.5 views

CVE-2026-51219

A heap buffer overflow in the HighPriorityASDUQueuehasUnconfirmedIMessages function of lib60870 v2.3.3 to v2.3.6 allows attackers to cause a Denial of Service DoS via a crafted payload...

6AI score0.00348EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.34 views

CVE-2026-54834 WordPress Object Cache 4 everyone plugin <= 2.3.2 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone = 2.3.2 versions...

7.5CVSS0.00294EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 1:17 p.m.32 views

CVE-2026-46733

Dell Display and Peripheral Manager DDPM Windows, versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution...

7.8CVSS0.00101EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:12 p.m.6 views

EUVD-2026-39363

Subscriber Sensitive Data Exposure in Visual Link Preview = 2.3.1 versions...

7.4CVSS5.8AI score0.00264EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:12 p.m.17 views

CVE-2026-54821

The CVE-2026-54821 entry concerns the WordPress Visual Link Preview plugin, affected versions are

7.4CVSS5.8AI score0.00264EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/18 6:0 p.m.7 views

CVE-2026-55392

NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfssbisvalid function fails to validate slogblocksize field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images trigger undefined behavior through oversized shifts or out-of-memory conditions, crashi...

6.7CVSS5.3AI score0.00105EPSS
Exploits0
NVD
NVD
added 2026/06/17 10:16 p.m.15 views

CVE-2026-48997

e107 is a content management system CMS. Versions 2.3.5 and earlier contain a command injection vulnerability in the ImageMagick resize destination path. In resizeimage, the source path is escaped with escapeshellarg, but the destination path is inserted inside raw double quotes in the convert...

7.1CVSS0.00747EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/17 12:58 p.m.6 views

WordPress Visual Link Preview plugin <= 2.3.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by she11f in WordPress Plugin Visual Link Preview versions = 2.3.1...

7.4CVSS5.8AI score0.00264EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/15 9:30 p.m.10 views

EUVD-2026-36988

Unauthenticated Broken Access Control in WPAdverts = 2.3.0 versions...

6.5CVSS5.1AI score0.00242EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:17 p.m.8 views

CVE-2026-48889

Subscriber Privilege Escalation in Amelia = 2.3 versions...

8.8CVSS0.00378EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.9 views

CVE-2025-68851

Unauthenticated Cross Site Scripting XSS in Okay Toolkit = 2.3 versions...

7.1CVSS0.00186EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:17 p.m.20 views

CVE-2025-68851

CVE-2025-68851 refers to the WordPress Okay Toolkit plugin (&lt;= 2.3) and describes an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability. The vulnerability was identified by Skalucy. The provided documents do not specify the exact vulnerable input, affected product version(s) be...

7.1CVSS5.1AI score0.00186EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49351

Unauthenticated Cross Site Scripting XSS in Okay Toolkit = 2.3 versions...

7.1CVSS5.1AI score0.00186EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 8:7 p.m.9 views

GHSA-P5J5-4J3Q-8MQ8 TYPO3 HTML Sanitizer allows Cross-site Scripting

Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2. Credits to Doyensec in collaboration with Claude and Anthropic Research for reporting this vulnerability...

5.1CVSS5AI score0.00366EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/11 6:55 p.m.15 views

EUVD-2026-36301

SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, API tokens used to authenticate all REST API requests are stored as plaintext strings in the apitokens database table. Any attacker who obtains read access to the database — through SQL injection, a leaked backup, a...

8.1CVSS5.5AI score0.00197EPSS
Exploits0References3
Rows per page
Query Builder