Lucene search
+L

2912 matches found

Cvelist
Cvelist
added 2026/05/12 2:19 a.m.43 views

CVE-2026-34258 Content Spoofing vulnerability in SAPUI5 (Search UI)

SAPUI5 Search UI allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low...

4.7CVSS0.00249EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 2:19 a.m.47 views

CVE-2026-27682 Reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages)

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver Application Server ABAP Applications based on Business Server Pages, an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a malicious script. If a victim clicks the link, the...

4.7CVSS0.00223EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 2:19 a.m.14 views

CVE-2026-27682

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver Application Server ABAP Applications based on Business Server Pages, an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a malicious script. If a victim clicks the link, the...

4.7CVSS5.8AI score0.00223EPSS
Exploits0References3
CVE
CVE
added 2026/05/08 9:22 p.m.23 views

CVE-2026-42195

The CVE describes a vulnerability in the draw.io client prior to version 29.7.9 where a ?gitlab= URL parameter can override the GitLab server URL used during OAuth sign-in. A crafted link can force the user’s click on the "Authorize in GitLab" dialog to open a popup on an attacker-controlled host...

3.4CVSS5.8AI score0.00192EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/08 9:31 a.m.11 views

EUVD-2026-28540

The Auto Affiliate Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.8.8 This is due to insufficient input sanitization on the 'url' POST parameter in the aalurlstatssaveaction function and a complete absence of output escaping in...

7.2CVSS6AI score0.00366EPSS
Exploits0References13
Vulnrichment
Vulnrichment
added 2026/05/08 8:26 a.m.7 views

CVE-2026-7330 Auto Affiliate Links <= 6.8.8 - Unauthenticated Stored Cross-Site Scripting via 'url' Parameter

The Auto Affiliate Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.8.8 This is due to insufficient input sanitization on the 'url' POST parameter in the aalurlstatssaveaction function and a complete absence of output escaping in...

7.2CVSS6AI score0.00366EPSS
Exploits0References12
CVE
CVE
added 2026/05/08 8:26 a.m.21 views

CVE-2026-7330

The CVE-2026-7330 entry concerns the WordPress plugin Auto Affiliate Links (

7.2CVSS6AI score0.00366EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/05/08 8:26 a.m.48 views

CVE-2026-7330 Auto Affiliate Links <= 6.8.8 - Unauthenticated Stored Cross-Site Scripting via 'url' Parameter

The Auto Affiliate Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.8.8 This is due to insufficient input sanitization on the 'url' POST parameter in the aalurlstatssaveaction function and a complete absence of output escaping in...

7.2CVSS0.00366EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.48 views

PT-2026-37351

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'booking form page url' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it...

7.2CVSS6AI score0.0045EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 2026/05/01 5:29 a.m.7 views

CVE-2024-13362

Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS5.5AI score0.00276EPSS
Exploits0References25
Vulnrichment
Vulnrichment
added 2026/05/01 5:29 a.m.4 views

CVE-2024-13362 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter

Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS6AI score0.00276EPSS
Exploits0References24
Cvelist
Cvelist
added 2026/05/01 5:29 a.m.35 views

CVE-2024-13362 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter

Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS0.00276EPSS
Exploits0References24
CVE
CVE
added 2026/05/01 5:29 a.m.20 views

CVE-2024-13362

CVE-2024-13362 concerns Freemius versions &lt;= 2.10.1 used in multiple WordPress plugins/themes. The flaw is a reflected DOM-based XSS via the url parameter , caused by insufficient input sanitization and output escaping. Consequences: unauthenticated attackers could cause a user to execute arbi...

6.1CVSS5.5AI score0.00276EPSS
Exploits0References24
EUVD
EUVD
added 2026/05/01 5:29 a.m.8 views

EUVD-2024-55564

Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS5.5AI score0.00276EPSS
Exploits0References24
NVD
NVD
added 2026/04/29 9:16 a.m.5 views

CVE-2026-42516

This vulnerability exists in e-Sushrut due to improper authorization checks during resource access. An authenticated attacker could exploit this vulnerability by manipulating encoded parameters in the request URL to gain unauthorized access to patient accounts on the targeted system...

7.1CVSS0.00226EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.15 views

D-Link DIR-825M 缓冲区错误漏洞

The D-Link DIR-825M is a router produced by D-Link Corporation. Version 1.1.12 of the D-Link DIR-825M contains a buffer overflow vulnerability. This vulnerability arises from the parameter submit-url in the function sub414BA8 within the file /file/boafrm/formWanConfigSetup, which leads to a buffe...

9CVSS7.8AI score0.0069EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.14 views

D-Link DIR-825M 缓冲区错误漏洞

The D-Link DIR-825M is a router produced by D-Link Corporation. Version 1.1.12 of the D-Link DIR-825M contains a buffer overflow vulnerability. This vulnerability arises from the parameter submit-url in the function sub4151FC in the file /file/boafrm/formVpnConfigSetup, which leads to a buffer...

9CVSS7.8AI score0.0069EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/04/27 7:23 p.m.9 views

CVE-2026-6983

A vulnerability was identified in pagekit up to 1.0.18. Affected by this issue is some unknown functionality of the file /index.php/admin/system/update/download. The manipulation of the argument url leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit i...

5.8CVSS4.8AI score0.00273EPSS
Exploits0References1
CVE
CVE
added 2026/04/27 7:0 p.m.18 views

CVE-2026-7150

The CVE-2026-7150 entry concerns dh1011 auto-favicon (MCP Tool) where the function generate_favicon_from_url in src/auto_favicon/server.py is affected. Manipulating the image_url argument enables server-side request forgery, with remote exploitation reportedly possible and the exploit publicly av...

6.5CVSS6.1AI score0.00201EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/27 2:7 a.m.8 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS5AI score0.00308EPSS
Exploits0References7
Rows per page
Query Builder