Lucene search
K

8 matches found

EUVD
EUVD
added 2026/03/24 6:52 p.m.9 views

EUVD-2026-14182

pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, a Host Header Spoofing vulnerability in the @localcheck decorator allows unauthenticated external attackers to bypass local-only restrictions. This grants access to the Click'N'Load API endpoints,...

8.8CVSS5.8AI score0.00428EPSS
Exploits5References18
OSV
OSV
added 2026/03/19 12:45 p.m.2 views

GHSA-W5FF-2MJC-4PHC AVideo has an OS Command Injection via Unescaped URL in LinkedIn Video Upload Shell Command

Summary The uploadVideoToLinkedIn method in the SocialMediaPublisher plugin constructs a shell command by directly interpolating an upload URL received from LinkedIn's API response, without sanitization via escapeshellarg. If an attacker can influence the LinkedIn API response via MITM, compromis...

5.9CVSS6.2AI score0.00323EPSS
Exploits1References4
OSV
OSV
added 2024/10/01 9:15 a.m.4 views

CVE-2024-9228

The Loggedin – Limit Active Logins plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS6AI score0.0036EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/23 12:0 a.m.5 views

PT-2024-39084 · WordPress · The Pixel Cat – Conversion Pixel Manager

Name of the Vulnerable Software and Affected Versions: The Pixel Cat – Conversion Pixel Manager plugin for WordPress versions up to, and including, 3.0.5 Description: The issue arises from the use of add query arg without proper escaping on the URL, allowing unauthenticated attackers to inject...

6.1CVSS7AI score0.00494EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/10/25 12:0 a.m.4 views

Jenkins Plugin Edgewall Trac Cross-Site Scripting Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

5.4CVSS6AI score0.00459EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/05/15 12:0 a.m.3 views

WordPress plugin RapidExpCart 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS6.7AI score0.00239EPSS
Exploits2References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:19 a.m.4 views

SUSE CVE-2004-1177

Cross-site scripting XSS vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page...

4.3CVSS6AI score0.01782EPSS
Exploits0References8
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.3 views

WordPress plugin Classified Listing Pro 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

6.1CVSS5.9AI score0.00557EPSS
Exploits2References2
Rows per page
Query Builder