Lucene search
K

119 matches found

Nuclei
Nuclei
added 15 hours ago9 views

AffiliateImporterEb <= 1.0.6 - Reflected XSS

AffiliateImporterEb WordPress plugin through 1.0.6 contains a reflected XSS caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request. id: CVE-2024-12732 info: name: AffiliateImporterEb =...

6.1CVSS6AI score0.00521EPSS
Exploits1References1
Nuclei
Nuclei
added 15 hours ago12 views

WP DeskLite - Reflected XSS

WP DeskLite WordPress plugin through 1.0.0 contains a reflected XSS caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request. id: CVE-2024-12724 info: name: WP DeskLite - Reflected XSS...

6.1CVSS6AI score0.00521EPSS
Exploits1References2
Nuclei
Nuclei
added 15 hours ago8 views

SlideDeck 1 Lite Content Slider - Cross-Site Scripting

SlideDeck 1 Lite Content Slider WordPress plugin = 1.4.8 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13224 inf...

6.1CVSS7.1AI score0.00577EPSS
Exploits1References1
Nuclei
Nuclei
added 15 hours ago8 views

Dyn Business Panel Plugin <= 1.0.0 - Cross-Site Scripting

Dyn Business Panel WordPress plugin = 1.0.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter in output, letting attackers execute scripts in the context of high privilege users, exploit requires victim to click a malicious link. id: CVE-2024-130...

7.1CVSS7.1AI score0.00522EPSS
Exploits1References2
Nuclei
Nuclei
added 15 hours ago14 views

iBuildApp <= 0.2.0 - Reflected Cross-Site Scripting

iBuildApp WordPress plugin through 0.2.0 contains a reflected cross-site scripting caused by unsanitized parameter output in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13326 info:...

6.1CVSS7.1AI score0.00561EPSS
Exploits1References2
Nuclei
Nuclei
added 15 hours ago5 views

OWL Carousel Slider - Cross-Site Scripting

OWL Carousel Slider WordPress plugin v2.2 contains a reflected cross-site scripting caused by unsanitized parameter output in the page, letting attackers execute arbitrary scripts in the context of high privilege users, exploit requires attacker to craft malicious URL. id: CVE-2024-13627 info:...

4.7CVSS7.2AI score0.00805EPSS
Exploits1References1
Nuclei
Nuclei
added 15 hours ago10 views

Widget4Call WordPress - Cross-Site Scripting

Widget4Call WordPress plugin = 1.0.7 contains a reflected cross-site scripting caused by unsanitized parameter output in the page, letting attackers execute arbitrary scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13099 info: name:...

5.4CVSS7.2AI score0.00674EPSS
Exploits1References1
Nuclei
Nuclei
added 15 hours ago11 views

Guten Free Options - Cross Site Scripting

Guten Free Options WordPress plugin = 0.9.5 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to click malicious link. id: CVE-2024-13492 info: name: Guten Free...

6.1CVSS7.1AI score0.00561EPSS
Exploits1References1
CVE
CVE
added 2026/06/26 9:40 a.m.8 views

CVE-2026-6658

The CVE-2026-6658 issue affects jupyter/nbconvert versions &lt;= 7.17.0. The vulnerability arises because the data_mermaid block in share/templates/lab/base.html.j2 renders text/vnd.mermaid cell output directly into HTML without escaping, enabling Cross-site Scripting (XSS) by breaking out of the...

5.4CVSS6.3AI score0.00134EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 8:17 p.m.13 views

CVE-2026-55201

Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the downloaddir function that allows a rogue or compromised remote Windows server to write files outside the intended download directory by returning filenames with traversal sequences from Get-ChildItem...

7.4CVSS0.00304EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 3:41 a.m.33 views

CVE-2026-8907 WP-Ultimate-Map <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'zoom-level' Parameter

The WP-Ultimate-Map plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing nonce validation on the processinit function hooked to admininit, which saves plugin settings zoom-level, focus-lat, focus-lng, selplaces, selroutes v...

6.1CVSS0.00119EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/27 2:42 p.m.43 views

CVE-2026-44972 GuardDog: Unsanitized human-readable scan output allows terminal escape injection from malicious package content

GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject...

5CVSS0.00113EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 2:42 p.m.18 views

CVE-2026-44972

GuardDog (CLI) versions 2.6.0–2.9.0 output attacker-controlled filenames, file locations, messages, and code snippets without escaping terminal control characters. This allows injection of ANSI/OSC escape sequences into analyst terminals or CI logs, enabling terminal manipulation or spoofed outpu...

5CVSS5.9AI score0.00113EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 2:42 p.m.10 views

CVE-2026-44972 GuardDog: Unsanitized human-readable scan output allows terminal escape injection from malicious package content

GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject...

5CVSS5.9AI score0.00113EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/18 1:58 p.m.9 views

CVE-2026-45318

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, his advisory tracks a regression of the original Excel-preview XSS CVE-2026-44549. The same root cause — XLSX.utils.sheettohtml output rendered via @html excelHtml without DOMPurify ...

5.4CVSS5.8AI score0.00209EPSS
Exploits1References1
OSV
OSV
added 2026/05/11 2:43 p.m.6 views

GHSA-M5P4-GVPX-4MVR GuardDog: Unsanitized human-readable scan output allows terminal escape injection from malicious package content

Summary GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject ANSI or OSC escape sequences into analyst terminals or CI logs...

5CVSS5.8AI score0.00113EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/11 2:43 p.m.16 views

GuardDog: Unsanitized human-readable scan output allows terminal escape injection from malicious package content

Summary GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject ANSI or OSC escape sequences into analyst terminals or CI logs...

5CVSS5.8AI score0.00113EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/09 9:16 p.m.14 views

CVE-2026-40112

PraisonAI (multi-agent system) is affected by a Stored XSS in the Flask API before version 4.5.128. The /src/praisonai/api.py endpoint renders agent output as HTML using a _sanitize_html routine that relies on the nh3 library, which is not declared as a required/optional dependency in pyproject.t...

6.1CVSS6AI score0.00216EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.4 views

PT-2026-31781

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the Flask API endpoint in src/praisonai/api.py renders agent output as HTML without effective sanitization. The sanitize html function relies on the nh3 library, which is not listed as a required or optional dependency in pyproject.toml...

5.4CVSS6AI score0.00216EPSS
Exploits1References4
CVE
CVE
added 2026/04/07 3:6 p.m.55 views

CVE-2026-35515

NestJS/core (@nestjs/core) contains a vulnerability in SseStream._transform() where un sanitized interpolation of upstream data into SSE output allows an attacker to inject arbitrary SSE events, spoof event types, and corrupt reconnection state. The issue arises from inserting message.type and me...

6.3CVSS6AI score0.00234EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder