Lucene search
+L

14278 matches found

Nuclei
Nuclei
added 11 hours ago77 views

GamiPress <= 2.8.9 - SQL Injection

GamiPress WordPress plugin version 2.8.9 and below suffers from an SQL injection vulnerability due to insufficient sanitization of user input, allowing attackers to execute arbitrary SQL commands. id: CVE-2024-13496 info: name: GamiPress = 2.8.9 - SQL Injection author: ritikchaddha severity: high...

7.5CVSS9.1AI score0.0215EPSS
Exploits0References2
Nuclei
Nuclei
added 11 hours ago19 views

Moodle LMS Jmol Plugin <= 6.1 - Cross-Site Scripting

A reflected cross-site scripting XSS vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript...

6.1CVSS5.4AI score0.00626EPSS
Exploits1References2
Nuclei
Nuclei
added 11 hours ago237 views

OpenAM<=15.0.3 FreeMarker - Template Injection

OpenAM is an open access management solution. In versions 15.0.3 and prior, the getCustomLoginUrlTemplate method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input id: CVE-2024-41667 info: name: OpenAM=15.0.3 FreeMarker - Template Injection...

8.8CVSS7.8AI score0.03536EPSS
Exploits0References4
Nuclei
Nuclei
added 11 hours ago72 views

Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored)

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting XSS vulnerability via Post content. id: CVE-2022-42096 info: name: Backdrop CMS version 1.23.0 - Cross Site Scripting Stored author: theamanrawat severity: medium description: | Backdrop CMS version 1.23.0 was...

4.8CVSS4.8AI score0.0196EPSS
Exploits1References5
Nuclei
Nuclei
added 11 hours ago19 views

Push Notification for Post and BuddyPress <= 1.93 - SQL Injection

Push Notification for Post and BuddyPress plugin for WordPress is vulnerable to SQL Injection via the 'onesignalexternalid' and 'onesignalgetsubscriptionoptionsid' paramters in all versions up to, and including, 1.93 due to insufficient escaping on the user supplied parameter and lack of sufficie...

9.8CVSS5.7AI score0.02491EPSS
Exploits1References2
Nuclei
Nuclei
added 11 hours ago70 views

IBAX - SQL Injection

IBAX go-ibax functionality is susceptible to SQL injection via the file /api/v2/open/rowsInfo. The manipulation of the argument tablename leads to SQL injection, and the attack may be launched remotely. An attacker can potentially obtain sensitive information, modify data, and/or execute...

8.8CVSS7.9AI score0.02241EPSS
Exploits0References4
Nuclei
Nuclei
added 11 hours ago56 views

WordPress AnyComment <0.3.5 - Open Redirect

WordPress AnyComment plugin before 0.3.5 contains an open redirect vulnerability via an API endpoint which passes user input via the redirect parameter to the wpredirect function without being validated. An attacker can redirect a user to a malicious site and possibly obtain sensitive information...

6.1CVSS6.2AI score0.02208EPSS
Exploits2References4
Nuclei
Nuclei
added 11 hours ago110 views

Hongdian H8922 3.0.5 Devices - Local File Inclusion

Hongdian H8922 3.0.5 devices are vulnerable to local file inclusion. The /logdownload.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ e.g., ../../etc/passwd This can be carried out wi...

6.5CVSS7.1AI score0.13751EPSS
Exploits1References5
Nuclei
Nuclei
added 11 hours ago108 views

Online Fire Reporting System v1.0 - SQL injection

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=deleteinquiry. id: CVE-2022-31978 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: critical description: | Online Fire Reporting System v1.0 is vulnerable to...

9.8CVSS8.9AI score0.0716EPSS
Exploits1References3
Nuclei
Nuclei
added 11 hours ago70 views

PuneethReddyHC Online Shopping System homeaction.php SQL Injection

An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping System through the /homeaction.php catid parameter. Using a post request does not sanitize the user input. id: CVE-2021-41649 info: name: PuneethReddyHC Online Shopping System homeaction.php SQL Injection...

9.8CVSS8.7AI score0.5177EPSS
Exploits2References5
Nuclei
Nuclei
added 11 hours ago79 views

WWBN AVideo 11.6 - Cross-Site Scripting

A reflected XSS vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff, allowing arbitrary Javascript execution. id: CVE-2023-48728 info: name: WWBN AVideo 11.6 - Cross-Site Scripting author: ritikchaddha severity: medium...

9.6CVSS7.1AI score0.02268EPSS
Exploits1References2
NVD
NVD
added 2 days ago8 views

CVE-2026-53446

Wekan is open source kanban built with Meteor. Prior to 9.32, Wekan webhook integration URLs in models/integrations.js are stored from user input and later fetched by server/notifications/outgoing.js without applying the existing validateAttachmentUrl private-network checks from...

6.2CVSS0.00286EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-48357

CAI Content Credentials is affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue...

6.2CVSS6.1AI score0.00153EPSS
Exploits0References2
CVE
CVE
added 4 days ago23 views

CVE-2026-55773

CVE-2026-55773 affects CedarJava (open‑source Cedar policy language for fine‑grained authorization). In versions &lt; 2.3.6, &lt; 3.4.1, and

8.8CVSS6.1AI score0.00294EPSS
Exploits0References1
OSV
OSV
added 2026/07/08 7:31 p.m.3 views

CVE-2026-55760 handlebars.java FileTemplateLoader Path Traversal

Handlebars.java provides logic-less and semantic Mustache templates with Java. Prior to 4.5.2, applications that pass user-controlled input to Handlebars.compile using FileTemplateLoader or ClassPathTemplateLoader are vulnerable to path traversal, allowing arbitrary file read through template nam...

7.5CVSS6.2AI score0.00414EPSS
Exploits0References5
OSV
OSV
added 2026/07/08 5:14 p.m.3 views

DRUPAL-CONTRIB-2026-072

The Location Selector module provides a Views filter for selecting location values. One of the provided Views filters does not sufficiently sanitize values that may come from user input, resulting in a SQL injection vulnerability. This vulnerability is mitigated by the fact that a View must exist...

7.4CVSS6.1AI score0.00257EPSS
Exploits0References1
OSV
OSV
added 2026/07/08 2:43 p.m.5 views

CVE-2026-15067 Multiple Security Vulnerabilities in Terraform Provider for Snowflake Could Allow Privilege Escalation and Unauthorized Snowflake Account Takeover

Snowflake Terraform Provider versions prior to 2.18.0 contain several security vulnerabilities, including SQL injection via an unsanitized data source input could result in arbitrary SQL execution under the provider's privileged Snowflake session, potentially enabling sensitive data exfiltration...

8.8CVSS6.3AI score0.00371EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.7 views

PT-2026-56661

Name of the Vulnerable Software and Affected Versions Location Selector versions 0.0.0 through 1.3.0 Description An SQL injection issue exists in the Location Selector module, which provides a Views filter for selecting location values. A specific Views filter fails to sufficiently sanitize value...

6.1AI score0.00257EPSS
Exploits0References3
OSV
OSV
added 2026/07/07 11:45 a.m.4 views

PYSEC-2026-1474 Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter

The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as opposed to only values as user input, and...

5.4CVSS6.7AI score0.00979EPSS
Exploits0References11
NVD
NVD
added 2026/07/06 9:16 p.m.6 views

CVE-2026-21384

Memory Corruption when updating prepared commands with invalid port indices based on user space input exceeds supported read client limits...

5.3CVSS0.00056EPSS
Exploits0References1
Rows per page
Query Builder