Lucene search
K

43302 matches found

Packet Storm News
Packet Storm News
added 2026/09/10 12:0 a.m.53 views

IServ Schoolserver User Enumeration

IServ Schoolserver suffers from a user enumeration vulnerability. The vendor does not feel this is an issue...

5.8AI score
Exploits0
NVD
NVD
added yesterday6 views

CVE-2026-12224

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via updatecapabilities REST Endpoint in all versions up to, and including, 5.0.4. This is due to the updatecapabilities REST handler accepting arbitrary capability strings from the request body and passing them directly to...

8.8CVSS0.00246EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday15 views

CVE-2026-12224 Dokan Pro <= 5.0.4 - Authenticated (Vendor+) Privilege Escalation via update_capabilities REST Endpoint

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via updatecapabilities REST Endpoint in all versions up to, and including, 5.0.4. This is due to the updatecapabilities REST handler accepting arbitrary capability strings from the request body and passing them directly to...

8.8CVSS0.00246EPSS
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-12224

The CVE-2026-12224 entry concerns the Dokan Pro plugin for WordPress. The vulnerability arises in the update_capabilities REST endpoint, which accepts arbitrary capability strings from the request body and passes them to WP_User::add_cap() without allowlist validation, with only the caller’s doka...

8.8CVSS5.7AI score0.00246EPSS
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-40928

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via updatecapabilities REST Endpoint in all versions up to, and including, 5.0.4. This is due to the updatecapabilities REST handler accepting arbitrary capability strings from the request body and passing them directly to...

8.8CVSS5.7AI score0.00246EPSS
Exploits0References2
OSV
OSV
added yesterday4 views

ROOT-OS-DEBIAN-13-CVE-2025-38644 CVE-2025-38644 in rootio-linux - Patched by Root

Root has patched CVE-2025-38644 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

5.5CVSS7.8AI score0.00147EPSS
Exploits0
Nuclei
Nuclei
added yesterday416 views

GLPI <=10.0.2 - Remote Command Execution

GLPI through 10.0.2 is susceptible to remote command execution injection in /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module. id: CVE-2022-35914 info: name: GLPI =10.0.2 - Remote Command Execution author: For3stCo1d,allendemoura severity: critical description: | GLPI through 10.0...

9.8CVSS7.8AI score0.99628EPSS
Exploits13References7
Nuclei
Nuclei
added yesterday27 views

WordPress Integrator 1.32 - Cross-Site Scripting

A cross-site scripting vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirectto parameter to wp-login.php. id: CVE-2012-5913 info: name: WordPress Integrator 1.32 - Cross-Site Scripti...

4.3CVSS5.8AI score0.08732EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday22 views

Emlog Pro v2.1.14 - Cross-Site Scripting

Cross Site Scripting XSS vulnerability in Emlog Pro v2.1.14 via /admin/store.php. id: CVE-2023-41621 info: name: Emlog Pro v2.1.14 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross Site Scripting XSS vulnerability in Emlog Pro v2.1.14 via /admin/store.php. impact: ...

6.1CVSS6.4AI score0.01146EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday29 views

Academy LMS 6.0 - Cross-Site Scripting

Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting XSS vulnerability through query parameter. id: CVE-2023-38964 info: name: Academy LMS 6.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Creative Item Academy LMS 6.0 was discovered to...

6.1CVSS6.2AI score0.01056EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday26 views

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS5.8AI score0.01331EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday32 views

74cms - ajax_officebuilding.php SQL Injection

A SQL injection vulnerability exists in 74cms 3.2.0 via the x parameter to ajaxofficebuilding.php. id: CVE-2020-22210 info: name: 74cms - ajaxofficebuilding.php SQL Injection author: ritikchaddha severity: critical description: | A SQL injection vulnerability exists in 74cms 3.2.0 via the x...

9.8CVSS6.9AI score0.08579EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday39 views

74cms - ajax_street.php 'x' SQL Injection

SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajaxstreet.php. id: CVE-2020-22208 info: name: 74cms - ajaxstreet.php 'x' SQL Injection author: ritikchaddha severity: critical description: | SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajaxstreet.php. impact: | Successful...

9.8CVSS7AI score0.09743EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday36 views

UC Gateway Investment SiteEngine v5.0 - Open Redirect

Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action. id: CVE-2008-7269 info: name: UC Gateway Investment SiteEngine v5.0 - Open...

5.8CVSS6AI score0.09254EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday27 views

Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion

A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter. id: CVE-2023-29887 info: name: Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion author: ctflearner severity: high description: | A Local...

7.5CVSS7.3AI score0.04736EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday129 views

Dahua Smart Park Management - Arbitrary File Upload

Dahua wisdom park integrated management platform is a comprehensive management platform, a park operations,resource allocation, and intelligence services,and other functions, including/emap/devicePointaddImgIco?. id: CVE-2023-3836 info: name: Dahua Smart Park Management - Arbitrary File Upload...

9.8CVSS6.7AI score0.73525EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday35 views

DedeCMS 5.7.109 - Server-Side Request Forgery

Manipulation of the rssurl parameter in codo.php leads to server-side request forgery in DedeCMS version 5.7.109. id: CVE-2023-3578 info: name: DedeCMS 5.7.109 - Server-Side Request Forgery author: ritikchaddha severity: critical description: | Manipulation of the rssurl parameter in codo.php lea...

9.8CVSS6.3AI score0.03409EPSS
Exploits1References2
Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-8403 Stored XSS in Exagate's SYSGUARD 6001

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Stored XSS. This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.4.0. NOTE: The vendor was contacted and it...

6.1CVSS0.00149EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-8402 SQLi in Exagate's SYSGUARD 6001

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Blind SQL Injection. This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.16.0. NOTE: The vendor was...

9.8CVSS0.00321EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2 days ago3 views

Linux Distros Unpatched Vulnerability : CVE-2026-6412

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing. CVE-2026-6412 Note that Nessus...

4.3CVSS5.8AI score0.00074EPSS
Exploits0References3
Rows per page
Query Builder