Lucene search
+L

14 matches found

Cvelist
Cvelist
added 2026/05/10 11:45 p.m.72 views

CVE-2026-8254 Devs Palace ERP Online sales_save cross site scripting

A security flaw has been discovered in Devs Palace ERP Online up to 4.0.0. Affected by this issue is some unknown functionality of the file /inventory/salessave. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the...

4.8CVSS0.00253EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 5:2 p.m.5 views

CVE-2026-24362

Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Post Kit: from n/a through = 4.0.21...

6.4CVSS5.8AI score0.00245EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.9 views

WordPress XCloner plugin <= 4.8.2 - Cross-Site Request Forgery in Xcloner_Remote_Storage:save() vulnerability

Cross-Site Request Forgery in XclonerRemoteStorage:save vulnerability discovered by Rafshanzani Suhada in WordPress Plugin XCloner versions = 4.8.2...

4.3CVSS5.9AI score0.00106EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/09 2:52 p.m.5 views

CVE-2025-63060 WordPress KALLYAS theme < 4.25.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in hogash KALLYAS kallyas allows Cross Site Request Forgery.This issue affects KALLYAS: from n/a through 4.25.0...

4.3CVSS5.1AI score0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/24 6:31 p.m.7 views

CVE-2025-59585

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Recipe penci-recipe allows DOM-Based XSS.This issue affects Penci Recipe: from n/a through = 4.0...

6.5CVSS5.9AI score0.00159EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/08 1:19 p.m.16 views

CVE-2025-30939

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Debashish IFrame Widget iframe-widget allows Stored XSS.This issue affects IFrame Widget: from n/a through = 4.1...

5.9CVSS5.9AI score0.00212EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:41 a.m.9 views

CVE-2023-48278

Cross-Site Request Forgery CSRF vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Stored XSS.This issue affects WP Forms Puzzle Captcha: from n/a through 4.1...

7.1CVSS7AI score0.00207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:11 a.m.9 views

CVE-2023-39649

Improper neutralization of SQL parameter in Theme Volty CMS Category Slider module for PrestaShop. In the module “Theme Volty CMS Category Slider” tvcmscategoryslider up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions...

9.8CVSS8AI score0.00535EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2025/03/27 11:15 a.m.6 views

CVE-2025-30898

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mahdi Yousefi MahdiY افزونه حمل و نقل ووکامرس پست پیشتاز و سفارشی، پیک موتوری persian-woocommerce-shipping allows Stored XSS.This issue affects افزونه حمل و نقل ووکامرس پست پیشتاز و سفارشی، پیک...

6.5CVSS7.2AI score0.00271EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/15 9:57 p.m.7 views

CVE-2025-26886 WordPress PublishPress Authors plugin <= 4.7.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PublishPress PublishPress Authors publishpress-authors allows SQL Injection.This issue affects PublishPress Authors: from n/a through = 4.7.3...

7.6CVSS8.9AI score0.00331EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/09/30 12:41 p.m.7 views

WordPress EventPrime plugin <= 4.0.4.5 - Open Redirection vulnerability

Open Redirection vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin EventPrime versions = 4.0.4.5...

6.1CVSS7AI score0.00258EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/20 12:0 a.m.14 views

PT-2024-19643 · WordPress · Animated Headline

Name of the Vulnerable Software and Affected Versions: Animated Headline plugin for WordPress versions up to, and including, 4.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the 'animated-headline' shortcode. This allows...

6.4CVSS9.4AI score0.00328EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/12/06 12:0 a.m.5 views

RackN Digital Rebar 安全漏洞

RackN Digital Rebar is a platform from RackN, Inc. extends IaC automation with reusable workflows that can be deployed on any platform. A security vulnerability exists in RackN Digital Rebar versions 4.6.14 and earlier, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through...

9.8CVSS8.4AI score0.00692EPSS
Exploits0References3
OSV
OSV
added 2021/09/10 2:15 p.m.7 views

CVE-2021-38330

The Yet Another bol.com Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /yabp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4...

6.1CVSS5.8AI score0.00938EPSS
Exploits1References2
Rows per page
Query Builder