Lucene search
K

3149 matches found

Nuclei
Nuclei
added yesterday100 views

WordPress Woody Ad Snippets <2.2.5 - Cross-Site Scripting/Remote Code Execution

WordPress Woody Ad Snippets prior to 2.2.5 is susceptible to cross-site scripting and remote code execution via admin/includes/class.import.snippet.php, which allows unauthenticated options import as demonstrated by storing a cross-site scripting payload for remote code execution. id:...

8.8CVSS7.4AI score0.20813EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday60 views

WatchGuard Fireware AD Helper Component - Credentials Disclosure

WatchGuard Fireware Threat Detection and Response TDR service contains a credential-disclosure vulnerability in the AD Helper component that allows unauthenticated attackers to gain Active Directory credentials for a Windows domain in plaintext. id: CVE-2020-10532 info: name: WatchGuard Fireware ...

7.5CVSS7AI score0.02762EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday40 views

WordPress Ad Inserter <2.7.10 - Cross-Site Scripting

WordPress Ad Inserter plugin before 2.7.10 contains a cross-site scripting vulnerability. It does not sanitize and escape the htmlelementselection parameter before outputting it back in the page. id: CVE-2022-0288 info: name: WordPress Ad Inserter 2.7.10 - Cross-Site Scripting author: DhiyaneshDK...

6.1CVSS6.4AI score0.02389EPSS
Exploits2References4
NVD
NVD
added 2 days ago3 views

CVE-2026-57693

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spacetime Ad Inserter ad-inserter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ad Inserter: from n/a through = 2.8.11...

6.5CVSS0.00161EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-57693

CVE-2026-57693 concerns the WordPress Ad Inserter plugin (versions up to and including 2.8.11). The issue is an Improper Neutralization of Input During Web Page Generation (XSS) that allows exploitation via incorrectly configured access control. Affected component: Ad Inserter (WordPress plugin)....

6.5CVSS6.1AI score0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-57693 WordPress Ad Inserter plugin <= 2.8.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spacetime Ad Inserter ad-inserter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ad Inserter: from n/a through = 2.8.11...

6.5CVSS0.00161EPSS
Exploits0References1
NCSC
NCSC
added 2 days ago6 views

Vulnerabilities are being addressed in the Progress MOVEit Transfer process.

Progress has addressed vulnerabilities in MOVEit Transfer, specifically in the Custom Reports module and the Ad Hoc module. These vulnerabilities affect multiple versions of MOVEit Transfer, including 25.0.0 to 25.0.7, 25.1.0 to 25.1.3, and 26.0.0 just before 26.0.1. One vulnerability in the Cust...

8CVSS6AI score0.00442EPSS
Exploits0References1
OSV
OSV
added 2 days ago3 views

MAL-2026-10390 Malicious code in timmytuffknuckles9 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 342d7a44db99769023685647376a6042d5a9b345c281826484c9d88561f245ca Package is not a Node library — package.json declares main: sw.js, a browser Service Worker whose first line calls importScripts'./8cfc2/hgshm.js'...

6.2AI score
Exploits0References3
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-59269 Privilege Escalation via Active Directory LDAP injection in Pinniped Supervisor can be executed by an attacker who can edit LDAP Group DN entries

A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially gain elevated permissions in the clusters, only if all the following conditions were true: the Pinniped Supervisor server is running with an ActiveDirectoryIdentityProvider resource configured; the...

3.8CVSS0.0017EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 6 days ago9 views

Progress MOVEit Transfer < 2025.0.8 / 2025.1.0 < 2025.1.4 / 2026.0.0 < 2026.0.1 Multiple Vulnerabilities

The version of Progress MOVEit Transfer installed on the remote host is prior to 2025.0.8, 2025.1.x prior to 2025.1.4, or 2026.0.x prior to 2026.0.1. It is, therefore, affected by multiple vulnerabilities: - Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress...

8CVSS6.1AI score0.00442EPSS
Exploits0References4
Patchstack
Patchstack
added last week5 views

WordPress Ad Inserter plugin <= 2.8.11 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin Ad Inserter versions = 2.8.11...

6.5CVSS6.1AI score0.00161EPSS
Exploits0Affected Software1
NVD
NVD
added last week7 views

CVE-2026-11903

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Progress MOVEit Transfer Ad Hoc module. This issue affects MOVEit Transfer: from 2026.0.0 before 2026.0.1, from 2025.1.0 before 2025.1.4, from 2025.0.0 before 2025.0.8...

8CVSS0.00275EPSS
Exploits0References1
EUVD
EUVD
added last week9 views

EUVD-2026-42280

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Progress MOVEit Transfer Ad Hoc module. This issue affects MOVEit Transfer: from 2026.0.0 before 2026.0.1, from 2025.1.0 before 2025.1.4, from 2025.0.0 before 2025.0.8...

8CVSS5.9AI score0.00275EPSS
Exploits0References1
CVE
CVE
added last week21 views

CVE-2026-11903

CVE-2026-11903 is a stored XSS in the Progress MOVEit Transfer (Ad Hoc module). The issue arises from improper neutralization of input during web page generation. Affects MOVEit Transfer versions: 2026.0.0 before 2026.0.1; 2025.1.0 before 2025.1.4; 2025.0.0 before 2025.0.8. CVSS v3.1 base score 8...

8CVSS5.9AI score0.00275EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added last week35 views

CVE-2026-11903 Stored XSS in MOVEit Transfer Ad Hoc module

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Progress MOVEit Transfer Ad Hoc module. This issue affects MOVEit Transfer: from 2026.0.0 before 2026.0.1, from 2025.1.0 before 2025.1.4, from 2025.0.0 before 2025.0.8...

8CVSS0.00275EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.8 views

PT-2026-56456

Name of the Vulnerable Software and Affected Versions MOVEit Transfer versions 2026.0.0 through 2026.0.0 MOVEit Transfer versions 2025.1.0 through 2025.1.3 MOVEit Transfer versions 2025.0.0 through 2025.0.7 Description Stored cross-site scripting XSS occurs in the Ad Hoc module due to improper...

8CVSS5.8AI score0.00275EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/07 9:12 a.m.6 views

CVE-2026-14476

A path traversal flaw was found in SSSD's AD GPO provider. The adgpoextractsmbcomponents function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to write files outside the GPO cache directory as root. On default RHEL...

8CVSS5.9AI score0.00501EPSS
Exploits0References3
OSV
OSV
added 2026/07/07 6:25 a.m.5 views

MAL-2026-6910 Malicious code in zluri-ad-connector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b7a807f066f0255f7480ebd7d445043282260b464b0ef54a32a2d022c93bbf7 The package declares a preinstall hook node index.js that runs automatically on npm install. index.js requires os, dns, https, querystring, and the...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 6:25 a.m.7 views

Malicious code in zluri-ad-connector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b7a807f066f0255f7480ebd7d445043282260b464b0ef54a32a2d022c93bbf7 The package declares a preinstall hook node index.js that runs automatically on npm install. index.js requires os, dns, https, querystring, and the...

6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-14476

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A path traversal flaw was found in SSSD's AD GPO provider. The adgpoextractsmbcomponents function does not sanitize .. sequences in the gPCFileSysPath LDAP...

8CVSS6.1AI score0.00501EPSS
Exploits0References4
Rows per page
Query Builder