Lucene search
K

288 matches found

ATTACKERKB
ATTACKERKB
added last week10 views

CVE-2026-57278

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.9AI score0.0028EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/30 4:30 a.m.6 views

CVE-2026-12560

The Editorial Rating – Product Review & Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'Link URL' Field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS5.9AI score0.0024EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/30 4:30 a.m.8 views

EUVD-2026-40251

The Editorial Rating – Product Review & Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'Link URL' Field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS5.9AI score0.0024EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/29 12:30 p.m.7 views

EUVD-2026-40082

A security flaw has been discovered in code-projects Online Music Site 1.0. This affects an unknown part of the file /Frontend/Feedback.php of the component POST Request Handler. The manipulation of the argument fname/femail/faddress/fmessage results in cross site scripting. The attack may be...

5.3CVSS4.4AI score0.00273EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/24 12:30 a.m.8 views

EUVD-2026-38634

FlatPress versions prior to commit 10be83c, contains a stored cross-site scripting vulnerability in comment and contact forms where name, URL, and email fields are rendered without proper output encoding in Smarty templates. Attackers can inject arbitrary HTML and JavaScript through these fields ...

8.4CVSS5.9AI score0.00243EPSS
Exploits0References4
NVD
NVD
added 2026/06/06 4:17 a.m.12 views

CVE-2026-7796

The EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block 'url' attribute in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping...

6.4CVSS0.00234EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.10 views

CVE-2025-13605

3onedata modbus gateway device model GW1101-1DRS-485-TB-P hardware version V2.2.0 allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the "IP address" field of the diagnosis test tools. This issue has been resolved in firmware...

9.3CVSS5.8AI score0.00198EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 1:22 p.m.10 views

CVE-2019-25742 WordPress Theme Zoner Real Estate 4.1.1 Persistent XSS

WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when creating properties. Attackers can inject JavaScript payloads in the property creation form that execu...

5.4CVSS5.7AI score0.00171EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/04 1:22 p.m.6 views

CVE-2019-25742

WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when creating properties. Attackers can inject JavaScript payloads in the property creation form that execu...

6.4CVSS5.7AI score0.00171EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/04 1:22 p.m.15 views

CVE-2019-25742

CVE-2019-25742 affects WordPress Theme Zoner Real Estate 4.1.1 with a persistent XSS in the Address field during property creation. Authenticated agents can inject JavaScript payloads that execute when administrators view the property for approval, enabling cookie theft and potential session hija...

5.4CVSS5.7AI score0.00171EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/04 1:22 p.m.8 views

EUVD-2019-20178

WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when creating properties. Attackers can inject JavaScript payloads in the property creation form that execu...

6.4CVSS5.7AI score0.00171EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.21 views

PT-2026-46212

Name of the Vulnerable Software and Affected Versions Zoner Real Estate version 4.1.1 Description A persistent cross-site scripting issue exists where authenticated agents can inject malicious JavaScript payloads through the Address input field during property creation. These scripts execute when...

5.4CVSS4.9AI score0.00171EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.6 views

WordPress plugin Zoner Real Estate 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.4CVSS5.2AI score0.00171EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.21 views

PT-2026-46206

LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the Host IP field. Attackers can craft a specially formatted input file with shellcode and overwrite the return address to execute calc.ex...

8.6CVSS6.4AI score0.00146EPSS
Exploits0References4
NVD
NVD
added 2026/06/01 10:16 p.m.14 views

CVE-2018-25427

Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers can craft malicious input exceeding 658 bytes with shellcode to overwrite the structured exception...

9.8CVSS0.00923EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/01 9:0 p.m.44 views

CVE-2018-25427 Arm Whois 3.11 Buffer Overflow via SEH Overwrite

Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers can craft malicious input exceeding 658 bytes with shellcode to overwrite the structured exception...

9.8CVSS0.00923EPSS
Exploits0References4
CVE
CVE
added 2026/06/01 9:0 p.m.21 views

CVE-2018-25427

CVE-2018-25427 pertains to Arm Whois 3.11, where a stack-based buffer overflow allows remote code execution by sending oversized input to the IP address or domain field. Input longer than 658 bytes with shellcode can overwrite the Structured Exception Handler, enabling command execution during pr...

9.8CVSS6.6AI score0.00923EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/30 2:55 p.m.35 views

CVE-2018-25423 Arm Whois 3.11 Denial of Service via Buffer Overflow

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a malicious buffer of 700 bytes into the IP address or domain input field to trigger a denial of service condition...

6.9CVSS0.0014EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/23 6:30 p.m.12 views

CVE-2018-25345

10-Strike Network Scanner 3.0 contains a local buffer overflow vulnerability in the host name field that allows attackers to bypass SafeSEH protections and execute arbitrary code. Attackers can craft a malicious payload in the host name or address field and trigger the vulnerability through the...

8.6CVSS6.3AI score0.00166EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/23 6:30 p.m.14 views

EUVD-2018-21867

10-Strike Network Scanner 3.0 contains a local buffer overflow vulnerability in the host name field that allows attackers to bypass SafeSEH protections and execute arbitrary code. Attackers can craft a malicious payload in the host name or address field and trigger the vulnerability through the...

8.6CVSS6.3AI score0.00166EPSS
Exploits0References3
Rows per page
Query Builder