Lucene search
K

2351 matches found

Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-43572

The HBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hb country iso', 'hb usa state iso', and 'hb canada province iso' parameters in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS6AI score0.0019EPSS
Exploits0References3
NVD
NVD
added 2026/05/26 8:16 p.m.14 views

CVE-2026-9573

A vulnerability was detected in itsourcecode Student Transcript Processing System 1.0. This affects an unknown part of the file /admin/modules/student/index.php?view=view. Performing a manipulation of the argument studentId results in sql injection. The attack can be initiated remotely. The explo...

7.5CVSS0.00259EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/26 3:45 a.m.15 views

EUVD-2026-31787

A vulnerability was determined in itsourcecode Electronic Judging System 1.0. This issue affects some unknown processing of the file /admin/judges.php. This manipulation of the argument fname causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly...

5.3CVSS4.4AI score0.00336EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/20 6:46 a.m.14 views

EUVD-2026-31070

The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF leading to Stored Cross-Site Scripting XSS in versions up to and including 0.3.6. This is due to missing nonce verification on the settings page handler and insufficient output...

4.3CVSS6AI score0.00168EPSS
Exploits0References7
NVD
NVD
added 2026/05/20 2:16 a.m.9 views

CVE-2026-6391

The Sentence To SEO keywords, description and tags plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the createadminpage function. This makes it possible for unauthenticated attackers...

6.1CVSS0.00174EPSS
Exploits0References9
EUVD
EUVD
added 2026/05/20 1:25 a.m.16 views

EUVD-2026-31031

The Sentence To SEO keywords, description and tags plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the createadminpage function. This makes it possible for unauthenticated attackers...

6.1CVSS5.7AI score0.00174EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:25 a.m.14 views

CVE-2026-6391

The Sentence To SEO keywords, description and tags plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the createadminpage function. This makes it possible for unauthenticated attackers...

6.1CVSS5.7AI score0.00174EPSS
Exploits0References10
CVE
CVE
added 2026/05/20 1:25 a.m.21 views

CVE-2026-6391

The WordPress plugin Sentence To SEO (keywords, description and tags)

6.1CVSS5.7AI score0.00174EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.39 views

CVE-2026-6391 Sentence To SEO (keywords, description and tags) <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Page Parameters

The Sentence To SEO keywords, description and tags plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the createadminpage function. This makes it possible for unauthenticated attackers...

6.1CVSS0.00174EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.15 views

PT-2026-42059

The Sentence To SEO keywords, description and tags plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the create admin page function. This makes it possible for unauthenticated attacke...

6.1CVSS5.7AI score0.00174EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/05/18 12:0 a.m.11 views

MantisBT 1.3.0 < 2.28.2 Move Attachments Admin Page Stored XSS (GHSA-7mqj-8gj2-cg59)

The version of MantisBT installed on the remote host is 1.3.0 or later but prior to 2.28.2. It is, therefore, affected by a vulnerability: - MantisBT has Stored XSS on Move Attachments Admin Page. CVE-2026-44655 Note that Nessus has not tested for this issue but has instead relied only on the...

8.6CVSS5.8AI score0.00298EPSS
Exploits0References2
NVD
NVD
added 2026/05/16 4:16 p.m.16 views

CVE-2021-47981

Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the sDescription parameter. Attackers can craft CSRF forms targeting the admin.php?p=sliders-form endpoint to execute...

5.4CVSS0.00178EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.17 views

PT-2026-41467

Name of the Vulnerable Software and Affected Versions Quick.CMS version 6.7 Description An issue in the sliders form allows authenticated attackers to inject malicious scripts by submitting payloads through the sDescription parameter. This can be achieved by crafting CSRF Cross-Site Request Forge...

5.4CVSS6AI score0.00178EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/15 6:36 p.m.10 views

EUVD-2026-30599

phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission that fails to terminate execution after sending a forbidden response. Attackers can access all permission-protected admin pages by requesting their URLs as authenticated...

6.5CVSS5.9AI score0.00303EPSS
Exploits0References2
NVD
NVD
added 2026/05/15 6:16 a.m.25 views

CVE-2026-24662

Cross-site scripting vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a file containing malicious contents is uploaded, an arbitrary script may be executed on a user's web browser when viewing the administration page showing the informati...

5.4CVSS0.00134EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 5:38 a.m.14 views

EUVD-2026-30504

Cross-site scripting vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a file containing malicious contents is uploaded, an arbitrary script may be executed on a user's web browser when viewing the administration page showing the informati...

5.4CVSS5.8AI score0.00134EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.14 views

PT-2026-41265

Cross-site scripting vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a file containing malicious contents is uploaded, an arbitrary script may be executed on a user's web browser when viewing the administration page showing the informati...

5.4CVSS6.1AI score0.00134EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.12 views

PT-2026-41364

phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission that fails to terminate execution after sending a forbidden response. Attackers can access all permission-protected admin pages by requesting their URLs as authenticated...

6.5CVSS5.9AI score0.00303EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/14 6:44 a.m.45 views

CVE-2026-3718 ManageWP Worker <= 4.9.31 - Unauthenticated Stored Cross-Site Scripting via 'MWP-Key-Name' Header

The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'MWP-Key-Name' HTTP request header in all versions up to, and including, 4.9.31. This is due to insufficient input sanitization and output escaping of attacker-controlled header values. This makes it...

7.2CVSS0.00264EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/14 6:44 a.m.8 views

CVE-2026-3718

The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'MWP-Key-Name' HTTP request header in all versions up to, and including, 4.9.31. This is due to insufficient input sanitization and output escaping of attacker-controlled header values. This makes it...

7.2CVSS6AI score0.00264EPSS
Exploits0References3
Rows per page
Query Builder