Lucene search
K

6596 matches found

Nuclei
Nuclei
added 5 hours ago10 views

Skitter Slideshow <= 2.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Skitter Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. id: CVE-2025-28906 info: name: Skitter Slideshow = 2.5.2 - Authenticated Administrator+ Stored Cross-Site...

5.9CVSS7.1AI score0.00492EPSS
Exploits0References3
Nuclei
Nuclei
added 5 hours ago95 views

FlatnuX CMS - Directory Traversal

A path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action. id: CVE-2012-4878 info: name: FlatnuX CMS - Directory Traversal author: daffainfo severity:...

5CVSS6.1AI score0.08761EPSS
Exploits1References5
Cvelist
Cvelist
added yesterday15 views

CVE-2026-0286 PAN-OS: Authenticated Command Injection in CLI

A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS® software enables an authenticated administrator to execute arbitrary OS commands as root. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of...

8.5CVSS
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-14342

The Mail Mint WordPress plugin (Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails) is affected up to version 1.24.2 by a time-based SQL Injection via the contact_ids parameter. The root cause is insufficient escaping of user input and lack of proper SQL query preparat...

4.9CVSS6AI score0.00266EPSS
Exploits0References5
Cvelist
Cvelist
added yesterday11 views

CVE-2026-13080 WPFunnels <= 3.12.7 - Authenticated (Administrator+) Local File Inclusion via 'logKey' Parameter

The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.12.7 via the 'logKey' parameter parameter. This makes it possible for authenticated attackers, with administrator-leve...

6.6CVSS0.0071EPSS
Exploits0References10
NVD
NVD
added 2 days ago7 views

CVE-2026-60092

AVideo Meet plugin through commit e8d6119f3cb1b849149906efeb0a41fc024f59f8 contains a stored cross-site scripting vulnerability in the Meet plugin's getMeetInfo.json.php endpoint. When a participant joins a public meeting, the raw HTTP User-Agent header is stored meetjoinlog.useragent without...

6.1CVSS0.002EPSS
Exploits0References3
CVE
CVE
added 2 days ago9 views

CVE-2026-12041

Chatra Live Chat + ChatBot + Cart Saver (WordPress) is affected up to version 1.0.12. It is vulnerable to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. Authenticated attackers with Administrator+ privileges can inject scripts executed o...

4.4CVSS6AI score0.00193EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2 days ago4 views

Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS software enables an authenticated...

8.5CVSS6.3AI score
Exploits0References2
NVD
NVD
added 3 days ago4 views

CVE-2026-55077

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the PUT /api/v2/users/user/password endpoint authorized only ActionUpdatePersonal and did not prevent a user-admin from resetting an owner account's passwor...

7.2CVSS0.00615EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago29 views

CVE-2026-58468 NocoBase 2.1.20 Server-Side Request Forgery via serverRequest wrapper

NocoBase through 2.1.20 contains a server-side request forgery vulnerability in the serverRequest wrapper that allows authenticated administrators to issue arbitrary outbound HTTP requests by supplying malicious URLs to workflow request nodes, custom request action buttons, or the AI plugin...

5.5CVSS0.002EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-58468

NocoBase through 2.1.20 contains a server-side request forgery vulnerability in the serverRequest wrapper that allows authenticated administrators to issue arbitrary outbound HTTP requests by supplying malicious URLs to workflow request nodes, custom request action buttons, or the AI plugin...

5.5CVSS6.1AI score0.002EPSS
Exploits0References5
OSV
OSV
added 3 days ago3 views

PYSEC-2026-2007 vantage6 collaboration admins can extend their influence by expanding the collaboration

Impact Collaboration administrators can add extra organizations to their collaboration. When doing that, they extend their influence: for instance, for organizations that they include, they can then create new users for which they know the passwords, and use that to read task results of other...

2.7CVSS6AI score0.00316EPSS
Exploits0References6
CVE
CVE
added 4 days ago13 views

CVE-2026-53648

FOSSBilling prior to v0.8.1 stores downloadable product files with a deterministic path md5(), so files with identical names between different products/orders map to the same stored path and can be overwritten by later uploads. This leads to customers/admins downloading the wrong file. Version 0....

5.1CVSS5.9AI score0.00264EPSS
Exploits0References1
CVE
CVE
added 4 days ago11 views

CVE-2026-33734

Summary: CVE-2026-33734 affects FOSSBilling. Versions 0.6.0–0.7.2 contain an SQL injection in the Massmailer module’s recipient filter functionality. An authenticated administrator can supply crafted filter values when updating a mass email message, causing untrusted input to be interpolated dire...

6.9CVSS6AI score0.00218EPSS
Exploits0References1
EUVD
EUVD
added last week9 views

EUVD-2026-41556

A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions FGAP v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not...

5.4CVSS5.9AI score0.00146EPSS
Exploits0References2
CVE
CVE
added 2026/07/03 1:28 a.m.17 views

CVE-2026-12920

The vulnerability affects the WordPress plugin GDPR Cookie Consent (WPLP Cookie Consent) for all versions up to and including 4.3.5. It is a generic SQL Injection via the 's' parameter caused by insufficient escaping and lack of proper SQL query preparation. Validated impact: authenticated attack...

4.9CVSS5.8AI score0.00301EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.11 views

PT-2026-55550

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in the ClientResource component of the admin services when Fine-Grained Admin Permissions FGAP v2 is enabled. This issue allows a delegated administrator with limited control...

5.4CVSS6AI score0.00146EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/02 8:33 a.m.35 views

CVE-2026-9834 WP Database Backup <= 7.11 - Authenticated (Administrator+) OS Command Injection via 'wp_db_exclude_table' Parameter

The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to OS Command Injection in all versions up to and including 7.11 via the wpdbexcludetable parameter. This is due to the direct concatenation of user-supplied $POST'wpdbexcludetable' valu...

7.2CVSS0.01588EPSS
Exploits0References8
NVD
NVD
added 2026/06/30 6:16 a.m.11 views

CVE-2026-12560

The Editorial Rating – Product Review & Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'Link URL' Field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS0.0024EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/06/30 4:30 a.m.6 views

CVE-2026-12560

The Editorial Rating – Product Review & Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'Link URL' Field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS5.9AI score0.0024EPSS
Exploits0References10
Rows per page
Query Builder