Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

18115 matches found

Nuclei
Nucleiadded 16 hours ago30 views

ZEROF Web Server 2.0 - Cross-Site Scripting

ZEROF Web Server 2.0 allows /admin.back cross-site scripting. id: CVE-2022-25323 info: name: ZEROF Web Server 2.0 - Cross-Site Scripting author: pikpikcu severity: medium description: ZEROF Web Server 2.0 allows /admin.back cross-site scripting. impact: | Successful exploitation of this...

6.1CVSS5.8AI score0.03245EPSS
Exploits2References5
Nuclei
Nucleiadded 16 hours ago29 views

Jenkins build-metrics 1.3 - Cross-Site Scripting

Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides. id: CVE-2019-10475 info: name: Jenkins build-metrics 1.3 - Cross-Site Scripting author: madrobot severity...

6.1CVSS6.4AI score0.57735EPSS
Exploits5References5
Nuclei
Nucleiadded 16 hours ago26 views

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS5.9AI score0.01331EPSS
Exploits1References2
Nuclei
Nucleiadded 16 hours ago28 views

WordPress W3 Total Cache <2.1.4 - Cross-Site Scripting

WordPress W3 Total Cache plugin before 2.1.4 is susceptible to cross-site scripting within the extension parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This can allow an attacker to convince an authenticated admin into clicking a link to run...

6.1CVSS6.1AI score0.01905EPSS
Exploits2References5
Nuclei
Nucleiadded 16 hours ago36 views

WordPress Easy Forms for Mailchimp Plugin < 6.8.9 - Cross-Site Scripting

The Easy Forms for Mailchimp plugin before version 6.8.9 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the sqlerror parameter before outputting it back in the page when the debug option is enabled, which could allow attackers to execute...

6.1CVSS6.6AI score0.01092EPSS
Exploits2References2
Circl
Circladded 21 hours ago8 views

CVE-2026-48746

creationtimestamp| type| source ---|---|--- 2026-06-23 00:20:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mow4wr4po422 2026-06-23 02:39:02+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3moweoh5uiy2r...

9.1CVSS5.8AI score0.00075EPSS
Exploits0References2
Circl
Circladded yesterday5 views

CVE-2026-7167

creationtimestamp| type| source ---|---|--- 2026-06-22 16:12:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3movbo42pdw22...

6.9CVSS5.8AI score
Exploits0References1
Nuclei
Nucleiadded yesterday61 views

WordPress Order Listener for WooCommerce <3.2.2 - SQL Injection

WordPress Order Listener for WooCommerce plugin before 3.2.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute...

9.8CVSS7.4AI score0.09792EPSS
Exploits2References5
Nuclei
Nucleiadded yesterday23 views

Schools Alert Management Script - Arbitrary File Read

Schools Alert Management Script is susceptible to an arbitrary file read vulnerability via the f parameter in img.php, aka absolute path traversal. id: CVE-2018-12054 info: name: Schools Alert Management Script - Arbitrary File Read author: wisnupramoedya severity: high description: Schools Alert...

7.5CVSS7.2AI score0.39391EPSS
Exploits4References5
Circl
Circladded 4 days ago6 views

CVE-2019-25752

creationtimestamp| type| source ---|---|--- 2026-06-19 19:39:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moo3tltjt42z...

8.8CVSS5.8AI score
Exploits0References1
NVD
NVDadded 4 days ago9 views

CVE-2017-20260

Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can send requests to the subscribeajax view with crafted SQL payloads in the...

8.8CVSS
Exploits0References4
EUVD
EUVDadded 4 days ago3 views

EUVD-2017-18987

Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can send requests to the subscribeajax view with crafted SQL payloads in the...

8.8CVSS6.2AI score
Exploits0References4
CVE
CVEadded 4 days ago13 views

CVE-2017-20260

Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product_id parameter in the subscribeajax view. Attackers can craft SQL payloads to extract sensitive database...

8.8CVSS6.2AI score
Exploits0References4
Cvelist
Cvelistadded 4 days ago35 views

CVE-2017-20260 Joomla! Component Price Alert 3.0.2 SQL Injection

Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can send requests to the subscribeajax view with crafted SQL payloads in the...

8.8CVSS
Exploits0References4
Circl
Circladded 4 days ago7 views

CVE-2022-50971

creationtimestamp| type| source ---|---|--- 2026-06-19 15:41:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3monojsvcmw2k...

8.5CVSS5.8AI score
Exploits0References1
Circl
Circladded 4 days ago7 views

CVE-2016-20093

creationtimestamp| type| source ---|---|--- 2026-06-19 15:23:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3monnjjbmqj2k...

8.5CVSS5.8AI score
Exploits0References1
Circl
Circladded 4 days ago6 views

CVE-2026-50195

creationtimestamp| type| source ---|---|--- 2026-06-19 01:31:49+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mom72udh7u25 2026-06-19 09:11:46+00:00| seen| https://bsky.app/profile/canartuc.com/post/3momyrcpuo42y 2026-06-19 10:03:46+00:00| seen|...

5.8AI score
Exploits0References4
Circl
Circladded 4 days ago9 views

CVE-2026-49454

creationtimestamp| type| source ---|---|--- 2026-06-19 01:30:28+00:00| seen| https://infosec.exchange/users/offseq/statuses/116774182978943000 2026-06-19 01:30:29+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mom6ygyknu2x...

9.1CVSS5AI score
Exploits0References2
Circl
Circladded 5 days ago7 views

CVE-2026-54223

creationtimestamp| type| source ---|---|--- 2026-06-18 05:55:00+00:00| seen| https://cert.pl/en/posts/2026/06/CVE-2026-54219 2026-06-18 16:08:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mol7lg5tfb27...

8.6CVSS4.9AI score0.00628EPSS
Exploits0References2
EUVD
EUVDadded 6 days ago7 views

EUVD-2026-37584

Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

6.5CVSS5.4AI score0.00584EPSS
Exploits0References3
Rows per page
Query Builder