Lucene search
K

4967 matches found

Nuclei
Nuclei
added 8 hours ago59 views

All-in-One WP Migration < 7.87 - Unauthenticated Information Disclosure

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to unauthenticated information disclosure due to its error.log file being publicly accessible in versions before 7.87. id: CVE-2024-8852 info: name: All-in-One WP Migration 7.87 - Unauthenticated Information Disclosure...

5.3CVSS6.1AI score0.01175EPSS
Exploits0References2
Nuclei
Nuclei
added 8 hours ago139 views

WordPress Select All Categories and Taxonomies <1.3.2 - Cross-Site Scripting

WordPress Select All Categories and Taxonomies plugin before 1.3.2 contains a cross-site scripting vulnerability. The settings page of the plugin does not properly sanitize the tab parameter before outputting it back. An attacker can inject arbitrary script in the browser of an unsuspecting user ...

6.1CVSS6.5AI score0.10358EPSS
Exploits5References5
Nuclei
Nuclei
added 8 hours ago62 views

Show all comments < 7.0.1 - Cross-Site Scripting

The Show All Comments WordPress plugin before 7.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin. id: CVE-2022-4295 info: name: Show all commen...

6.1CVSS6.4AI score0.00897EPSS
Exploits2References3
Nuclei
Nuclei
added 8 hours ago99 views

WordPress All-in-One WP Migration <=7.62 - Cross-Site Scripting

WordPress All-in-One WP Migration plugin 7.62 and prior contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials a...

4.7CVSS6.1AI score0.01204EPSS
Exploits3References5
CVE
CVE
added yesterday17 views

CVE-2026-46637

CVE-2026-46637 concerns Twig (PHP template engine). Before 3.26.0, the filters in twig/markdown-extra (html_to_markdown, markdown_to_html) and twig/cssinliner-extra (inline_css) were registered with is_safe =&gt; [all], causing their output to be treated as safe in contexts where escaping is requ...

5.1CVSS6.1AI score0.0006EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday36 views

All-In-One Video Gallery <=2.6.0 - Server-Side Request Forgery

WordPress All-in-One Video Gallery plugin through 2.6.0 is susceptible to arbitrary file download and server-side request forgery SSRF via the 'dl' parameter found in the /public/video.php file. An attacker can download sensitive files hosted on the affected server and forge requests to the serve...

8.2CVSS7AI score0.25869EPSS
Exploits0References5
NVD
NVD
added 4 days ago6 views

CVE-2026-61426

PraisonAI before 1.7.3 contains an insecure default configuration that binds to all interfaces with no API key requirement and wildcard CORS. Unauthenticated attackers can call GET /api/agents to read agent instructions and system prompts, or POST /api/chat to invoke agents without authentication...

8.8CVSS0.00322EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-61426 PraisonAI before 1.7.3 Unauthenticated Agent Access via Insecure Defaults

PraisonAI before 1.7.3 contains an insecure default configuration that binds to all interfaces with no API key requirement and wildcard CORS. Unauthenticated attackers can call GET /api/agents to read agent instructions and system prompts, or POST /api/chat to invoke agents without authentication...

8.8CVSS0.00322EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-43176

PraisonAI before 1.7.3 contains an insecure default configuration that binds to all interfaces with no API key requirement and wildcard CORS. Unauthenticated attackers can call GET /api/agents to read agent instructions and system prompts, or POST /api/chat to invoke agents without authentication...

8.8CVSS6.1AI score0.00322EPSS
Exploits0References2
NVD
NVD
added 4 days ago6 views

CVE-2026-10865

The Cost Calculator Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.11 via the template body. This makes it possible for unauthenticated attackers to extract the plaintext Stripe secret key, Razorpay secret key, and PayPal...

5.3CVSS0.0037EPSS
Exploits0References10
EUVD
EUVD
added 4 days ago10 views

EUVD-2026-43152

The Cost Calculator Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.11 via the template body. This makes it possible for unauthenticated attackers to extract the plaintext Stripe secret key, Razorpay secret key, and PayPal...

5.3CVSS6.1AI score0.0037EPSS
Exploits0References10
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-43090

vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions:...

6.1AI score0.00392EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43091

vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions:...

6.1AI score0.00192EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43089

vulnerability in Drupal Raw Formatter Meta Tag Formatter allows . This issue affects Raw Formatter Meta Tag Formatter versions:...

6.1AI score0.00414EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43093

vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions:...

6.1AI score0.0032EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-15087

vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions:...

5.9CVSS0.00392EPSS
Exploits0References1
NVD
NVD
added 5 days ago5 views

CVE-2026-11915

vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions:...

5.9CVSS0.00192EPSS
Exploits0References1
CVE
CVE
added 5 days ago14 views

CVE-2026-11915

The CVE-2026-11915 entry concerns Drupal Brute force attack protection where a vulnerability exists in the Brute force attack protection module affecting versions . . The NVD/NVDC and related records describe the issue as a vulnerability in the Drupal brute-force protection mechanism with impact ...

5.9CVSS6.1AI score0.00192EPSS
Exploits0References1
Metasploit
Metasploit
added 5 days ago23 views

FTP Fetch, Windows Command Shell, Reverse All-Port TCP Stager

Fetch and execute an x86 payload from an FTP server. Spawn a piped command shell staged. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options msf use payload/cmd/windows/ftp/x86/shell/reversetcpallports msf payloadreversetcpallports show actions ...actions...

6.2AI score
Exploits0
Metasploit
Metasploit
added 5 days ago21 views

FTP Fetch, Reverse All-Port TCP Stager

Fetch and execute an x86 payload from an FTP server. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options msf use payload/cmd/windows/ftp/x86/patchupdllinject/reversetcpallports msf payloadreversetcpallports show actions ...actions... msf...

6.2AI score
Exploits0
Rows per page
Query Builder