Lucene search
K

30401 matches found

Nuclei
Nuclei
added 7 hours ago127 views

OX Appsuite - Cross-Site Scripting

OX App Suite through 7.10.4 allows XSS via the app loading mechanism the PATHINFO to the /appsuite URI. id: CVE-2020-24701 info: name: OX Appsuite - Cross-Site Scripting author: DhiyaneshDk severity: medium description: | OX App Suite through 7.10.4 allows XSS via the app loading mechanism the...

6.1CVSS6.4AI score0.06788EPSS
Exploits3References5
Nuclei
Nuclei
added 7 hours ago14 views

Hippoo Mobile App for WooCommerce <= 1.7.1 - Unauthenticated Arbitrary File Read

The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to and including 1.7.1 via the templateredirect function. The plugin registers 'hippooserve' as a WordPress query variable and uses it to serve PWA files from the pwa/ directory. In...

7.5CVSS6.2AI score0.02056EPSS
Exploits0References3
Nuclei
Nuclei
added 7 hours ago11 views

Vite dev server - Cross-Site Scripting

Vite's dev server, when used with appType: 'custom' and manually invoking server.transformIndexHtml using the unmodified request URL, is vulnerable to XSS via a crafted URL payload. If the HTML being served includes an inline module script ..., an attacker can inject a script via the URL,...

6.1CVSS6.7AI score0.00997EPSS
Exploits1References2
Nuclei
Nuclei
added 7 hours ago16 views

Hippoo Mobile App for WooCommerce <= 1.9.4 - Authentication Bypass to Admin Account Takeover

Hippoo Mobile App for WooCommerce WordPress plugin = 1.9.4 contains an authentication bypass caused by logic conflation in user permission checks, letting unauthenticated attackers take over administrator accounts via REST API password reset. id: CVE-2026-10580 info: name: Hippoo Mobile App for...

9.8CVSS6.1AI score0.02841EPSS
Exploits1References2
Nuclei
Nuclei
added 7 hours ago68 views

Apache Tomcat Examples Web Application - Cross-Site Scripting

Apache Tomcat 8.5.50 to 8.5.81, 9.0.30 to 9.0.64, 10.0.0-M1 to 10.0.22, and 10.1.0-M1 to 10.1.0-M16 contain a reflected cross-site scripting caused by displaying unfiltered user data in the Form authentication example, letting attackers execute scripts in victim browsers, exploit requires attacke...

6.1CVSS6.8AI score0.06156EPSS
Exploits0References4
Nuclei
Nuclei
added 7 hours ago36 views

WordPress Stacks Mobile App Builder <=5.2.3 - Authentication Bypass

Stacks Mobile App Builder WordPress plugin ≤ 5.2.3 suffers from an authentication bypass vulnerability via improper handling of query parameters, allowing attackers to impersonate arbitrary users. id: CVE-2024-50477 info: name: WordPress Stacks Mobile App Builder =5.2.3 - Authentication Bypass...

9.8CVSS6.2AI score0.07959EPSS
Exploits3References4
Nuclei
Nuclei
added 7 hours ago47 views

WPMobile.App <= 11.56 - Open Redirect

The WPMobile.App plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 11.56. This is due to insufficient validation on the redirect URL supplied via the 'redirect' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially...

7.2CVSS7AI score0.0074EPSS
Exploits0References2
Nuclei
Nuclei
added 7 hours ago11 views

Wordpress WPMobile.App >= 11.42 - Cross-Site Scripting

WPMobile.App versions up to 11.41 contain a reflected cross-site scripting XSS caused by improper input neutralization during web page generation, letting attackers execute scripts in the victim's browser, exploit requires attacker to craft malicious input. id: CVE-2024-35694 info: name: Wordpres...

7.1CVSS6AI score0.00668EPSS
Exploits0References1
Nuclei
Nuclei
added 7 hours ago58 views

modoboa 2.0.4 - Admin TakeOver

Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4. id: CVE-2023-0777 info: name: modoboa 2.0.4 - Admin TakeOver author: r3Y3r53 severity: critical description: | Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to...

9.8CVSS7AI score0.15088EPSS
Exploits4References4
OSV
OSV
added 12 hours ago3 views

MAL-2026-10522 Malicious code in flick-test-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67f05e70375ac31032fb4fc3abf302d1c1122bf01504f810aa74d9fe59066d36 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 12 hours ago7 views

Malicious code in flick-test-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67f05e70375ac31032fb4fc3abf302d1c1122bf01504f810aa74d9fe59066d36 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
EUVD
EUVD
added 14 hours ago5 views

EUVD-2026-43563

luci-app-banip contains a log parsing vulnerability where the awk-based parser extracts the first IPv4 address from log lines regardless of field position, allowing attackers to inject arbitrary IPs via attacker-controlled fields like usernames. An unauthenticated remote attacker can inject an IP...

8.7CVSS6.2AI score
Exploits0References4
Circl
Circl
added yesterday5 views

CVE-2026-62197

creationtimestamp| type| source ---|---|--- 2026-07-13 22:46:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqkricfkio2z...

8.5CVSS6.1AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-62184

luci-app-banip contains a log parsing vulnerability where the awk-based parser extracts the first IPv4 address from log lines regardless of field position, allowing attackers to inject arbitrary IPs via attacker-controlled fields like usernames. An unauthenticated remote attacker can inject an IP...

8.7CVSS6.2AI score
Exploits0References4
CVE
CVE
added yesterday5 views

CVE-2026-62184

CVE-2026-62184 affects the OpenWrt luci-app-banip component. The issue is a log-parsing vulnerability in an awk-based parser that always extracts the first IPv4 address from a log line, regardless of its actual field position. An unauthenticated remote attacker can inject an IP address via attack...

8.7CVSS6.2AI score
Exploits0References3
Cvelist
Cvelist
added yesterday17 views

CVE-2026-62184 luci-app-banip Log Monitor IP Extraction Bypass

luci-app-banip contains a log parsing vulnerability where the awk-based parser extracts the first IPv4 address from log lines regardless of field position, allowing attackers to inject arbitrary IPs via attacker-controlled fields like usernames. An unauthenticated remote attacker can inject an IP...

8.7CVSS
Exploits0References3
The Hacker News
The Hacker News
added yesterday10 views

CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks

Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that's capable of harvesting sensitive data from compromised systems. Unlike other information stealers that are built on AppleScript droppers or Objective-C-based wrappers, CrashStealer is implemented in...

6.2AI score
Exploits0
OSV
OSV
added yesterday3 views

MAL-2026-10447 Malicious code in remarkable-table (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 464cab930bcf948abf49517f78a3ee1abb8b89c8f9c90f199bd3446c902d8e1e The package's preinstall script runs index.d.js, which reconstructs the identifier 'eval' from a character-code array 101,118,97,108 and base64-decod...

6.2AI score
Exploits0References2
Circl
Circl
added yesterday4 views

CVE-2026-57380

creationtimestamp| type| source ---|---|--- 2026-07-13 10:51:07+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjjj2oxcw2a 2026-07-13 18:59:36+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqkesk5dve2i...

7.1CVSS6.1AI score0.00251EPSS
Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-22093

The EVbee Service Android app uses TLS encrypted communication HTTPS, but does not validate the certificate provided by the server. This allows an attacker on the network path between the app and EVbee server to intercept and manipulate the communication between the app and server. The traffic is...

9.5CVSS0.00203EPSS
Exploits0References1
Rows per page
Query Builder