Lucene search
K

12763 matches found

OSV
OSV
added 2026/06/08 12:51 p.m.9 views

GHSA-HW9R-6M78-W6H3 GeoNode contains a server-side request forgery vulnerability in the service registration endpoint

GeoNode versions 4.4.5 and 5.0.2 and prior within their respective releases contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attackers to trigger outbound network requests to arbitrary URLs by submitting a crafted service URL durin...

6.3CVSS5.6AI score0.00172EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/08 12:51 p.m.13 views

GeoNode contains a server-side request forgery vulnerability in the service registration endpoint

GeoNode versions 4.4.5 and 5.0.2 and prior within their respective releases contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attackers to trigger outbound network requests to arbitrary URLs by submitting a crafted service URL durin...

6.3CVSS5.6AI score0.00172EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/06/08 2:16 a.m.13 views

CVE-2021-47982

WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the preset parameter. Attackers can submit POST requests to the plugin settings page with script payloads in the preset parameter...

6.4CVSS0.00187EPSS
Exploits0References3
NVD
NVD
added 2026/06/08 2:16 a.m.12 views

CVE-2021-47984

WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin settings form at...

6.4CVSS0.00187EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/08 1:55 a.m.49 views

CVE-2021-47984 WordPress Plugin WP24 Domain Check 1.6.2 Stored XSS

WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin settings form at...

6.4CVSS0.00187EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/08 1:55 a.m.11 views

EUVD-2021-34850

WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin settings form at...

6.4CVSS5.3AI score0.00187EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/08 1:55 a.m.9 views

CVE-2021-47984

WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin settings form at...

6.4CVSS5.3AI score0.00187EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/08 1:55 a.m.12 views

EUVD-2021-34849

WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the AcceptStripePayments-settingscurrencycode parameter. Attackers can submit POST requests to /wp-admin/options.php with script...

6.4CVSS5.6AI score0.00187EPSS
Exploits0References3
CVE
CVE
added 2026/06/08 1:55 a.m.23 views

CVE-2021-47982

Summary: CVE-2021-47982 affects WordPress plugin WP-Paginate 2.1.3 with a stored XSS via the preset parameter. Authenticated attackers can submit payloads in the preset field through the plugin settings page; payloads are stored and later executed when administrators view the settings. The record...

6.4CVSS5.2AI score0.00187EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/08 1:55 a.m.48 views

CVE-2021-47982 WordPress Plugin WP-Paginate 2.1.3 Stored XSS via preset

WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the preset parameter. Attackers can submit POST requests to the plugin settings page with script payloads in the preset parameter...

6.4CVSS0.00187EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/08 1:55 a.m.13 views

EUVD-2021-34848

WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the preset parameter. Attackers can submit POST requests to the plugin settings page with script payloads in the preset parameter...

6.4CVSS5.2AI score0.00187EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/08 1:55 a.m.9 views

CVE-2021-47982

WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the preset parameter. Attackers can submit POST requests to the plugin settings page with script payloads in the preset parameter...

6.4CVSS5.2AI score0.00187EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.14 views

PT-2026-47230

WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin settings form at...

6.4CVSS5.3AI score0.00187EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.12 views

OpenVPN 安全漏洞

OpenVPN is a software package developed by OpenVPN Inc. in the United States, used to create encrypted VPN tunnels. It utilizes the OpenSSL library to encrypt data and control information, and allows the created VPNs to use public keys, electronic certificates, or username/password for...

6.9CVSS5.3AI score0.00317EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.10 views

WordPress plugin WP-Paginate 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.1AI score0.00187EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.10 views

WordPress plugin Recipe Card Blocks Lite 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.3AI score0.00206EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.10 views

OpenBullet2 路径遍历漏洞

OpenBullet2 is a cross-platform automated testing and data scraping tool developed by the OpenBullet team. Versions of OpenBullet2 prior to 0.3.2 contained a path traversal vulnerability. This vulnerability originated from the wordlist endpoint’s path traversal flaw, which could allow authenticat...

8.8CVSS6.7AI score0.00566EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/06 2:28 a.m.10 views

CVE-2026-2500

The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the qckplydata function passing the user-supplied filename POST parameter directly to filegetcontents without any validation, sanitization, or path restriction. Th...

4.4CVSS5.4AI score0.00315EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/06 12:31 a.m.10 views

EUVD-2026-34922

The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of unserialize without an allowedclasses restriction in the IdsToCollection::getidsfromstring function, which processes...

8.8CVSS6.6AI score0.00652EPSS
Exploits1References11
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.11 views

WordPress plugin LearnPress – Backup & Migration Tool 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.9CVSS5.4AI score0.00646EPSS
Exploits0References9
Rows per page
Query Builder