Lucene search
K

2429 matches found

Nuclei
Nuclei
added yesterday103 views

Netgear-WN604 downloadFile.php - Information Disclosure

There is an information leakage vulnerability in the downloadFile.php interface of Netgear WN604. A remote attacker using file authentication can use this vulnerability to obtain the administrator account and password information of the wireless router, causing the router's background to be...

6.9CVSS6.2AI score0.45681EPSS
Exploits0References5
CVE
CVE
added 3 days ago8 views

CVE-2026-7620

CVE-2026-7620 affects the WordPress plugin Notification for Telegram (versions up to 3.5.1). The issue is an authorization bypass that allows authenticated attackers with subscriber-level access and above to create, modify, or reschedule the nftb_cron_hook WordPress cron event, enabling unauthori...

4.3CVSS6AI score0.00272EPSS
Exploits0References11
NVD
NVD
added 4 days ago8 views

CVE-2026-15292

The Sudoku Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'background' parameter in the 'sudoku-sc' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00243EPSS
Exploits0References5
CVE
CVE
added 4 days ago10 views

CVE-2026-15292

The Sudoku Shortcode plugin for WordPress is affected by CVE-2026-15292: Stored Cross-Site Scripting via the background parameter in the sudoku-sc shortcode, in all versions up to and including 1.0.0. Exploitation requires authenticated access at Contributor level or higher, enabling an attacker ...

6.4CVSS6.1AI score0.00243EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42801

The Sudoku Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'background' parameter in the 'sudoku-sc' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6.1AI score0.00243EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-15292 Sudoku Shortcode <= 1.0.0 - Authenticated (Contributor+) Cross-Site Scripting via 'background' Shortcode Attribute

The Sudoku Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'background' parameter in the 'sudoku-sc' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00243EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago7 views

Malicious code in chai-defender (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14f276305fd5e43b60bbfd1048d8792ef7f72734c28cfe533d368c0fc199a0fe On require'chai-defender', index.js invokes launchDeflectBootstrap which spawns a detached background node process running lib/caller.js. That proces...

6.5AI score
Exploits0References7
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42559

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'neweventtypebackgroundcolor' parameter in all versions up to, and including, 4.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible...

7.2CVSS6.1AI score0.00247EPSS
Exploits0References8
CVE
CVE
added 5 days ago12 views

CVE-2026-13441

EventPrime – Events Calendar, Bookings and Tickets for WordPress is affected by a stored cross-site scripting (Stored XSS) in the new_event_type_background_color parameter, present in all versions up to and including 4.3.4.2. The vulnerability arises from insufficient input sanitization and outpu...

7.2CVSS6.1AI score0.00247EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago17 views

Malicious code in tslint-conf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31b464b1646f8e2d36ce68a86af599cc49d5381f08af70302ff01f42957234a1 The package presents itself as the pino logger README, index.d.ts, docs/, and lib/ files all reference pinojs/pino but is published under the unrelat...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/07/06 5:29 p.m.7 views

GHSA-JHHC-3HCP-QHM5 WeasyPrint has CSS Injection via Presentational Hints

Summary A CSS injection issue exists in WeasyPrint when HTML presentational hints are enabled. Unescaped attribute values are embedded into CSS, allowing injection of arbitrary CSS declarations. This affects applications processing untrusted HTML input. Details File: weasyprint/css/init.py The...

6.5CVSS6AI score
Exploits0References2
NVD
NVD
added 2026/07/03 8:16 a.m.6 views

CVE-2026-8351

The RTMKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Heading widget's 'Background Text' parameter in versions up to, and including, 2.0.7 This is due to insufficient output escaping on the 'backgroundtextheading' setting in the render function, which...

6.4CVSS0.00245EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/07/03 6:50 a.m.40 views

CVE-2026-8351 RTMKit <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Heading Widget 'Background Text' Parameter

The RTMKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Heading widget's 'Background Text' parameter in versions up to, and including, 2.0.7 This is due to insufficient output escaping on the 'backgroundtextheading' setting in the render function, which...

6.4CVSS0.00245EPSS
Exploits0References9
CVE
CVE
added 2026/07/03 6:50 a.m.15 views

CVE-2026-8351

CVE-2026-8351 concerns the RTMKit plugin for WordPress, vulnerable up to version 2.0.7. The flaw is a Stored Cross-Site Scripting in the Advanced Heading widget via the 'Background Text' parameter. The render() function concatenates the value directly into an HTML attribute without applying esc_a...

6.4CVSS6.1AI score0.00245EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/07/03 6:50 a.m.8 views

CVE-2026-8351

The RTMKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Heading widget's 'Background Text' parameter in versions up to, and including, 2.0.7 This is due to insufficient output escaping on the 'backgroundtextheading' setting in the render function, which...

6.4CVSS6.1AI score0.00245EPSS
Exploits0References10
EUVD
EUVD
added 2026/07/03 6:50 a.m.6 views

EUVD-2026-41512

The RTMKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Heading widget's 'Background Text' parameter in versions up to, and including, 2.0.7 This is due to insufficient output escaping on the 'backgroundtextheading' setting in the render function, which...

6.4CVSS6.1AI score0.00245EPSS
Exploits0References9
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-452 pgAdmin 4 server mode has an authorization vulnerability affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

9.9CVSS6.1AI score0.00455EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/06/27 1:54 a.m.7 views

SUSE CVE-2026-53040

In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate bgbits during freefrag scan BUG A crafted filesystem can trigger an out-of-bounds bitmap walk when OCFS2IOCINFO is issued with OCFS2INFOFLNONCOHERENT. BUG: KASAN: use-after-free in instrumentatomicread...

6.2CVSS5.8AI score0.00122EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/24 6:32 p.m.5 views

EUVD-2026-38908

In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate bgbits during freefrag scan BUG A crafted filesystem can trigger an out-of-bounds bitmap walk when OCFS2IOCINFO is issued with OCFS2INFOFLNONCOHERENT. BUG: KASAN: use-after-free in instrumentatomicread...

5.7AI score0.00122EPSS
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 4:13 a.m.8 views

Malicious code in hardhat-test-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 741350b4472a82c53151793b413166a5fad36af3d2d14fa1d12afba9eccb9fed Package impersonates the well-known eth-gas-reporter / hardhat-gas-reporter packages: README is titled 'eth-test-log', copies badges and contributor...

6.4AI score
Exploits0References4
Rows per page
Query Builder