Lucene search
K

3723 matches found

Nuclei
Nuclei
added yesterday80 views

AVM FRITZ!Box 7530 AX - Unauthorized Access

An access control issue in the component /juisboxinfo.xml of AVM FRITZ!Box 7530 AX v7.59 allows attackers to obtain sensitive information without authentication. id: CVE-2024-54767 info: name: AVM FRITZ!Box 7530 AX - Unauthorized Access author: DhiyaneshDK severity: high description: | An access...

7.5CVSS6AI score0.01787EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday79 views

Wordpress Multiple Themes - Reflected Cross-Site Scripting

All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2,...

6.1CVSS6.7AI score0.00972EPSS
Exploits2References3
CVE
CVE
added yesterday8 views

CVE-2026-11390

Vulnerability summary (CVE-2026-11390): News Kit Addons For Elementor (WordPress) versions up to 1.4.6 are affected by a stored cross-site scripting (XSS) flaw in the Site Logo Title and Single Author Box widgets. The root cause is insufficient input sanitization and output escaping. Exploitation...

6.4CVSS6.2AI score0.00252EPSS
Exploits0References9
EUVD
EUVD
added yesterday5 views

EUVD-2026-43611

The News Kit Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Site Logo Title and Single Author Box Widgets in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6.2AI score0.00252EPSS
Exploits0References9
Cvelist
Cvelist
added yesterday12 views

CVE-2026-11390 News Kit Addons For Elementor <= 1.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Logo Title and Single Author Box Widgets

The News Kit Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Site Logo Title and Single Author Box Widgets in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00252EPSS
Exploits0References9
NVD
NVD
added 2 days ago3 views

CVE-2026-57420

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Netrr Author Box WP Lens author-box-for-divi allows Stored XSS.This issue affects Author Box WP Lens: from n/a through = 2.1.5...

6.5CVSS0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-57420 WordPress Author Box WP Lens plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Netrr Author Box WP Lens author-box-for-divi allows Stored XSS.This issue affects Author Box WP Lens: from n/a through = 2.1.5...

6.5CVSS0.00161EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-57420

CVE-2026-57420 concerns a Stored XSS in the WordPress plugin Author Box WP Lens (component: author-box-for-divi). The vulnerability arises from improper neutralization of input during web page generation, enabling stored cross-site scripting. Affected range is WordPress users running versions

6.5CVSS6.1AI score0.00161EPSS
Exploits0References1
NVD
NVD
added 5 days ago8 views

CVE-2026-13710

The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget's 'sgbodydescription' parameter in versions up to, and including, 3.2.6. This is due to insufficient input...

6.4CVSS0.00206EPSS
Exploits0References8
CVE
CVE
added 5 days ago10 views

CVE-2026-13710

The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress is affected by a Stored Cross-Site Scripting vulnerability in the Image Box widget’s sg_body_description parameter, affecting versions up to 3.2.6. The issue stems from insufficient input sanitization and...

6.4CVSS6.2AI score0.00206EPSS
Exploits0References8
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-42861

The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget's 'sgbodydescription' parameter in versions up to, and including, 3.2.6. This is due to insufficient input...

6.4CVSS6.2AI score0.00206EPSS
Exploits0References8
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-13710 Jeg Kit for Elementor <= 3.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sg_body_description' Parameter via 'jkit_image_box' Shortcode/Widget

The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget's 'sgbodydescription' parameter in versions up to, and including, 3.2.6. This is due to insufficient input...

6.4CVSS0.00206EPSS
Exploits0References8
NVD
NVD
added 6 days ago6 views

CVE-2025-45422

Incorrect access control in Proximus b-box v8c.725A allows authenticated attackers to bypass normal restrictions and make arbitrary changes to port forwarding rules...

8.1CVSS0.00448EPSS
Exploits0References4
NVD
NVD
added 6 days ago10 views

CVE-2026-58378

Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root level privileges if the victim allows access...

8.8CVSS0.00242EPSS
Exploits0References2
CVE
CVE
added 6 days ago14 views

CVE-2026-58378

CVE-2026-58378 affects the Allwinner H616 TV Box TV98 where ADB is enabled and exposed on production to the network. The vulnerability can allow an attacker to request ADB authorization and obtain root privileges if the user authorizes access. Public metrics show a high severity (CVSS v3.1/4.0 ba...

8.8CVSS6AI score0.00242EPSS
Exploits0References2
CVE
CVE
added 6 days ago7 views

CVE-2025-45422

The CVE-2025-45422 entry concerns Proximus b-box v8c.725A and describes an Incorrect access control vulnerability. According to the sources, authenticated attackers can bypass normal restrictions and make arbitrary changes to port forwarding rules. The NVD metrics indicate a CVSS 3.1 base score o...

8.1CVSS6AI score0.00448EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago29 views

CVE-2025-45422

Incorrect access control in Proximus b-box v8c.725A allows authenticated attackers to bypass normal restrictions and make arbitrary changes to port forwarding rules...

0.00448EPSS
Exploits0References4
Patchstack
Patchstack
added last week5 views

WordPress Author Box WP Lens plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by ParkHyunWoo in WordPress Plugin Author Box WP Lens versions = 2.1.5...

6.5CVSS6.1AI score0.00161EPSS
Exploits0Affected Software1
NVD
NVD
added last week7 views

CVE-2026-57256

When the application opens a PDF and executes JavaScript, it performs abnormal operations on the list box field, and this operation is repeated after the form is reset. During this process, the application failed to adequately verify the validity of the form objects and their internal dictionary...

7.8CVSS0.00118EPSS
Exploits0References2
CVE
CVE
added last week14 views

CVE-2026-57256

CVE-2026-57256 concerns Foxit Editor/Reader. When opening a PDF with JavaScript, the app performs abnormal operations on a list box form field, and repeats this after the form is reset. The issue stems from inadequate verification of the form objects and their internal dictionary pointers, allowi...

7.8CVSS6AI score0.00118EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder