Lucene search
K

54061 matches found

RedhatCVE
RedhatCVE
added 11 hours ago7 views

CVE-2026-38969

A flaw was found in WEBrick, a Ruby web server toolkit. This vulnerability allows a remote attacker to perform request smuggling by manipulating the Content-Length header in HTTP/1.1 requests. WEBrick incorrectly re-parses the trailer Content-Length, leading to a desynchronization between the pro...

6.5CVSS5.9AI score
Exploits0References6
CVE
CVE
added 14 hours ago8 views

CVE-2026-11900

The CVE-2026-11900 entry concerns the WordPress plugin Ad Inserter – Ad Manager & AdSense Ads up to version 2.8.16. It is vulnerable to an Insecure Direct Object Reference via the shortcodes’ data attribute. The replace_ai_tags() function processes a {reusable-block-N} pattern by calling get_post...

4.3CVSS6AI score
Exploits0References10
EUVD
EUVD
added 14 hours ago5 views

EUVD-2026-41520

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 2.8.16 via the 'data' attribute of the adinserter shortcode. This is due to the replaceaitags function processing a reusable-block-N tag pattern that...

4.3CVSS6AI score
Exploits0References10
CVE
CVE
added 18 hours ago9 views

CVE-2026-9626

The CVE-2026-9626 entry concerns the WordPress JSON API User plugin (

6.4CVSS5.9AI score
Exploits0References6
Nuclei
Nuclei
added 19 hours ago17 views

Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored)

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting XSS vulnerability via the Page content. id: CVE-2022-42095 info: name: Backdrop CMS version 1.23.0 - Cross Site Scripting Stored author: theamanrawat severity: medium description: | Backdrop CMS version 1.23.0 was...

4.8CVSS5.8AI score0.01947EPSS
Exploits1References4
Nuclei
Nuclei
added 19 hours ago21 views

u5cms v8.3.5 - Open Redirect

u5cms version 8.3.5 contains a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php. id: CVE-2022-32444 info: name: u5cms v8.3.5 - Open Redirect author: 0xAkoko severity: medium description: | u5cms version 8.3.5 contains a URL...

6.1CVSS6.2AI score0.02246EPSS
Exploits1References4
Nuclei
Nuclei
added 19 hours ago41 views

QCube Cross-Site-Scripting

A reflected cross-site scripting vulnerability in qcubed all versions including 3.1.1 in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users. id: CVE-2020-24912 info: name: QCube Cross-Site-Scripting author: pikpikcu severity: medium...

6.1CVSS6.8AI score0.06289EPSS
Exploits3References5
Nuclei
Nuclei
added 19 hours ago26 views

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS6AI score0.01331EPSS
Exploits1References2
Nuclei
Nuclei
added 19 hours ago15 views

Frontend File Manager < 21.3 - Unauthenticated File Renaming

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server id:...

5.3CVSS6.3AI score0.06199EPSS
Exploits2References2
Nuclei
Nuclei
added 19 hours ago18 views

Zimbra Collaboration Suite - Cross-site Scripting

Cross-site scripting XSS vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite ZCS before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment. id:...

6.1CVSS7.1AI score0.23717EPSS
Exploits2References2
Nuclei
Nuclei
added 19 hours ago10 views

WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated HTML Content Injection

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection. id: CVE-2019-17233 info: name: WordPress Ultimate FAQs = 1.8.24 – Unauthenticated HTML Content Injection author: daffainfo severity: medium description: | Functions/EWDUFAQImport.ph...

6.1CVSS7AI score0.01843EPSS
Exploits1References2
Nuclei
Nuclei
added 19 hours ago15 views

LearnPress < 4.3.0 - Arbitrary Callback Execution to Information Exposure

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 4.2.9.4. This is due to missing capability checks in the REST endpoint /wp-json/lp/v1/loadcontentviaajax which allows arbitrary callback execution of...

5.3CVSS6.2AI score0.00914EPSS
Exploits0References1
Nuclei
Nuclei
added 19 hours ago8 views

SlideDeck 1 Lite Content Slider - Cross-Site Scripting

SlideDeck 1 Lite Content Slider WordPress plugin = 1.4.8 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13224 inf...

6.1CVSS7.1AI score0.00577EPSS
Exploits1References1
Nuclei
Nuclei
added 19 hours ago12 views

Premium Addons for Elementor - Unauthenticated Information Disclosure

Premium Addons for Elementor plugin for WordPress version 4.11.53 and below contains an unauthenticated information disclosure vulnerability.The vulnerability exists due to a missing authorization check in the gettemplatecontent AJAX handler, allowing unauthenticated attackers to retrieve private...

5.3CVSS5.9AI score0.00715EPSS
Exploits0References4
Nuclei
Nuclei
added 19 hours ago13 views

LolLMS < 2.2.0 - Server-Side Request Forgery

A Server-Side Request Forgery SSRF vulnerability exists in parisneo/lollms versions prior to 2.2.0. The /api/files/export-content endpoint processes Markdown image URLs by downloading them via downloadimagetotemp in backend/routers/files.py without any validation, allowing an unauthenticated...

7.5CVSS7.5AI score0.01765EPSS
Exploits1References3
Nuclei
Nuclei
added 19 hours ago9 views

Simple Certain Time to Show Content - Cross-Site Scripting

Simple Certain Time to Show Content WordPress plugin 1.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute arbitrary scripts in the context of high privilege users such as admin, explo...

7.1CVSS7.2AI score0.00605EPSS
Exploits1References2
Nuclei
Nuclei
added 19 hours ago69 views

PrestaHome Blog for PrestaShop <1.7.8 - SQL Injection

PrestaHome Blog for PrestaShop prior to version 1.7.8 is vulnerable to a SQL injection blind via the sbcategory parameter. id: CVE-2021-36748 info: name: PrestaHome Blog for PrestaShop 1.7.8 - SQL Injection author: whoever severity: high description: PrestaHome Blog for PrestaShop prior to versio...

7.5CVSS7.1AI score0.15415EPSS
Exploits2References5
Nuclei
Nuclei
added 19 hours ago16 views

Custom Product Tabs for WooCommerce < 1.7.8 - Unauthenticated Toggle Content Setting Update

YIKES Inc. Custom Product Tabs for WooCommerce plugin \u003C= 1.7.7 contains a broken access control caused by improper permission checks in &yikes-the-content-toggle option update, letting attackers modify content without authorization. id: CVE-2022-28666 info: name: Custom Product Tabs for...

5.3CVSS6.1AI score0.01226EPSS
Exploits1References1
Nuclei
Nuclei
added 19 hours ago53 views

Oracle Content Server - Cross-Site Scripting

Oracle Content Server version 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2.0 are susceptible to cross-site scripting. The vulnerability can be used to include HTML or JavaScript code in the affected web page. The code is executed in the browser of users if they visit the manipulated site. id: CVE-2017-100...

8.2CVSS6.6AI score0.17558EPSS
Exploits1References5
Nuclei
Nuclei
added 19 hours ago36 views

Cellinx NVT Web Server - Local File Disclosure

Cellinx NVT v1.0.6.002b was discovered to contain a local file disclosure vulnerability via the component /cgi-bin/GetFileContent.cgi. id: CVE-2023-23063 info: name: Cellinx NVT Web Server - Local File Disclosure author: daffainfo severity: high description: | Cellinx NVT v1.0.6.002b was discover...

7.5CVSS7AI score0.02431EPSS
Exploits1References2
Rows per page
Query Builder