Lucene search
K

3844 matches found

Nuclei
Nuclei
added yesterday107 views

MooSocial 3.1.8 - Cross-Site Scripting

A reflected cross-site scripting XSS vulnerability exisits in the dataredirecturl parameter on user login function of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL. id: CVE-2023-43325 info: name: MooSocial 3.1.8 - Cross-Sit...

6.1CVSS6.4AI score0.01857EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday16 views

iBuildApp <= 0.2.0 - Reflected Cross-Site Scripting

iBuildApp WordPress plugin through 0.2.0 contains a reflected cross-site scripting caused by unsanitized parameter output in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13326 info:...

6.1CVSS7AI score0.00567EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday20 views

WP Dream Carousel < 1.0.1b - Cross-Site Scripting

WP Dream Carousel WordPress plugin 1.0.1b contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute arbitrary scripts in the context of high privilege users, exploit requires victim to load a...

6.1CVSS7.2AI score0.00567EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday99 views

Calibre <= 7.15.0 - Reflected Cross-Site Scripting (XSS)

It is possible to inject arbitrary JavaScript code into the /browse endpoint of the Calibre content server, allowing an attacker to craft a URL that when clicked by a victim, will execute the attacker’s JavaScript code in the context of the victim’s browser. If the Calibre server is running with...

6.1CVSS6.3AI score0.2406EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday40 views

Widget4Call WordPress - Cross-Site Scripting

Widget4Call WordPress plugin = 1.0.7 contains a reflected cross-site scripting caused by unsanitized parameter output in the page, letting attackers execute arbitrary scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13099 info: name:...

5.4CVSS7.2AI score0.00674EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday13 views

Bulk Me Now! Plugin <= 2.0 - Cross-Site Scripting

Bulk Me Now! WordPress plugin = 2.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

7.1CVSS7AI score0.00532EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday57 views

Post Sync Plugin <= 1.1 - Cross-Site Scripting

Post Sync WordPress plugin = 1.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a maliciou...

6.1CVSS7AI score0.0061EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday24 views

WordPress StageShow <5.0.9 - Open Redirect

WordPress StageShow plugin before 5.0.9 contains an open redirect vulnerability in the Redirect function in stageshowredirect.php. A remote attacker can redirect users to arbitrary web sites and conduct phishing attacks via a malicious URL in the url parameter. id: CVE-2015-5461 info: name:...

6.4CVSS6.2AI score0.06283EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday39 views

RosarioSIS 6.7.2 - Cross-Site Scripting

RosarioSIS version 6.7.2 and earlier contains a reflected cross-site scripting XSS vulnerability in the Preferences module. The 'tab' parameter in Modules.php is not properly sanitized, allowing an attacker to inject arbitrary JavaScript code via a crafted URL. id: CVE-2020-15718 info: name:...

6.1CVSS6.5AI score0.06325EPSS
Exploits2
NVD
NVD
added 4 days ago6 views

CVE-2026-57054

A Use of Incorrectly-Resolved Name or Reference vulnerability in the URL filtering plugin of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass web filtering and access downstream resources that should be unreachable. If an MX Series device is...

6.9CVSS0.00347EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-44454 Coder vulnerable to workspace auto-creation via crafted URL parameters without user consent

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7 and 2.30.2, the dotfiles registry module passed unsanitized user input to shell commands, allowing arbitrary code execution inside a provisioned workspace. Any user who supplied a craft...

8.1CVSS0.02642EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/07/06 3:44 a.m.8 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS6.9AI score0.00308EPSS
Exploits0References7
NVD
NVD
added 2026/07/01 5:16 p.m.6 views

CVE-2026-34098

Guardian language-system fails to sanitize the id GET parameter before inserting it into HTML source and form action attributes in media.php lines 119, 129. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...

4.8CVSS0.00147EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:4 p.m.6 views

CVE-2026-34098

Guardian language-system fails to sanitize the id GET parameter before inserting it into HTML source and form action attributes in media.php lines 119, 129. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...

4.8CVSS5.8AI score0.00147EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:2 p.m.7 views

CVE-2026-34097

Guardian language-system fails to sanitize the id GET parameter before inserting it into multiple HTML form action attributes in textfile.php lines 94, 101, 323, 403, 826, 852. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...

4.8CVSS5.8AI score0.00147EPSS
Exploits0References3
NVD
NVD
added 2026/06/23 9:17 p.m.7 views

CVE-2026-53927

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the spreadsheet-fetch endpoint axiosRequestMake accepted URLs whose path contained a permitted extension anywhere in the string, and applied a hand-rolled regex blocklist that omitted 127.0.0.0/8 and 169.254.0.0/16,...

5.1CVSS0.00282EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 7:29 p.m.4 views

GO-2026-5058 HashiCorp's go-getter library may allow arbitrary file reads in github.com/hashicorp/go-getter

HashiCorp's go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package...

7.5CVSS5.9AI score0.00583EPSS
Exploits1References2
NVD
NVD
added 2026/06/17 6:17 p.m.12 views

CVE-2026-20178

A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to a malicious webpage. Cisco has addressed this vulnerability in the Cisco Webex App, and no customer action is needed. This vulnerability existed due to...

4.3CVSS0.00202EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 4:28 p.m.12 views

EUVD-2026-37759

A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to a malicious webpage. Cisco has addressed this vulnerability in the Cisco Webex App, and no customer action is needed. This vulnerability existed due to...

4.3CVSS5.5AI score0.00202EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.14 views

PT-2026-50500

Name of the Vulnerable Software and Affected Versions Cisco Webex App affected versions not specified Description An issue in the browser-based version of the application allows an unauthenticated remote attacker to redirect users to a malicious webpage. This occurs due to improper input validati...

5CVSS5.9AI score0.00202EPSS
Exploits0References8
Rows per page
Query Builder