Lucene search
K

179 matches found

Nuclei
Nuclei
added 10 hours ago10 views

WordPress User Messages <= 1.2.4 - Reflected XSS

WordPress User Messages plugin = 1.2.4 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires victim to load a...

6.1CVSS7.1AI score0.00567EPSS
Exploits1References2
CVE
CVE
added 4 days ago6 views

CVE-2026-34098

CVE-2026-34098: Guardian Language-System contains an XSS in media.php via unsanitized id parameter (GET). The id value is inserted into HTML source and form actions (lines 119, 129), enabling script injection in a victim’s browser session. Affected: Guardian Language-System; vulnerability manifes...

4.8CVSS5.8AI score0.00147EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/23 5:56 p.m.7 views

CVE-2026-45135

Caddy is an extensible server platform that uses TLS by default. From 2.7.0 until 2.11.3, the FastCGI transport's splitPos in modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct fla...

8.1CVSS6.5AI score0.00399EPSS
Exploits1
EUVD
EUVD
added 2026/06/09 12:21 a.m.12 views

EUVD-2026-35288

SAP Wily Introscope Enterprise Manager allows an unauthenticated attacker to craft a specially crafted URL. Under certain conditions, when accessed by a victim, the injected script could execute in the user�s browser within the context of the application. This issue has a low impact on the...

4.7CVSS5.6AI score0.00154EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/20 11:27 a.m.11 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS7AI score0.00308EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/05/14 8:27 p.m.14 views

Open WebUI has a Server-Side Request Forgery (SSRF) bypass in `validate_url`

Summary In the open-webui project, a parsing difference between the urlparse and requests libraries led to an SSRF bypass vulnerability. Details In the current project, URL validation is performed using the function validateurl. The current checking logic uses urlparse to parse the hostname part ...

8.5CVSS5.9AI score0.00292EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/05/11 6:31 p.m.13 views

EUVD-2025-209777

docuFORM Managed Print Service Client 11.11c is vulnerable to a directory traversal allowing attackers to read arbitrary files via crafted url...

5.9AI score0.00641EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

WWBN AVideo 跨站脚本漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of escaping of user input in the plugin/Meet/iframe.php file, which could allo...

6.1CVSS5.9AI score0.00225EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/11 12:0 a.m.13 views

CVE-2025-65418

docuFORM Managed Print Service Client 11.11c is vulnerable to a directory traversal allowing attackers to read arbitrary files via crafted url...

5.9AI score0.00641EPSS
Exploits0References3
CVE
CVE
added 2026/05/08 10:38 p.m.26 views

CVE-2026-42307

CVE-2026-42307 affects Vim where the netrw plugin is vulnerable to an OS command injection prior to 9.2.0383. By tricking a user to open a crafted URL (e.g., sftp://, file://), an attacker can execute arbitrary shell commands with the Vim process privileges. The issue is mitigated by upgrading to...

4.4CVSS6AI score0.00774EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/08 10:38 p.m.38 views

CVE-2026-42307 Vim: OS Command Injection in netrw

Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the sftp:// or file:// protocol handlers, an attacker can execute arbitrary...

4.4CVSS0.00774EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/21 6:31 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the DataTable widget when a query parameter is rendered without proper output escaping. An attacker can execute arbitrary scripts in the context of the user's browser by tricking a user into visiting a craft...

3.1CVSS5.8AI score0.00144EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/10 10:20 a.m.5 views

CVE-2026-4660

A flaw was found in the go-getter library. A remote attacker could exploit this vulnerability by providing a maliciously crafted URL during certain git operations. This could allow the attacker to perform arbitrary file reads on the file system, potentially leading to the disclosure of sensitive...

7.5CVSS5.9AI score0.00583EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/09 1:47 p.m.5 views

CVE-2026-4660

HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package...

7.5CVSS6AI score0.00583EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/08 4:26 p.m.7 views

CVE-2026-2377

A flaw was found in Red Hat Quay and mirror registry for Red Hat OpenShift. The log export feature in these products allows an authenticated user to specify an arbitrary callback URL. A backend process then makes server-side HTTP requests to this provided URL. This vulnerability, known as...

6.5CVSS6AI score0.00405EPSS
Exploits0References9
EUVD
EUVD
added 2026/04/06 6:33 p.m.6 views

EUVD-2025-209233

An open redirect in Ascertia SigningHub User v10.0 allows attackers to redirect users to a malicious site via a crafted URL...

6.1CVSS5.8AI score0.00175EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/30 12:0 a.m.4 views

CVE-2026-30562

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the addstock.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML...

6AI score0.00321EPSS
Exploits1References1
Snyk
Snyk
added 2026/03/12 2:23 p.m.7 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the forwardProxy function. An attacker can access internal network resources, retrieve sensitive data, and potentially obtain cloud metadata or credentials by supplying a crafted URL to the endpoint...

8.7CVSS7.2AI score0.00278EPSS
Exploits1References2
OSV
OSV
added 2026/03/11 6:17 a.m.2 views

DEBIAN-CVE-2026-3884

Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting XSS via the spin function that allows a creation of more than 1 alert for each 'target' element. An attacker would need to set an arbitrary key-value pair on Object.prototype through a crafted URL achieving a...

5.1CVSS5.7AI score0.00158EPSS
Exploits0References1
CVE
CVE
added 2026/03/03 9:24 p.m.10 views

CVE-2026-3204

CVE-2026-3204 describes an improper input validation in the error message page of Devolutions Server, enabling remote attackers to spoof the displayed error message via a specially crafted URL. Public references consistently cite Devolutions Server 2025.3.16 and earlier as affected; connected sou...

9.8CVSS6AI score0.00533EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder