Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

80527 matches found

AlmaLinux
AlmaLinuxadded 2026/05/11 12:0 a.m.8 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-6754 firefox: thunderbird: Spoofing...

9.8CVSS5.8AI score0.0007EPSS
Exploits1References52
GithubExploit
GithubExploitadded 2026/05/10 7:31 p.m.134 views

Exploit for Code Injection in Apache Nifi

CVE-2023-34468 Exploit !GitHub starshttps://img.shields.io...

8.8CVSS8.4AI score0.78065EPSS
Exploits8
GithubExploit
GithubExploitadded 2026/05/10 3:43 p.m.109 views

Exploit for Code Injection in Apache Nifi

CVE-2023-34468 — Apache NiFi 1.21.0 RCE PoC Remote Code Execu...

8.8CVSS6.1AI score0.78065EPSS
Exploits8
EUVD
EUVDadded 2026/05/10 3:31 p.m.3 views

EUVD-2021-34808

WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated attackers to inject arbitrary HTML code by exploiting the Help Text field in payment forms. Attackers can inject malicious HTML including image tags and scripts into the Help Text field during paymen...

5.4CVSS6AI score0.00029EPSS
Exploits0References4
Snyk
Snykadded 2026/05/10 2:20 p.m.4 views

User Impersonation

Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to User Impersonation via the OCSESSID cookie. An attacker can gain unauthorized access to user accounts by injecting arbitrary values into the session cookie, allowing session takeover...

9.8CVSS5.9AI score0.00068EPSS
Exploits0References2
NVD
NVDadded 2026/05/10 1:16 p.m.7 views

CVE-2021-47951

WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Edit Content URL field in the Access Control settings. Attackers can enter JavaScript payloads in the plugin options that are stored in...

6.4CVSS0.00032EPSS
Exploits0References3
NVD
NVDadded 2026/05/10 1:16 p.m.8 views

CVE-2021-47931

Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary...

6.4CVSS0.0007EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/10 12:44 p.m.26 views

CVE-2021-47948 WordPress GetPaid Plugin 2.4.6 HTML Injection via Help Text

WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated attackers to inject arbitrary HTML code by exploiting the Help Text field in payment forms. Attackers can inject malicious HTML including image tags and scripts into the Help Text field during paymen...

5.4CVSS0.00029EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/10 12:44 p.m.5 views

CVE-2021-47948 WordPress GetPaid Plugin 2.4.6 HTML Injection via Help Text

WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated attackers to inject arbitrary HTML code by exploiting the Help Text field in payment forms. Attackers can inject malicious HTML including image tags and scripts into the Help Text field during paymen...

5.4CVSS6AI score0.00029EPSS
Exploits0References3
CVE
CVEadded 2026/05/10 12:44 p.m.5 views

CVE-2021-47948

The CVE-2021-47948 entry concerns WordPress GetPaid Plugin 2.4.6 with an HTML-injection vulnerability. It allows authenticated attackers to inject arbitrary HTML via the Help Text field in payment forms, with the injected HTML stored in the database and executed in the browser when the form is vi...

5.4CVSS6AI score0.00029EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/10 12:43 p.m.3 views

CVE-2021-47941 WordPress Plugin Survey & Poll 1.5.7.3 SQL Injection via sss_params

WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpsap cookie parameter. Attackers can craft SQL payloads in the cookie to extract sensitive database...

8.8CVSS6.1AI score0.00086EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/05/10 12:43 p.m.2 views

CVE-2021-47941

WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpsap cookie parameter. Attackers can craft SQL payloads in the cookie to extract sensitive database...

8.8CVSS6.1AI score0.00086EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2026/05/10 12:43 p.m.7 views

CVE-2021-47931

Exponent CMS 2.6 is affected by a stored cross-site scripting (XSS) vulnerability in the text editing endpoint, exploitable via Title and Text Block parameters. Attackers with authentication can inject scripts (e.g., iframe payloads with embedded SVG onload events) to run arbitrary JavaScript. Th...

6.4CVSS5.9AI score0.0007EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/10 12:43 p.m.8 views

CVE-2021-47931 Exponent CMS 2.6 Multiple Vulnerabilities Stored XSS Authentication

Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary...

6.4CVSS5.9AI score0.0007EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/10 12:43 p.m.27 views

CVE-2021-47930 Balbooa Joomla Forms Builder 2.0.6 SQL Injection Unauthenticated

Balbooa Joomla Forms Builder 2.0.6 contains an unauthenticated SQL injection vulnerability in the form submission handler that allows remote attackers to execute arbitrary SQL queries. Attackers can send POST requests to the combaforms component with malicious JSON payloads in the 'id' field...

8.8CVSS0.0006EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/10 12:43 p.m.27 views

CVE-2021-47931 Exponent CMS 2.6 Multiple Vulnerabilities Stored XSS Authentication

Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary...

6.4CVSS0.0007EPSS
Exploits0References3
CVE
CVEadded 2026/05/10 12:43 p.m.7 views

CVE-2021-47928

Opencart TMD Vendor System 3.x is affected by a blind SQL injection via the product_id parameter, allowing unauthenticated attackers to enumerate data from oc_user (usernames, emails, password reset codes). The vulnerability is described as a time-based/content-based blind injection with high con...

8.8CVSS5.9AI score0.0009EPSS
Exploits0References4
NVD
NVDadded 2026/05/10 6:16 a.m.6 views

CVE-2026-8231

A vulnerability has been found in CodeAstro Online Catering Ordering System 1.0. This affects an unknown function of the file /deleteorder.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the publ...

6.5CVSS0.00031EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/05/10 5:0 a.m.29 views

CVE-2026-8231 CodeAstro Online Catering Ordering System deleteorder.php sql injection

A vulnerability has been found in CodeAstro Online Catering Ordering System 1.0. This affects an unknown function of the file /deleteorder.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the publ...

6.5CVSS0.00031EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/05/10 12:0 a.m.5 views

PT-2026-39459

A vulnerability has been found in CodeAstro Online Catering Ordering System 1.0. This affects an unknown function of the file /deleteorder.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the publ...

6.5CVSS6.4AI score0.00031EPSS
Exploits0References6
Rows per page
Query Builder