Lucene search
K

4454 matches found

Nuclei
Nuclei
added 5 hours ago53 views

TileServer API - Cross Site Scripting

tileserver-gl up to v4.4.10 was discovered to contain a cross-site scripting XSS vulnerability via the component /data/v3/?key. id: CVE-2024-35627 info: name: TileServer API - Cross Site Scripting author: DhiyaneshDK severity: medium description: | tileserver-gl up to v4.4.10 was discovered to...

6.1CVSS5.9AI score0.00957EPSS
Exploits0References1
Patchstack
Patchstack
added 4 days ago5 views

WordPress SupportCandy plugin <= 3.4.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abduljalal Saminu in WordPress Plugin SupportCandy versions = 3.4.8...

6.5CVSS6.1AI score0.00224EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 4 days ago5 views

WordPress Dokan plugin <= 5.0.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin Dokan versions = 5.0.6...

7.1CVSS6.1AI score0.00251EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 5 days ago4 views

WordPress Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms plugin <= 1.26.12 - Authenticated (Admin+) Local File Inclusion vulnerability

Authenticated Admin+ Local File Inclusion vulnerability discovered by Rahul Sreenivasan Tr0j4n in WordPress Plugin Happyforms versions = 1.26.12...

6.6CVSS6.1AI score0.00516EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 5 days ago4 views

WordPress 777 theme <= 1.13.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds in WordPress Theme 777 versions = 1.13.0...

9.8CVSS6.1AI score0.00564EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 5 days ago4 views

WordPress Simply Schedule Appointments plugin <= 1.6.11.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by anhcd05 in WordPress Plugin Simply Schedule Appointments versions = 1.6.11.11...

6.5CVSS6.1AI score0.00266EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago5 views

WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.13 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by she11f in WordPress Plugin Client Invoicing by Sprout Invoices versions = 20.8.13...

6.5CVSS6.1AI score0.0034EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago6 views

WordPress Cart Lift plugin <= 3.1.57 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by dodoh4t in WordPress Plugin Cart Lift versions = 3.1.57...

7.1CVSS6.1AI score0.00251EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago5 views

WordPress Gift Vouchers plugin <= 4.7.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by xwii in WordPress Plugin Gift Vouchers versions = 4.7.0...

7.1CVSS6.1AI score0.00251EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago8 views

WordPress Open Shop theme <= 1.7.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by HaiND in WordPress Theme Open Shop versions = 1.7.1...

7.1CVSS6.1AI score0.00321EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago6 views

WordPress Booking and Rental Manager plugin <= 2.6.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by hhhai in WordPress Plugin Booking and Rental Manager versions = 2.6.9...

6.5CVSS6.1AI score0.00332EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago5 views

WordPress GD Security Headers plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by HaiND in WordPress Plugin GD Security Headers versions = 1.8...

7.1CVSS6.1AI score0.00251EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/07/07 11:45 a.m.4 views

PYSEC-2026-1309 Docassemble unauthorized access through URL manipulation

Impact The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. Patches The vulnerability has been patched in version 1.4.97 of the master branch. The Docker image on docker.io has been patched...

7.5CVSS7AI score0.69486EPSS
Exploits2References6
Patchstack
Patchstack
added 2026/07/07 8:52 a.m.5 views

WordPress WPJAM Basic plugin <= 7.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by hhhai in WordPress Plugin WPJAM Basic versions = 7.0...

8.8CVSS5.9AI score0.00518EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/06 2:23 p.m.5 views

WordPress Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More plugin <= 2.2.0 - Other Vulnerability Type vulnerability

Other Vulnerability Type vulnerability discovered by dodoh4t in WordPress Plugin Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More versions = 2.2.0...

6.5CVSS5.9AI score0.00351EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/06 1:19 p.m.7 views

WordPress Flatsome theme <= 3.20.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bonds in WordPress Theme Flatsome versions = 3.20.5...

7.5CVSS5.9AI score0.00394EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/02 1:38 p.m.5 views

WordPress Leedo theme <= 3.0.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Leedo versions = 3.0.0...

7.5CVSS5.9AI score0.00496EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/02 1:31 p.m.5 views

WordPress Aalto theme <= 1.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Aalto versions = 1.8...

7.5CVSS5.9AI score0.00496EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/02 1:28 p.m.6 views

WordPress Speaker plugin <= 4.1.13 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by w41bu1 in WordPress Plugin Speaker versions = 4.1.13...

6.5CVSS5.9AI score0.00218EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/02 9:29 a.m.9 views

WordPress WPIDE – File Manager & Code Editor plugin <= 3.5.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by dodoh4t in WordPress Plugin WPIDE – File Manager & Code Editor versions = 3.5.6...

8.8CVSS5.8AI score0.00142EPSS
Exploits0Affected Software1
Rows per page
Query Builder