Lucene search
+L

11371 matches found

nuclei
nuclei
added 8 hours ago50 views

WordPress Restrict User Access <= 2.5 - Cross-Site Scripting

WordPress Restrict User Access – Membership Plugin with Force versions before 2.6 is vulnerable to Reflected Cross-Site Scripting via the 'ruasection' parameter in the admin level edit page. id: CVE-2024-29138 info: name: WordPress Restrict User Access = 2.5 - Cross-Site Scripting author: Shivam...

7.1CVSS7AI score0.00622EPSS
Exploits0References3
nuclei
nuclei
added 8 hours ago12 views

WordPress < 4.8.2 - Authenticated Open Redirect

WordPress versions before 4.8.2 contain an open redirect caused by improper validation in wp-admin/edit-tag-form.php and wp-admin/user-edit.php, letting attackers redirect users to malicious sites, exploit requires access to admin interface. id: CVE-2017-14725 info: name: WordPress 4.8.2 -...

5.4CVSS6.7AI score0.02134EPSS
Exploits0References5
nuclei
nuclei
added 8 hours ago14 views

ChurchCRM - SQL Injection

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a time-based blind SQL Injection vulnerability in the EditEventTypes functionality. The newCountName parameter is directly concatenated into an SQL query without proper...

9.8CVSS7AI score0.02177EPSS
Exploits1References3
nuclei
nuclei
added 8 hours ago46 views

RiteCMS 3.0.0 - Cross-site Scripting

RiteCMS v3.0.0 contains a reflected XSS caused by unsanitized input in the mainmenu/editsection component, letting attackers execute arbitrary scripts in the context of the victim's browser. id: CVE-2024-28623 info: name: RiteCMS 3.0.0 - Cross-site Scripting author: 0xAkoko severity: medium...

6.1CVSS6.3AI score0.01317EPSS
Exploits4References2
nvd
nvd
added 13 hours ago6 views

CVE-2026-12941

The MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS
Exploits0References5
euvd
euvd
added 15 hours ago4 views

EUVD-2026-44860

The MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS6.1AI score
Exploits0References5
nvd
nvd
added yesterday5 views

CVE-2026-20297

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.2.2510.18, and 10.1.2507.24, a user who holds a role that contains the editlocalapps and installapps capabilities could cause a legitimate app...

7.2CVSS
Exploits0References1
cvelist
cvelist
added yesterday31 views

CVE-2026-20297 Path Traversal through 'explicit_appname' in the App Install REST Endpoint in Splunk Enterprise

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.2.2510.18, and 10.1.2507.24, a user who holds a role that contains the editlocalapps and installapps capabilities could cause a legitimate app...

7.2CVSS
Exploits0References1
euvd
euvd
added yesterday4 views

EUVD-2026-44736

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.2.2510.18, and 10.1.2507.24, a user who holds a role that contains the editlocalapps and installapps capabilities could cause a legitimate app...

7.2CVSS6.1AI score
Exploits0References1
attackerkb
attackerkb
added yesterday5 views

CVE-2026-20297

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.2.2510.18, and 10.1.2507.24, a user who holds a role that contains the editlocalapps and installapps capabilities could cause a legitimate app...

7.2CVSS6.1AI score
Exploits0References2Affected Software2
ptsecurity
ptsecurity
added yesterday7 views

PT-2026-60234

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.4.1 Splunk Enterprise versions prior to 10.2.5 Splunk Enterprise versions prior to 10.0.8 Splunk Enterprise versions prior to 9.4.13 Splunk Enterprise versions prior to 9.3.14 Splunk Cloud Platform versio...

7.2CVSS6.1AI score
Exploits0References4
nvd
nvd
added 2 days ago6 views

CVE-2026-3014

Milestone has released a new version of XProtect® and several cumulative patch updates which fix security vulnerability in Management Server API. The vulnerability causes users with edit permissions to the Management Server to be able to execute arbitrary code in context of the Management Server...

9.1CVSS0.0062EPSS
Exploits0References2
euvd
euvd
added 2 days ago5 views

EUVD-2026-43655

Milestone has released a new version of XProtect® and several cumulative patch updates which fix security vulnerability in Management Server API. The vulnerability causes users with edit permissions to the Management Server to be able to execute arbitrary code in context of the Management Server...

9.1CVSS6.2AI score0.0062EPSS
Exploits0References1
cvelist
cvelist
added 2 days ago32 views

CVE-2026-3014 Remote Code Execution by administrative user on the Management Server

Milestone has released a new version of XProtect® and several cumulative patch updates which fix security vulnerability in Management Server API. The vulnerability causes users with edit permissions to the Management Server to be able to execute arbitrary code in context of the Management Server...

9.1CVSS0.0062EPSS
Exploits0References2
attackerkb
attackerkb
added 2 days ago6 views

CVE-2026-3014

Milestone has released a new version of XProtect® and several cumulative patch updates which fix security vulnerability in Management Server API. The vulnerability causes users with edit permissions to the Management Server to be able to execute arbitrary code in context of the Management Server...

9.1CVSS6.2AI score0.0062EPSS
Exploits0References3
nvd
nvd
added 2 days ago6 views

CVE-2026-15675

A vulnerability was identified in code-projects Online Job Portal 1.0. The affected element is an unknown function of the file /Admin/EditUser.php. Such manipulation of the argument UserId leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be...

7.5CVSS0.00263EPSS
Exploits0References6
euvd
euvd
added 2 days ago4 views

EUVD-2026-43623

A vulnerability was identified in code-projects Online Job Portal 1.0. The affected element is an unknown function of the file /Admin/EditUser.php. Such manipulation of the argument UserId leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6
cvelist
cvelist
added 2 days ago28 views

CVE-2026-15675 code-projects Online Job Portal EditUser.php sql injection

A vulnerability was identified in code-projects Online Job Portal 1.0. The affected element is an unknown function of the file /Admin/EditUser.php. Such manipulation of the argument UserId leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be...

7.5CVSS0.00263EPSS
Exploits0References6
nvd
nvd
added 2 days ago6 views

CVE-2026-15621

A vulnerability was detected in mosaxiv clawlet up to 0.2.10. This impacts the function readfile/writefile/editfile of the file tools/fsops.go of the component File Tools. Performing a manipulation results in link following. The attack needs to be approached locally. The reported GitHub issue was...

5.3CVSS0.0014EPSS
Exploits0References6
euvd
euvd
added 2 days ago6 views

EUVD-2026-43598

A vulnerability was detected in mosaxiv clawlet up to 0.2.10. This impacts the function readfile/writefile/editfile of the file tools/fsops.go of the component File Tools. Performing a manipulation results in link following. The attack needs to be approached locally. The reported GitHub issue was...

5.3CVSS5.9AI score0.0014EPSS
Exploits0References6
Rows per page
Query Builder