Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

500 matches found

Nuclei
Nucleiadded 3 days ago61 views

SPIP BigUp Plugin - Remote Code Execution

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request. id: CVE-2024-8517 info: name: SPIP BigUp Plugin - Remote Code Execution...

9.8CVSS7.7AI score0.94618EPSS
Exploits7References5
NVD
NVDadded 2026/06/15 9:16 p.m.5 views

CVE-2026-42649

Unauthenticated Cross Site Scripting XSS in Favicon Rotator = 1.2.11 versions...

7.1CVSS0.00175EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/15 8:18 p.m.25 views

CVE-2026-42649 WordPress Favicon Rotator plugin <= 1.2.11 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Favicon Rotator = 1.2.11 versions...

7.1CVSS0.00175EPSS
Exploits0References1
EUVD
EUVDadded 2026/06/15 8:18 p.m.4 views

EUVD-2026-36817

Unauthenticated Cross Site Scripting XSS in Favicon Rotator = 1.2.11 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/06/15 8:18 p.m.5 views

CVE-2026-42649 WordPress Favicon Rotator plugin <= 1.2.11 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Favicon Rotator = 1.2.11 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
CVE
CVEadded 2026/06/15 8:18 p.m.9 views

CVE-2026-42649

CVE-2026-42649 concerns the WordPress plugin Favicon Rotator (versions

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/06/15 12:0 a.m.7 views

PT-2026-49443

Unauthenticated Cross Site Scripting XSS in Favicon Rotator = 1.2.11 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/06/11 2:51 a.m.9 views

Malicious code in @my_name_is_khn/express-security-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b7e17fc1e874d13547ace24c7b21593ce1eb13337d0d877a89c7a372974ee42 On npm install, the package's postinstall hook scripts/inject.js locates the installer's host project root, identifies the main entry file index.js,...

5.6AI score
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:50 p.m.9 views

CVE-2026-7150

A vulnerability was found in dh1011 auto-favicon up to f189116a9259950c2393f114dbcb94dde0ad864b. This issue affects the function generatefaviconfromurl of the file src/autofavicon/server.py of the component MCP Tool. The manipulation of the argument imageurl results in server-side request forgery...

6.5CVSS5.9AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:35 p.m.10 views

CVE-2026-5737

The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.14.9. This is due to a public tracking route at /wp-json/iawp/search that accepts attacker-controlled referrerurl values when the signature matches, combined with a...

6.5CVSS5.6AI score0.00366EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:15 p.m.7 views

CVE-2026-42754

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in phbernard Favicon favicon-by-realfavicongenerator allows Reflected XSS.This issue affects Favicon: from n/a through = 1.3.46...

7.1CVSS5.4AI score0.00203EPSS
Exploits0References1
Patchstack
Patchstackadded 2026/05/30 5:40 a.m.8 views

WordPress Favicon plugin <= 1.3.46 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by dodoh4t in WordPress Plugin Favicon versions = 1.3.46...

7.1CVSS5.8AI score0.00203EPSS
Exploits0Affected Software1
EUVD
EUVDadded 2026/05/28 3:27 a.m.11 views

EUVD-2026-32702

The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.14.9. This is due to a public tracking route at /wp-json/iawp/search that accepts attacker-controlled referrerurl values when the signature matches, combined with a...

6.5CVSS5.9AI score0.00366EPSS
Exploits0References10
ATTACKERKB
ATTACKERKBadded 2026/05/28 3:27 a.m.9 views

CVE-2026-5737

The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.14.9. This is due to a public tracking route at /wp-json/iawp/search that accepts attacker-controlled referrerurl values when the signature matches, combined with a...

6.5CVSS5.9AI score0.00366EPSS
Exploits0References11
CVE
CVEadded 2026/05/28 3:27 a.m.23 views

CVE-2026-5737

CVE-2026-5737 concerns the Independent Analytics plugin for WordPress, vulnerable through an unauthenticated SSRF in versions up to 2.14.9. A public tracking route at /wp-json/iawp/search accepts attacker-controlled referrer_url values when signatures match, compounded by a scheduled favicon fetc...

6.5CVSS5.9AI score0.00366EPSS
Exploits0References10
Positive Technologies
Positive Technologiesadded 2026/05/28 12:0 a.m.14 views

PT-2026-44178

The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.14.9. This is due to a public tracking route at /wp-json/iawp/search that accepts attacker-controlled referrer url values when the signature matches, combined with a...

6.5CVSS6AI score0.00366EPSS
Exploits0References11
NVD
NVDadded 2026/05/27 11:16 a.m.15 views

CVE-2026-42754

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in phbernard Favicon favicon-by-realfavicongenerator allows Reflected XSS.This issue affects Favicon: from n/a through = 1.3.46...

7.1CVSS0.00203EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/27 9:49 a.m.8 views

EUVD-2026-32202

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in phbernard Favicon favicon-by-realfavicongenerator allows Reflected XSS.This issue affects Favicon: from n/a through = 1.3.46...

7.1CVSS5.8AI score0.00203EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/27 9:49 a.m.11 views

CVE-2026-42754 WordPress Favicon plugin <= 1.3.46 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in phbernard Favicon favicon-by-realfavicongenerator allows Reflected XSS.This issue affects Favicon: from n/a through = 1.3.46...

7.1CVSS5.8AI score0.00203EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/27 9:49 a.m.7 views

CVE-2026-42754

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in phbernard Favicon favicon-by-realfavicongenerator allows Reflected XSS.This issue affects Favicon: from n/a through = 1.3.46...

7.1CVSS5.8AI score0.00203EPSS
Exploits0References2
Rows per page
Query Builder