Lucene search
K

18857 matches found

EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-43297

Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an...

9.8CVSS6.1AI score
Exploits0References2
CVE
CVE
added 8 hours ago10 views

CVE-2026-4769

The affected product family is WAGO System I/O Field series devices. The CVE describes an undocumented internal diagnostic capability that activates during the initial startup sequence and remains accessible without authentication for a brief window in the early boot phase. During this window, an...

9.8CVSS6.1AI score
Exploits0References1
CVE
CVE
added 8 hours ago7 views

CVE-2026-12081

The CVE-2026-12081 entry concerns the WordPress plugin family “Database for Contact Form 7, WPforms, Elementor forms,” affected in versions before 1.5.2. The issue arises from not restricting PHP classes during unserialization of attacker-supplied form-field values, which enables unauthenticated ...

6.2AI score
Exploits0References1
Nuclei
Nuclei
added 10 hours ago73 views

WebTareas 2.4p5 - Cross-Site Scripting

webtareas 2.4p5 was discovered to contain a cross-site scripting XSS vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. id: CVE-2022-44957 info: name: WebTareas...

5.4CVSS6.3AI score0.01037EPSS
Exploits1References4
Nuclei
Nuclei
added 10 hours ago93 views

Rukovoditel <= 3.2.1 - Cross Site Scripting

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking...

5.4CVSS6.3AI score0.00903EPSS
Exploits1References4
Nuclei
Nuclei
added 10 hours ago25 views

Django RasterField - SQL Injection

Django 6.0.2, 5.2.11, and 4.2.28 contains a SQL injection caused by improper sanitization of the band index parameter in RasterField on PostGIS, letting remote attackers inject SQL, exploit requires crafted input. id: CVE-2026-1207 info: name: Django RasterField - SQL Injection author: omarkurt...

8.3CVSS6.8AI score0.09436EPSS
Exploits1References3
Nuclei
Nuclei
added 10 hours ago39 views

XWiki - HQL Injection

XWiki is vulnerable to Hibernate Query Language HQL injection in the wiki and space search REST API starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0. The vulnerability allows attackers to inject malicious HQL queries through the orderField parameter, potential...

9.3CVSS7.4AI score0.02207EPSS
Exploits0References2
Nuclei
Nuclei
added 10 hours ago9 views

Custom Field Manager WordPress - Cross-Site Scripting

Custom Field Manager WordPress plugin through 1.0 contains a reflected XSS caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request. id: CVE-2024-12873 info: name: Custom Field Manager...

6.1CVSS7.1AI score0.0053EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago126 views

Advanced Custom Fields < 6.1.6 - Cross-Site Scripting

Advanced Custom Fields beofre 6.1.6 is susceptible to cross-site scripting via the poststatus parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow th...

7.1CVSS6.8AI score0.38768EPSS
Exploits3References5
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43147

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 Form Field in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

7.2CVSS6.2AI score0.00259EPSS
Exploits0References5
CVE
CVE
added 2 days ago8 views

CVE-2026-15096

The CVE concerns the Themify Builder WordPress plugin. A Stored Cross-Site Scripting (XSS) flaw exists in the Map Module’s b_width_map field across all versions up to 7.7.6, caused by insufficient input sanitization and output escaping. Authenticated attackers with contributor-level access or hig...

6.4CVSS6.2AI score0.00193EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43132

The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'heightslider' Slider Module Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6.2AI score0.00201EPSS
Exploits0References6
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-43053

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Flag attendance field allows Object Injection. This issue affects Flag attendance field versions: from 0.0.0 to 1.2...

6.1AI score0.00173EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-43066

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Drupal Geolocation Field allows SQL Injection. This issue affects Geolocation Field versions: from 0.0.0 to 3.15.0...

6.1AI score0.00157EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-43051

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Formatter Field allows Object Injection. This issue affects Formatter Field versions: from 0.0.0 to 2.0.0...

6.1AI score0.00173EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago6 views

PT-2026-57391

Name of the Vulnerable Software and Affected Versions Themify Builder versions prior to 7.7.7 Description Insufficient input sanitization and output escaping in the Map Module allow authenticated attackers with contributor-level access and above to perform Stored Cross-Site Scripting. This is...

6.4CVSS6.2AI score0.00193EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2 days ago11 views

PT-2026-57392

Name of the Vulnerable Software and Affected Versions Themify Builder versions prior to 7.7.7 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with contributor-level access or higher can inject arbitrary web scripts...

6.4CVSS6.2AI score0.00201EPSS
Exploits0References9
CVE
CVE
added 3 days ago24 views

CVE-2026-13242

Summary: CVE-2026-13242 is an SQL Injection vulnerability in the Drupal Geolocation Field module. The flaw arises from improper neutralization of user-supplied values in a view filter, enabling injection when exposed to input. Affected versions are 0.0.0 through 3.15.0 of Geolocation Field. Conne...

6.1AI score0.00157EPSS
Exploits0References1
CVE
CVE
added 3 days ago16 views

CVE-2026-55809

The CVE-2026-55809 entry concerns Drupal’s Flag attendance field module. The root cause is an object injection vulnerability caused by handling PHP-serialized data stored in the flag_attendance_field, which can lead to PHP object injection when data are unserialized. Affected versions are Flag at...

6.1AI score0.00173EPSS
Exploits0References1
CVE
CVE
added 3 days ago12 views

CVE-2026-12535

The CVE-2026-12535 entry concerns Drupal’s Formatter Field module, affected versions 0.0.0–2.0.0. The vulnerability arises from PHP-serialized data stored in the formatter_field field, which can be written maliciously and later unserialized, enabling Object Injection. Exploitation requires the at...

6.1AI score0.00173EPSS
Exploits0References1
Rows per page
Query Builder