Lucene search
K

2991 matches found

Nuclei
Nuclei
added yesterday107 views

WordPress IWS Geo Form Fields <=1.0 - SQL Injection

WordPress IWS Geo Form Fields plugin through 1.0 contains a SQL injection vulnerability. The plugin does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data,...

9.8CVSS7.1AI score0.04955EPSS
Exploits1References5
NVD
NVD
added 2 days ago4 views

CVE-2026-48371

Adobe Commerce is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerabl...

5.4CVSS0.00294EPSS
Exploits0References1
NVD
NVD
added 2 days ago5 views

CVE-2026-48355

Adobe Experience Manager is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the...

5.4CVSS0.00294EPSS
Exploits0References1
NVD
NVD
added 2 days ago4 views

CVE-2026-48263

Adobe Experience Manager is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the...

5.4CVSS0.00294EPSS
Exploits0References1
NVD
NVD
added 2 days ago4 views

CVE-2026-47999

Adobe Commerce is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerab...

4.8CVSS0.11523EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-47999 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerab...

4.8CVSS0.11523EPSS
Exploits0References1
CVE
CVE
added 2 days ago6 views

CVE-2026-47999

CVE-2026-47999 describes a stored Cross-Site Scripting (XSS) flaw in Adobe Commerce . A high-privilege attacker can inject malicious scripts into vulnerable form fields, with JavaScript potentially executing in a victim’s browser when loading the page containing the affected field. The CVSS metri...

4.8CVSS6.1AI score0.11523EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-47995 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerab...

8.1CVSS0.00655EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-48371 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerabl...

5.4CVSS0.00294EPSS
Exploits0References1
CVE
CVE
added 2 days ago6 views

CVE-2026-48263

CVE-2026-48263 : Adobe Experience Manager is affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. The issue allows a low-privileged attacker to inject malicious scripts, which may execute in a victim’s browser when visiting a page containing the vulnerable fiel...

5.4CVSS6.1AI score0.00294EPSS
Exploits0References1
CVE
CVE
added 2 days ago5 views

CVE-2026-48355

Adobe Experience Manager is affected by a stored XSS vulnerability (CVE-2026-48355) that allows a low-privileged attacker to inject JavaScript into vulnerable form fields, with victim browsers executing the script when visiting the affected page. The CVSS v3.1 base score is 5.4 (Medium) with netw...

5.4CVSS6.1AI score0.00294EPSS
Exploits0References1
NVD
NVD
added 5 days ago7 views

CVE-2026-15010

The bbp Style Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.4.5 via the Topic Form Additional Fields feature. This is due to insufficient input sanitization in bsptopicfieldsformsave which writes $POST'bsptopicfieldslabeln' directly to...

6.4CVSS0.00208EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-15010 bbp style pack <= 6.4.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Topic Form Additional Fields

The bbp Style Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.4.5 via the Topic Form Additional Fields feature. This is due to insufficient input sanitization in bsptopicfieldsformsave which writes $POST'bsptopicfieldslabeln' directly to...

6.4CVSS0.00208EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-43165

The bbp Style Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.4.5 via the Topic Form Additional Fields feature. This is due to insufficient input sanitization in bsptopicfieldsformsave which writes $POST'bsptopicfieldslabeln' directly to...

6.4CVSS6.2AI score0.00208EPSS
Exploits0References4
CVE
CVE
added 5 days ago16 views

CVE-2026-15010

The CVE-2026-15010 entry concerns the bbp Style Pack plugin for WordPress, vulnerable to Stored Cross-Site Scripting (XSS) in versions up to and including 6.4.5 via the Topic Form Additional Fields feature. Root causes are insufficient input sanitization in bsp_topic_fields_form_save(), which wri...

6.4CVSS6.2AI score0.00208EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 5 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-52747

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request bo...

8.6CVSS6AI score0.00476EPSS
Exploits1References4
NVD
NVD
added 6 days ago9 views

CVE-2026-52747

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and...

8.6CVSS0.00476EPSS
Exploits1References3
OSV
OSV
added 6 days ago3 views

CVE-2026-52747 ModSecurity: Multipart form-data parser silently strips embedded line breaks from form-field values, enabling request-body inspection bypass

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and...

8.6CVSS6AI score0.00476EPSS
Exploits1References5
CVE
CVE
added 6 days ago18 views

CVE-2026-52747

Summary of CVE-2026-52747 ModSecurity (the open‑source WAF engine for Apache/IIS/Nginx) prior to version 3.0.16 contains a parsing bug in the multipart/form-data body processor. Specifically, the libmodsecurity multipart parser silently removes embedded line breaks from non-file form-field values...

8.6CVSS6AI score0.00476EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/07/08 9:16 a.m.11 views

CVE-2026-57250

When the application opens a PDF and JavaScript resets the form fields, the script re-enters the interface. The underlying native object is damaged, but the application does not perform validation. The function call on the damaged object leads to the application crashing...

7.8CVSS0.00116EPSS
Exploits0References1
Rows per page
Query Builder