Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 5 days ago8 views

EUVD-2026-34054

The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0. This is due to the getshopurl method returning the shopname setting value without sanitization when it begins with "http", combined with insufficient validation in th...

4.4CVSS6AI score0.00033EPSS
Exploits0References8
ATTACKERKB
ATTACKERKBadded 2026/05/27 6:46 a.m.7 views

CVE-2026-3896

The Livemesh SiteOrigin Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lsowadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but does not...

6.4CVSS5.8AI score0.0003EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/05/27 12:0 a.m.5 views

PT-2026-43548

The Livemesh SiteOrigin Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lsow admin ajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but does not...

6.4CVSS5.8AI score0.0003EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/05/26 12:0 a.m.8 views

PT-2026-43450

TL;DR This vulnerability affects all Kirby sites that use the list field or list block, when content is authored by users who may not be fully trusted. The attack requires an authenticated Panel user with update permission to any list field or list block. This vulnerability is of high severity fo...

8.5CVSS5.7AI score
Exploits0References5
NVD
NVDadded 2026/04/06 5:17 p.m.2 views

CVE-2026-35035

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.2.0, the application fails to properly sanitize user-controlled input within System Settings – Company Information. Several administrative...

9CVSS0.0002EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/03/08 7:56 a.m.4 views

CVE-2026-2420

The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...

4.4CVSS5.7AI score0.00039EPSS
Exploits0References1
AlpineLinux
AlpineLinuxadded 2024/08/27 8:33 p.m.3 views

CVE-2024-45049

Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed by applying...

7.5CVSS6.9AI score0.0036EPSS
Exploits0References4
Code423n4
Code423n4added 2023/03/20 12:0 a.m.9 views

A user can override a namespace created by another user, using the same name

Lines of code Vulnerability details Impact Let's say: Julian, and Juliet minted separate trays of characters in the Tray contract Julian approves Alice to mint a Namespace subprotocol NFT with the name Ali😀 Juliet also approves Alite to mint a Namespace subprotocol NFT with the name Ali😀 If a...

6.8AI score
Exploits0
Rows per page
Query Builder