Lucene search
+L

1914 matches found

Nuclei
Nuclei
added 6 hours ago46 views

Aruba Instant Access Point (IAP) - Cross-Site Scripting

A remote cross-site scripting xss vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below;...

6.1CVSS6.7AI score0.16372EPSS
Exploits3References2
NVD
NVD
added 5 days ago4 views

CVE-2026-57413

Server-Side Request Forgery SSRF vulnerability in bdthemes Instant Image Generator ai-image allows Server Side Request Forgery.This issue affects Instant Image Generator: from n/a through = 2.1.4...

6.4CVSS0.00168EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-57413 WordPress Instant Image Generator plugin <= 2.1.4 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in bdthemes Instant Image Generator ai-image allows Server Side Request Forgery.This issue affects Instant Image Generator: from n/a through = 2.1.4...

6.4CVSS0.00168EPSS
Exploits0References1
CVE
CVE
added 5 days ago6 views

CVE-2026-57413

CVE-2026-57413 describes a Server-Side Request Forgery (SSRF) vulnerability in the WordPress plugin “Instant Image Generator” (ai-image). The connected documents indicate the issue affects Instant Image Generator versions from n/a up to 2.1.4. The available details specify the vulnerability type ...

6.4CVSS6.1AI score0.00168EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/11 5:35 a.m.8 views

EUVD-2026-43149

The WP Hotel Booking plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 2.3.1. This is due to the webhookprocesspaypalstandard IPN handler selecting its PayPal validation endpoint from the attacker-controlled $REQUEST'testipn...

5.3CVSS6.1AI score0.00177EPSS
Exploits0References10
NVD
NVD
added 2026/07/10 5:16 a.m.10 views

CVE-2026-15282

The Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'insappuploadimageasattachment' function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

9.8CVSS0.00744EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/07/10 4:31 a.m.38 views

CVE-2026-15282 Instant Appointment <= 1.2 - Unauthenticated Arbitrary File Upload

The Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'insappuploadimageasattachment' function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

9.8CVSS0.00744EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/07/10 4:31 a.m.7 views

CVE-2026-15282

The Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'insappuploadimageasattachment' function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

9.8CVSS6.7AI score0.00744EPSS
Exploits1References5
CVE
CVE
added 2026/07/10 4:31 a.m.17 views

CVE-2026-15282

The Instant Appointment plugin for WordPress (affected versions up to 1.2) is vulnerable to arbitrary file uploads due to missing file type validation in the insapp_upload_image_as_attachment function. This allows unauthenticated attackers to upload arbitrary files to the server, with a potential...

9.8CVSS6.7AI score0.00744EPSS
Exploits1References4
EUVD
EUVD
added 2026/07/10 4:31 a.m.7 views

EUVD-2026-42790

The Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'insappuploadimageasattachment' function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

9.8CVSS6.7AI score0.00744EPSS
Exploits1References4
Patchstack
Patchstack
added 2026/07/08 12:54 p.m.5 views

WordPress Instant Image Generator plugin <= 2.1.4 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by ParkHyunWoo in WordPress Plugin Instant Image Generator versions = 2.1.4...

6.4CVSS6.1AI score0.00168EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/07/07 8:16 p.m.7 views

CVE-2026-44877

An unauthenticated remote disclosure vulnerability has been identified in HPE Networking Instant On 1830, 1930, and 1960 Switches. Successful exploitation of this vulnerability could allow an unauthenticated remote threat actor to access sensitive cryptographic secrets on a vulnerable system...

6.5CVSS0.00277EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/07 7:3 p.m.32 views

CVE-2026-44877 Unauthenticated Remote Disclosure of Cryptographic Secrets

An unauthenticated remote disclosure vulnerability has been identified in HPE Networking Instant On 1830, 1930, and 1960 Switches. Successful exploitation of this vulnerability could allow an unauthenticated remote threat actor to access sensitive cryptographic secrets on a vulnerable system...

6.5CVSS0.00277EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/07 7:3 p.m.5 views

EUVD-2026-42075

An unauthenticated remote disclosure vulnerability has been identified in HPE Networking Instant On 1830, 1930, and 1960 Switches. Successful exploitation of this vulnerability could allow an unauthenticated remote threat actor to access sensitive cryptographic secrets on a vulnerable system...

6.5CVSS5.9AI score0.00277EPSS
Exploits0References1
CVE
CVE
added 2026/07/07 7:3 p.m.14 views

CVE-2026-44877

CVE-2026-44877 affects HPE Networking Instant On 1830, 1930, and 1960 switches. It is described as an unauthenticated remote disclosure vulnerability that could allow a remote attacker to access sensitive cryptographic secrets on a vulnerable system. CVSS‑3.1 metrics indicate Network access, Low ...

6.5CVSS5.9AI score0.00277EPSS
Exploits0References1
HPE Security Bulletins
HPE Security Bulletins
added 2026/07/07 12:0 a.m.6 views

HPESBNW05038 rev.1 - HPE Networking Instant On Switch Remote Unauthenticated Disclosure of Cryptographic Secrets

Potential Security Impact: Local: Access Restriction Bypass SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. Aruba Instant On 1930 Switch Series - Please refer to the Vulnerability Summary for Affected Version Information Affected Products HPE Networking Instant On 1830, 1930, and...

6.5CVSS6.1AI score0.00277EPSS
Exploits0
NVD
NVD
added 2026/07/06 9:16 p.m.9 views

CVE-2026-42341

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have an unauthenticated payment bypass vulnerability in FOSSBilling's IPN callback endpoint. When the Custom payment adapter is enabled, an attacker can mark any unpaid invoice as paid and credit...

9.2CVSS0.00184EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 8:53 p.m.37 views

CVE-2026-42341 FOSSBilling has an unauthenticated payment bypass via IPN callback forgery

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have an unauthenticated payment bypass vulnerability in FOSSBilling's IPN callback endpoint. When the Custom payment adapter is enabled, an attacker can mark any unpaid invoice as paid and credit...

9.2CVSS0.00184EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/06 2:23 p.m.5 views

WordPress Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More plugin <= 2.2.0 - Other Vulnerability Type vulnerability

Other Vulnerability Type vulnerability discovered by dodoh4t in WordPress Plugin Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More versions = 2.2.0...

6.5CVSS5.9AI score0.00255EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:4 a.m.6 views

CVE-2026-10745

Improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privilege Access on Windows allows Log Injection-Tampering-Forging. This issue affects upKeeper Instant Privilege Access: through 1.6.1...

7.9CVSS5.9AI score0.00264EPSS
Exploits0References2
Rows per page
Query Builder