Lucene search
K

10421 matches found

Nuclei
Nuclei
added yesterday15 views

All Thrive Themes and Plugins - Unauthenticated Option Update

The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin...

5.3CVSS6.2AI score0.02076EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday18 views

Custom Product Tabs for WooCommerce < 1.7.8 - Unauthenticated Toggle Content Setting Update

YIKES Inc. Custom Product Tabs for WooCommerce plugin \u003C= 1.7.7 contains a broken access control caused by improper permission checks in &yikes-the-content-toggle option update, letting attackers modify content without authorization. id: CVE-2022-28666 info: name: Custom Product Tabs for...

5.3CVSS6.1AI score0.01226EPSS
Exploits1References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-41448

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS Tigerpaw Technology Integration module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13936. This issue affects Fireware O...

6.1CVSS5.7AI score0.00156EPSS
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-41449

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS ConnectWise Technology Integration module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13937. This issue affects Firewar...

6.1CVSS5.7AI score0.00156EPSS
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-41450

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS Autotask Technology Integration module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13938. This issue affects Fireware O...

6.1CVSS5.7AI score0.00156EPSS
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-13374

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS ConnectWise Technology Integration module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13937. This issue affects Firewar...

4.8CVSS
Exploits0References1
CVE
CVE
added 2 days ago9 views

CVE-2026-13375

WatchGuard Fireware OS Autotask Technology Integration module is affected by CVE-2026-13375, a Stored XSS vulnerability. Affected versions are Fireware OS 12.4–12.12, 12.5–12.5.18, and 2025.1–2026.2. Attack vector is NETWORK with low attack complexity and high privileges required; user interactio...

4.8CVSS5.7AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago5 views

CVE-2026-13375

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS Autotask Technology Integration module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13938. This issue affects Fireware O...

4.8CVSS5.7AI score
Exploits0References2Affected Software1
CVE
CVE
added 2 days ago7 views

CVE-2026-13374

CVE-2026-13374 is a stored XSS vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module). It affects Fireware OS versions 12.4–12.12, 12.5–12.5.18, and 2025.1–2026.2. The issue stems from improper neutralization of input during web page generation, allowing stored cross-...

4.8CVSS5.7AI score
Exploits0References1
Cvelist
Cvelist
added 2 days ago13 views

CVE-2026-13374 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in ConnectWise Technology Integration Configuration

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS ConnectWise Technology Integration module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13937. This issue affects Firewar...

4.8CVSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-13373

WatchGuard Fireware OS Tigerpaw Technology Integration module is affected by CVE-2026-13373, exposing a Stored Cross-Site Scripting (XSS) vulnerability. The issue arises from improper neutralization of input during web page generation, enabling stored XSS in affected Fireware versions: 12.4–12.12...

4.8CVSS5.7AI score
Exploits0References1
Nuclei
Nuclei
added 2 days ago18 views

GitLab CI Lint API - Server-Side Request Forgery

GitLab 10.5 and later contain a server-side request forgery caused by insecure handling of webhook requests, letting unauthenticated attackers exploit the server for arbitrary requests, exploit requires sending crafted webhook requests. id: CVE-2021-22175 info: name: GitLab CI Lint API -...

9.8CVSS7.7AI score0.53372EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-11600

The Envo's Templates & Widgets for Elementor and WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing authorization check on the Envo Tabs and Off Canvas widget's template rendering in versions up to, and including, 1.4.26. The render method of the Tabs...

4.3CVSS5.7AI score0.00223EPSS
Exploits0References9
CVE
CVE
added 3 days ago8 views

CVE-2026-58592

Vulnerability summary (CVE-2026-58592, Ladybird): A dangling-reference memory-safety flaw in Ladybird’s WebAssembly ESM integration loader. When a JavaScript function is imported into a WebAssembly module via the ESM path, WebAssemblyModule.cpp passes a stack-local Wasm::FunctionType by reference...

8.9CVSS6.4AI score0.00311EPSS
Exploits0References3
NVD
NVD
added 3 days ago5 views

CVE-2026-13603

The payment integration pretix-oppwa provides support for the payment providers VR Payment, Hobex, and potentially others based on Oppwa's technology. The integration of Oppwa, following their official documentation, includes a step where the user is redirected from the payment provider back to o...

10CVSS0.00253EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-13603

The payment integration pretix-oppwa provides support for the payment providers VR Payment, Hobex, and potentially others based on Oppwa's technology. The integration of Oppwa, following their official documentation, includes a step where the user is redirected from the payment provider back to o...

10CVSS5.8AI score0.00253EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-40958

The payment integration pretix-oppwa provides support for the payment providers VR Payment, Hobex, and potentially others based on Oppwa's technology. The integration of Oppwa, following their official documentation, includes a step where the user is redirected from the payment provider back to o...

10CVSS5.8AI score0.00253EPSS
Exploits0References1
CVE
CVE
added 3 days ago11 views

CVE-2026-13228

The vulnerability CVE-2026-13228 affects the LatePoint – Calendar Booking Plugin for Appointments and Events (WordPress). An Insecure Direct Object Reference (IDOR) in OsOrdersController.create_or_update enables an authenticated Agent (low privileges) to specify an arbitrary order[customer_id] an...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References7
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-11387 SMS Alert <= 3.9.5 - Unauthenticated Privilege Escalation via Arbitrary Password Reset

The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.9.5. This is due to the plugin not properly validating a user's identity prior to updati...

9.8CVSS0.0038EPSS
Exploits1References8
Cvelist
Cvelist
added 3 days ago37 views

CVE-2026-11794 Advanced Form Integration < 2.1.1 - Unauthenticated Privilege Escalation via Breakdance Form Role Mapping

The Advanced Form Integration — Connect Forms to 200+ Apps WordPress plugin before 2.1.1 does not restrict the WordPress role assigned when it creates a user from a public form submission, allowing unauthenticated visitors to create an administrator account when an active integration maps the use...

0.00236EPSS
Exploits0References1
Rows per page
Query Builder