Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
đŸ”„ Daily Hot!
đŸ’ȘđŸœ CPE Enhanced Advisories
đŸ•¶ Shadow Exploits
đŸ•”đŸŒ Vulners CPE
🔐 Security news
đŸ’» Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
đŸ€– AI High Score
📰 CVE Feed
show all

3 matches found

Patchstack
Patchstack‱added 2024/04/08 5:20 a.m.‱6 views

WordPress Photo Gallery by 10Web plugin <= 1.8.21 - Authenticated (Admin+) Stored Cross-Site Scripting via SVG vulnerability

Authenticated Admin+ Stored Cross-Site Scripting via SVG vulnerability discovered by Jobert Krohnen in WordPress Plugin Photo Gallery by 10Web versions = 1.8.21...

5.5CVSS5.8AI score0.00191EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One‱added 2020/01/21 2:36 p.m.‱251 views

h1-ctf: [h1-415 2020] @_bayotop h1-415-ctf writeup

TL;DR: Thanks for the challenge! 1. Abusing account recovery via QR codes to get access to [email protected]. 2. Blind XSS in /support/review/ including CSP bypass. 3. Missing input sanitization on name parameter when POSTing to /support/review/. 4. Access to remote debugging port on local...

6.2AI score
Exploits0
Hacker One
Hacker One‱added 2018/09/13 11:50 a.m.‱8 views

GitLab: Bypass of GitLab CI runner slash fix in YAML validation

Hi Gitlab Security, I notice the bug 301432 that Jobert reported earlier is could be bypassed by setting variable in environment. The reason is that the fix in place preventing url normalization is performed by doing the YAML validation, however this could be bypassed by setting the environment...

Exploits0
Rows per page
Query Builder