Lucene search
K

58525 matches found

Nuclei
Nuclei
added 9 hours ago31 views

WordPress Simple Link Directory <7.7.2 - SQL injection

WordPress Simple Link Directory plugin before 7.7.2 contains a SQL injection vulnerability. The plugin does not validate and escape the postid parameter before using it in a SQL statement via the qcopdupvoteaction AJAX action, available to unauthenticated and authenticated users. An attacker can...

9.8CVSS7.4AI score0.76425EPSS
Exploits2References5
Nuclei
Nuclei
added 9 hours ago11 views

MaNGOSWebV4 < 4.0.8 - Cross-Site Scripting

paintballrefjosh/MaNGOSWebV4 4.0.8 contains a reflected XSS caused by unsanitized input in install/index.php step parameter, letting attackers execute arbitrary scripts in the victim's browser, exploit requires victim to visit a maliciously crafted URL id: CVE-2017-6478 info: name: MaNGOSWebV4...

6.1CVSS6.6AI score0.03588EPSS
Exploits6References4
Nuclei
Nuclei
added 9 hours ago16 views

TP-Link Archer A20 v3 Router - Cross-site Scripting

The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting XSS due to improper handling of directory listing paths in the web interface. When a specially crafted URL is visited, the router's web page renders the directory listing and executes arbitrary JavaScript embedded in the URL...

4.8CVSS6AI score0.07767EPSS
Exploits0References2
Nuclei
Nuclei
added 9 hours ago6 views

WordPress Broken Link Notifier < 1.3.1 - Unauthenticated SSRF

The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.0 via the ajaxblinks function which ultimately calls the checkurlstatuscode function. This makes it possible for unauthenticated attackers to make web requests to...

7.2CVSS5.9AI score0.02479EPSS
Exploits0References3
Nuclei
Nuclei
added 9 hours ago34 views

Wordpress Multiple Themes - Reflected Cross-Site Scripting

All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2,...

6.1CVSS6.9AI score0.02549EPSS
Exploits2References3
Nuclei
Nuclei
added 9 hours ago9 views

D-Link DIR-803 - Authentication Bypass

An authentication bypass vulnerability exists in D-Link DIR-803 routers firmware A1 1.04 and earlier. By manipulating the AUTHORIZEDGROUP parameter in /getcfg.php via newline injection, an attacker can retrieve XML configuration containing administrator credentials without authentication. id:...

7.5CVSS6AI score0.08991EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago9 views

Guten Free Options - Cross Site Scripting

Guten Free Options WordPress plugin = 0.9.5 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to click malicious link. id: CVE-2024-13492 info: name: Guten Free...

6.1CVSS7.2AI score0.02463EPSS
Exploits1References1
Nuclei
Nuclei
added 9 hours ago9 views

Zarinpal Paid Download - Reflected XSS

Zarinpal Paid Download WordPress plugin v2.3 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users such as admin, exploit requires...

6.1CVSS7.2AI score0.01706EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago7 views

Giga Messenger WordPress - Cross-Site Scripting

Giga Messenger WordPress plugin = 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

6.1CVSS7.2AI score0.02302EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 10 hours ago3 views

SUSE CVE-2026-46248

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: clear stale link mapping of ahvif-linksmap When an arvif is initialized in non-AP STA mode but MLO connection preparation fails before the arvif is created arvif-iscreated remains false, the error path attempts to...

5.8AI score
Exploits0References2
SUSE CVE
SUSE CVE
added 10 hours ago4 views

SUSE CVE-2026-46271

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: do WoW offloads only on primary link In case of multi-link connection, WCN7850 firmware crashes due to WoW offloads enabled on both primary and secondary links. Change to do it only on primary link to fix it...

5.8AI score
Exploits0References2
EUVD
EUVD
added 12 hours ago4 views

EUVD-2026-34189

An out-of-bounds read vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.12 allows an unauthenticated attacker within radio range to disclose a small amount of kernel heap memory or cause a Denial of Service kernel oops/panic via a...

5.7AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 12 hours ago4 views

CVE-2026-45282

A flaw was found in Nextcloud Server. An authenticated attacker, by knowing a share token and a document ID, could access attachments of link shares. This circumvents password protection or download restrictions, leading to the disclosure of sensitive information from attachments. Mitigation...

6.5CVSS5.6AI score0.00027EPSS
Exploits0References2
Circl
Circl
added 12 hours ago5 views

CVE-2026-35078

creationtimestamp| type| source ---|---|--- 2026-06-04 00:00:51+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mngcyeoy6b2f...

8.1CVSS5.8AI score
Exploits0References1
Circl
Circl
added yesterday3 views

GHSA-HG6J-4RV6-33PG

creationtimestamp| type| source ---|---|--- 2026-06-03 23:40:58+00:00| seen| https://gist.github.com/alon710/9df1d7e2f4cb5ed041eded527313ebbc...

5.8AI score
Exploits0References1
Circl
Circl
added yesterday4 views

GHSA-F9RX-7WF7-JR36

creationtimestamp| type| source ---|---|--- 2026-06-03 22:11:20+00:00| seen| https://gist.github.com/alon710/067712fc0b9798c132c204b55ab42a44...

5.8AI score
Exploits0References1
Circl
Circl
added yesterday2 views

GHSA-8X6R-G9MW-2R78

creationtimestamp| type| source ---|---|--- 2026-06-03 21:41:07+00:00| seen| https://gist.github.com/alon710/7cf799e784cb7e5d54b5d97af1f62323...

5.8AI score
Exploits0References1
Circl
Circl
added yesterday3 views

CVE-2026-42061

creationtimestamp| type| source ---|---|--- 2026-06-03 21:13:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnfzmjdcsq23...

7.3CVSS7.1AI score
Exploits0References1
Circl
Circl
added yesterday3 views

GHSA-2J2X-HQR9-3H42

creationtimestamp| type| source ---|---|--- 2026-06-03 21:10:57+00:00| seen| https://gist.github.com/alon710/c225f7d330b57c3901ac40c39f91bf81...

5.8AI score
Exploits0References1
Circl
Circl
added yesterday3 views

CVE-2026-50033

creationtimestamp| type| source ---|---|--- 2026-06-03 21:05:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnfz6353js2c...

7.3CVSS7.1AI score
Exploits0References1
Rows per page
Query Builder