58788 matches found
CVE-2026-1784
creationtimestamp| type| source ---|---|--- 2026-06-02 09:58:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mncdgtintd2j 2026-06-04 10:00:25+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnheii7v7r2n...
CVE-2026-2382
creationtimestamp| type| source ---|---|--- 2026-06-02 09:48:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnccuwk3q324...
CVE-2025-5085
The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrolelink’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2025-5085
creationtimestamp| type| source ---|---|--- 2026-06-02 09:07:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mncahxfd6b2w 2026-06-03 07:15:25+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mneksk7tcn2t...
EUVD-2026-33891
The hiWeb Migration Simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'newdomain' parameter in all versions up to, and including, 2.0.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
EUVD-2025-210029
The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrolelink’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2025-5085 wp-nano-ad <= 1.31 - Authenticated (Administrator+) Stored Cross-Site Scripting via blogrole_link Parameter
The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrolelink’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2025-5085
The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrolelink’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2026-10566
creationtimestamp| type| source ---|---|--- 2026-06-02 05:36:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnbupmoxoy2b...
CVE-2026-10529
creationtimestamp| type| source ---|---|--- 2026-06-02 05:24:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnbu5ppuib2c...
CVE-2026-10548
creationtimestamp| type| source ---|---|--- 2026-06-02 05:06:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnbt5gaofz22...
CVE-2026-3871
creationtimestamp| type| source ---|---|--- 2026-06-02 05:03:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnbsxh4jly2j...
CVE-2026-10100
creationtimestamp| type| source ---|---|--- 2026-06-02 04:52:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnbsehigoh22...
CVE-2026-3198
creationtimestamp| type| source ---|---|--- 2026-06-02 04:48:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnbs4zpp6f2f...
CVE-2026-10581
A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and...
CVE-2026-10510
creationtimestamp| type| source ---|---|--- 2026-06-02 03:01:39+00:00| seen| https://infosec.exchange/users/offseq/statuses/116678277579231176...
EUVD-2026-33878
A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and...
CVE-2026-25258
creationtimestamp| type| source ---|---|--- 2026-06-02 00:41:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnbe7zcwhy2z...
EUVD-2026-33799
In approvalLevelForDomainInternal of DomainVerificationService.java, there is a possible way to hijack an arbitrary app link due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
PT-2026-45698
The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrole link’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...