Lucene search
K

1043 matches found

Nuclei
Nuclei
added yesterday32 views

Store Locator WordPress < 1.4.13 - Cross-Site Scripting

The Store Locator WordPress plugin before 1.4.13 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2023-4151 info: name: Store Locator...

6.1CVSS6.4AI score0.00645EPSS
Exploits1References2
Nuclei
Nuclei
added 3 days ago66 views

ColumbiaSoft DocumentLocator - Improper Authentication

Instances of ColumbiaSoft's Document Locator prior to version 7.2 SP4 and 2021.1 are vulnerable to an Improper Authentication/SSRF vulnerability. This template identifies vulnerable instances of the ColumbiaSoft Document Locater application by confirming external DNS interaction/lookups by...

9.8CVSS7.4AI score0.61043EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/26 11:18 p.m.22 views

pnpm: Manifest identity spoof satisfies allowBuilds and runs attacker lifecycle

Summary Keep build approval for opaque dependency sources byte-exact for GHSA-5wx6-mg75-v57r / CAND-PNPM-123. Merged upstream commit bf1b731ee6 fixed the original name-only approval bypass by making build policy consume the resolved dependency identity. One collision remained: the generic...

8.8CVSS5.8AI score0.00118EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2026/06/25 6:16 p.m.7 views

CVE-2026-55487

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix normalizer also stripped parenthesized text from git, URL, tarball, file, and other opaque locators. Approval for one source string could therefore authorize a different attacker-controlled source whose locator...

8.8CVSS0.00118EPSS
Exploits1References1
CVE
CVE
added 2026/06/25 4:41 p.m.14 views

CVE-2026-55487

CVE-2026-55487 affects pnpm. Prior to versions 10.34.2 and 11.5.3, the generic peer-suffix normalizer could strip parenthesized text from git, URL, tarball, file, and other opaque locators, allowing approval for one source string to authorize an attacker-controlled source whose locator normalizes...

8.8CVSS5.9AI score0.00118EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/06/25 4:41 p.m.26 views

CVE-2026-55487 pnpm: manifest identity spoof satisfies allowBuilds and runs attacker lifecycle

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix normalizer also stripped parenthesized text from git, URL, tarball, file, and other opaque locators. Approval for one source string could therefore authorize a different attacker-controlled source whose locator...

7.5CVSS0.00118EPSS
Exploits1References1
Patchstack
Patchstack
added 2026/06/23 2:2 p.m.4 views

WordPress Themify Store Locator plugin <= 1.2.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Themify Store Locator versions = 1.2.0...

8.8CVSS5.9AI score0.00309EPSS
Exploits0Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Zabbix

The URL validation scheme receives input from a user and then parses it to identify its various components. This validation scheme ensures that all URL components comply with internet standards...

5.7CVSS5.6AI score0.00467EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Thunderbird, Firefox

The Content-Security-Policy-Report-Only header could allow an attacker to leak the unredacted URI of a child iframe when interaction with that iframe triggers a redirect. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

6.5CVSS7AI score0.00672EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/06/18 2:0 p.m.9 views

Microsoft 365 Copilot's Business Chat Elevation of Privilege Vulnerability

Url redirection to untrusted site 'open redirect' in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network...

8.8CVSS5.8AI score0.00408EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/17 4:28 p.m.19 views

CVE-2026-20178

A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to a malicious webpage. Cisco has addressed this vulnerability in the Cisco Webex App, and no customer action is needed. This vulnerability existed due to...

4.3CVSS0.00202EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 12:31 a.m.12 views

EUVD-2026-36669

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a local environment...

5.3CVSS5.4AI score0.00105EPSS
Exploits0References6
NVD
NVD
added 2026/06/13 7:16 a.m.18 views

CVE-2026-9062

The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-privileged users such as administrators to read arbitrary .php files from the server, including configuration files that contain database credentials and authentication keys...

3.4CVSS0.00248EPSS
Exploits0References1
NVD
NVD
added 2026/06/13 7:16 a.m.14 views

CVE-2026-9061

The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storing it and outputting it on the Store Locator WordPress plugin before 1.6.9 admin page, allowing high-privileged users such as administrators to perform Stored Cross-Site Scripting attacks...

3.5CVSS0.00145EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/13 6:0 a.m.29 views

CVE-2026-9061 Agile Store Locator < 1.6.9 - Admin+ Stored XSS via logo_name

The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storing it and outputting it on the Store Locator WordPress plugin before 1.6.9 admin page, allowing high-privileged users such as administrators to perform Stored Cross-Site Scripting attacks...

0.00145EPSS
Exploits0References1
CVE
CVE
added 2026/06/13 6:0 a.m.19 views

CVE-2026-9061

CVE-2026-9061 affects the Store Locator WordPress plugin prior to 1.6.9. The description in the provided documents states that store logo metadata is not sanitized/escaped before storage and output on the admin page, allowing high-privilege users (e.g., administrators) to perform a Stored XSS att...

3.5CVSS5.3AI score0.00145EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/13 6:0 a.m.7 views

CVE-2026-9062 Agile Store Locator < 1.6.9 - Admin+ Arbitrary File Read via Path Traversal

The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-privileged users such as administrators to read arbitrary .php files from the server, including configuration files that contain database credentials and authentication keys...

5.5AI score0.00248EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/13 6:0 a.m.9 views

EUVD-2026-36644

The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-privileged users such as administrators to read arbitrary .php files from the server, including configuration files that contain database credentials and authentication keys...

5.5AI score0.00248EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/13 6:0 a.m.7 views

CVE-2026-9061 Agile Store Locator < 1.6.9 - Admin+ Stored XSS via logo_name

The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storing it and outputting it on the Store Locator WordPress plugin before 1.6.9 admin page, allowing high-privileged users such as administrators to perform Stored Cross-Site Scripting attacks...

5.2AI score0.00145EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/13 6:0 a.m.10 views

EUVD-2026-36643

The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storing it and outputting it on the Store Locator WordPress plugin before 1.6.9 admin page, allowing high-privileged users such as administrators to perform Stored Cross-Site Scripting attacks...

5.3AI score0.00145EPSS
Exploits0References1
Rows per page
Query Builder