Lucene search
+L

1675 matches found

Nuclei
Nuclei
added 5 hours ago80 views

Wordpress Multiple Themes - Reflected Cross-Site Scripting

All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2,...

6.1CVSS6.9AI score0.00972EPSS
Exploits2References3
Nuclei
Nuclei
added 5 hours ago13 views

Guten Free Options - Cross Site Scripting

Guten Free Options WordPress plugin = 0.9.5 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to click malicious link. id: CVE-2024-13492 info: name: Guten Free...

6.1CVSS8AI score0.00563EPSS
Exploits1References1
Nuclei
Nuclei
added 5 hours ago12 views

Giga Messenger WordPress - Cross-Site Scripting

Giga Messenger WordPress plugin = 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

6.1CVSS8AI score0.00562EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-8075

Mattermost Desktop App versions =6.2 5.5.13 6.0.2.0 fail to properly null check when checking for headers in the Mattermost Desktop App which allows any user to crash another channel members Desktop App via posting a malicious link with an embedded image that misses one of those headers. Mattermo...

6.5CVSS5.3AI score
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-45157

Mattermost Desktop App versions =6.2 5.5.13 6.0.2.0 fail to properly null check when checking for headers in the Mattermost Desktop App which allows any user to crash another channel members Desktop App via posting a malicious link with an embedded image that misses one of those headers. Mattermo...

6.5CVSS5.3AI score
Exploits0References1
NCSC
NCSC
added yesterday12 views

vulnerabilities present in Microsoft Office

Microsoft has uncovered vulnerabilities in various Office products, such as Word, Excel, PowerPoint, and SharePoint. A malicious individual can exploit these vulnerabilities to carry out attacks that can cause various types of damage, as listed in the table below. For successful exploitation, the...

9.8CVSS7AI score0.20346EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-44527

CAI Content Credentials is affected by a Server-Side Request Forgery SSRF vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access o...

8.2CVSS6.4AI score0.00177EPSS
Exploits0References2
NVD
NVD
added 4 days ago4 views

CVE-2026-48000

Adobe Commerce is affected by an Improper Redirect Open Redirect vulnerability that could result in a Security feature bypass. An attacker could construct a malicious URL that redirects a victim to an attacker-controlled site, potentially enabling credential theft and account takeover. Exploitati...

6.1CVSS0.00353EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-48000 Adobe Commerce | URL Redirection to Untrusted Site ('Open Redirect') (CWE-601)

Adobe Commerce is affected by an Improper Redirect Open Redirect vulnerability that could result in a Security feature bypass. An attacker could construct a malicious URL that redirects a victim to an attacker-controlled site, potentially enabling credential theft and account takeover. Exploitati...

4.3CVSS0.00353EPSS
Exploits0References1
CVE
CVE
added 4 days ago8 views

CVE-2026-48000

CVE-2026-48000 affects Adobe Commerce and is an open redirect vulnerability in the URL redirection logic. The underlying issue is an improper redirect that can bypass a security feature and potentially lead to credential theft or account takeover if a user clicks a malicious link. Exploitation re...

6.1CVSS6.1AI score0.00353EPSS
Exploits0References1Affected Software1
NVD
NVD
added 4 days ago7 views

CVE-2026-44745

SAP Approuter does not properly validate incoming request headers during the OAuth2 login flow under certain configurations. This allows an unauthenticated remote attacker to craft a malicious link which, when clicked by a victim, could lead to unauthorized access. Successful exploitation results...

8.1CVSS0.00331EPSS
Exploits0References2
CVE
CVE
added 2026/07/09 7:3 p.m.12 views

CVE-2026-0281

CVE-2026-0281 describes an information-disclosure vulnerability in Palo Alto Networks PAN-OS. An unauthenticated attacker with network access to the management web interface can obtain web session tokens, but exploitation requires a legitimate user to click a malicious link. Affected products inc...

7.1CVSS6AI score0.00278EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/09 7:3 p.m.9 views

CVE-2026-0281

An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to obtain web session tokens. This requires a legitimate user to first click on a malicious link provided by the attacker. The...

5.9CVSS6AI score0.00278EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/07/01 8:45 p.m.5 views

GHSA-HX4V-CXPF-VH8M Rancher Fleet has SSRF in Bundle Reader via Unvalidated Helm Repository URL in fleet.yaml

Impact A vulnerability has been identified in Fleet when the helmRepoURLRegex field isn't set on a GitRepo resource. Fleet's bundle reader forwards Helm authentication credentials BasicAuth to any URL specified in the helm.repo field of a fleet.yaml file. An attacker with git push access to a...

5CVSS5.8AI score0.00386EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 4:16 p.m.9 views

CVE-2026-48307

ColdFusion versions 2025.9, 2023.20 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially resulting in arbitrary code execution in the context of the current user...

8.8CVSS0.00314EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 3:11 p.m.45 views

CVE-2026-48307 ColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially resulting in arbitrary code execution in the context of the current user...

8.8CVSS0.00314EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/30 3:11 p.m.8 views

CVE-2026-48307

ColdFusion versions 2025.9, 2023.20 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially resulting in arbitrary code execution in the context of the current user...

8.8CVSS6.4AI score0.00314EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/30 11:12 a.m.6 views

PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation

A flaw was found in PHP, specifically within the PHP-FPM status page. Due to improper sanitation of user data, a remote attacker can craft a malicious URL. When a user views the PHP-FPM status page with this crafted URL, it can lead to the execution of arbitrary JavaScript code Cross-Site Scripti...

8.8CVSS6.2AI score0.0021EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/29 12:33 p.m.8 views

EUVD-2026-40084

A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDo...

8.8CVSS6.1AI score0.00292EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/22 11:16 p.m.11 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the navigateTo open option. An attacker can execute arbitrary scripts in the application's origin by supplying a crafted open parameter containing a script-capable URL. Details Cross-site scripting or XSS is...

9.6CVSS5.9AI score0.00234EPSS
Exploits0References2
Rows per page
Query Builder