Lucene search
K

8766 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/09 12:0 a.m.5 views

Siemens RUGGEDCOM ROX II Improper Neutralization of Special Elements in Output Used By a Downstream Component (CVE-2024-56838)

Code injection can be achieved when the affected device is using VRF Virtual Routing and Forwarding. An attacker could leverage this scenario to execute arbitrary code as root user. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

8.6CVSS7.6AI score0.00367EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/09 12:0 a.m.4 views

Siemens RUGGEDCOM ROX II Improper Neutralization of Special Elements in Output Used By a Downstream Component (CVE-2024-56840)

Code injection can be achieved when the affected device is using VRF Virtual Routing and Forwarding. An attacker could leverage this scenario to execute arbitrary code as root user. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

7.5CVSS7.6AI score0.00574EPSS
Exploits0References4
NVD
NVD
added 2026/01/08 10:15 a.m.13 views

CVE-2025-67932

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in purethemes Listeo Core listeo-core allows Reflected XSS.This issue affects Listeo Core: from n/a through 2.0.19...

7.1CVSS0.00146EPSS
Exploits0References1
NVD
NVD
added 2026/01/08 10:15 a.m.4 views

CVE-2025-12551

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e-plugins ListingHub listinghub allows Reflected XSS.This issue affects ListingHub: from n/a through 1.2.6...

7.1CVSS0.00175EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/08 9:17 a.m.2 views

CVE-2025-68874 WordPress Visitor Stats Widget plugin <= 1.5.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shahjada Visitor Stats Widget visitor-stats-widget allows Reflected XSS.This issue affects Visitor Stats Widget: from n/a through = 1.5.0...

6AI score0.00149EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/08 9:17 a.m.2 views

CVE-2025-67918 WordPress Woffice theme <= 5.4.30 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WofficeIO Woffice woffice allows Reflected XSS.This issue affects Woffice: from n/a through = 5.4.30...

7.1CVSS6AI score0.0018EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.4 views

Smb4K 参数注入漏洞

Smb4K is a KDE open source online neighborhood browser. Smb4K suffers from a parameter injection vulnerability that stems from improper parameter delimiter neutralization, which could lead to a local user performing an arbitrary uninstall operation...

6.9CVSS6.7AI score0.00144EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.3 views

WordPress plugin WP Virtual Assistant 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

7.1CVSS6.1AI score0.00222EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.3 views

WordPress plugin WP App Bar 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

7.1CVSS5.9AI score0.00149EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.9 views

PT-2026-2195

Name of the Vulnerable Software and Affected Versions pencilwp X Addons for Elementor versions through 1.0.23 Description An issue exists in pencilwp X Addons for Elementor that allows for DOM-Based Cross-site Scripting XSS. This is due to improper neutralization of input during web page...

6.5CVSS6.6AI score0.00175EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.5 views

Foomuuri 参数注入漏洞

Foomuuri is an open source firewall configuration generation and management tool from Foobar Oy. A parameter injection vulnerability exists in versions of Foomuuri prior to 0.31, which stems from improper JSON configuration neutralization and could lead to compromised firewall configuration...

7CVSS6.8AI score0.00171EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.4 views

WordPress plugin Famous 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

7.1CVSS6AI score0.00228EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.4 views

PT-2026-1926

Name of the Vulnerable Software and Affected Versions WP-BusinessDirectory versions through 3.1.5 Description The software contains an Improper Neutralization of Input During Web Page Generation issue, leading to a Reflected Cross-site Scripting XSS condition. This allows for the injection of...

7.1CVSS6.1AI score0.00194EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/07 12:37 p.m.2 views

CVE-2025-46494 WordPress WidgetKit Pro plugin <= 1.13.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themesgrove WidgetKit Pro allows Reflected XSS.This issue affects WidgetKit Pro: from n/a through 1.13.1...

7.1CVSS6AI score0.00146EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:15 a.m.22 views

CVE-2019-16151

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiOS 6.4.1 and below, 6.2.9 and below may allow a remote unauthenticated attacker to either redirect users to malicious websites via a crafted "Host" header or to execute JavaScript code in the victim's...

6.1CVSS7.6AI score0.00356EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:15 a.m.13 views

CVE-2019-16149

An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6.2.0 may allow a remote attacker to execute unauthorized code by injecting malicious payload in the user profile of a FortiClient instance being managed by the vulnerable system...

6.1CVSS7.7AI score0.00269EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:14 a.m.13 views

CVE-2024-2645

A vulnerability classified as problematic has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /vpnweb/resetpwd/resetpwd.php. The manipulation of the argument UserId leads to improper neutralization of data within xpath expressions. It is...

5.3CVSS5.4AI score0.00731EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:12 a.m.35 views

CVE-2025-1137

IBM Storage Scale 5.2.2.0 and 5.2.2.1, under certain configurations, could allow an authenticated user to execute privileged commands due to improper input neutralization...

8.8CVSS7.3AI score0.0034EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.3 views

Devolutions PowerShell Universal 安全漏洞

Devolutions PowerShell Universal is a comprehensive PowerShell platform from Devolutions Canada. A security vulnerability exists in Devolutions PowerShell Universal versions prior to 4.5.6 and prior to 5.6.13 that stems from improper input neutralization and could lead to a cross-site scripting...

6.1CVSS6AI score0.00152EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.7 views

PT-2026-1653

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themesgrove WidgetKit Pro allows Reflected XSS.This issue affects WidgetKit Pro: from n/a through 1.13.1...

7.1CVSS6.4AI score0.00146EPSS
Exploits0References2
Rows per page
Query Builder