Lucene search
K

257 matches found

Nuclei
Nuclei
added yesterday88 views

PHP Jabbers Night Club Booking 1.0 - Cross Site Scripting

A vulnerability was found in PHP Jabbers Night Club Booking Software 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be initiated remotely. The identifier...

6.1CVSS4.3AI score0.05109EPSS
Exploits3References5
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.5 views

CVE-2026-1886

The Go Night Pro | WordPress Dark Mode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'go-night-pro-shortcode' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on the user-supplied 'margin'...

6.4CVSS6AI score0.00243EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/23 6:18 p.m.9 views

WordPress Go Night Pro | WordPress Dark Mode Plugin plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'margin' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'margin' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin Go Night Pro versions = 1.1.0...

6.4CVSS5.8AI score0.00243EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/21 6:30 a.m.6 views

EUVD-2026-13987

The Go Night Pro | WordPress Dark Mode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'go-night-pro-shortcode' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on the user-supplied 'margin'...

6.4CVSS6AI score0.00243EPSS
Exploits0References6
NVD
NVD
added 2026/03/21 4:16 a.m.5 views

CVE-2026-1886

The Go Night Pro | WordPress Dark Mode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'go-night-pro-shortcode' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on the user-supplied 'margin'...

6.4CVSS0.00243EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/21 3:26 a.m.2 views

CVE-2026-1886 Go Night Pro | WordPress Dark Mode Plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'margin' Shortcode Attribute

The Go Night Pro | WordPress Dark Mode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'go-night-pro-shortcode' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on the user-supplied 'margin'...

6.4CVSS6AI score0.00243EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/21 3:26 a.m.32 views

CVE-2026-1886 Go Night Pro | WordPress Dark Mode Plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'margin' Shortcode Attribute

The Go Night Pro | WordPress Dark Mode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'go-night-pro-shortcode' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on the user-supplied 'margin'...

6.4CVSS0.00243EPSS
Exploits0References5
CVE
CVE
added 2026/03/21 3:26 a.m.10 views

CVE-2026-1886

CVE-2026-1886 affects the Go Night Pro WordPress Dark Mode Plugin. The vulnerability is a Stored Cross-Site Scripting flaw in the go-night-pro-shortcode, due to insufficient input sanitization and output escaping of the user-supplied margin attribute. Affected versions are all up to and including...

6.4CVSS6AI score0.00243EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:26 a.m.3 views

CVE-2026-1886

The Go Night Pro | WordPress Dark Mode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'go-night-pro-shortcode' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on the user-supplied 'margin'...

6.4CVSS6AI score0.00243EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.9 views

PT-2026-26820

The Go Night Pro | WordPress Dark Mode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'go-night-pro-shortcode' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on the user-supplied 'margin'...

6.4CVSS6AI score0.00243EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.7 views

WordPress plugin Go Night Pro | WordPress Dark Mode Plugin 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.7AI score0.00243EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/06 7:54 a.m.6 views

CVE-2026-27340

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Apollo | Night Club, DJ Event WordPress Theme apollo allows PHP Local File Inclusion.This issue affects Apollo | Night Club, DJ Event WordPress Theme: from n/a throu...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/05 5:53 a.m.4 views

CVE-2026-27340

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Apollo | Night Club, DJ Event WordPress Theme apollo allows PHP Local File Inclusion.This issue affects Apollo | Night Club, DJ Event WordPress Theme: from n/a throu...

5.9AI score0.00403EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/05 5:53 a.m.35 views

CVE-2026-27340 WordPress Apollo | Night Club, DJ Event WordPress Theme theme <= 1.3.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Apollo | Night Club, DJ Event WordPress Theme apollo allows PHP Local File Inclusion.This issue affects Apollo | Night Club, DJ Event WordPress Theme: from n/a throu...

8.1CVSS0.00403EPSS
Exploits0References1
CVE
CVE
added 2026/03/05 5:53 a.m.13 views

CVE-2026-27340

CVE-2026-27340 refers to an Local File Inclusion (LFI) vulnerability in AncoraThemes Apollo | Night Club, DJ Event WordPress Theme affecting versions through 1.3.1. The issue stems from improper control of filenames in PHP include/require statements, enabling inclusion of local files. Public sour...

8.1CVSS5.9AI score0.00403EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/05 5:53 a.m.3 views

CVE-2026-27340 WordPress Apollo | Night Club, DJ Event WordPress Theme theme <= 1.3.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Apollo | Night Club, DJ Event WordPress Theme apollo allows PHP Local File Inclusion.This issue affects Apollo | Night Club, DJ Event WordPress Theme: from n/a throu...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.8 views

PT-2026-23234

Name of the Vulnerable Software and Affected Versions AncoraThemes Apollo | Night Club, DJ Event WordPress Theme versions through 1.3.1 Description The AncoraThemes Apollo | Night Club, DJ Event WordPress Theme contains a flaw related to improper control of filename for include/require statements...

5.8AI score0.00403EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/02/25 12:27 p.m.6 views

WordPress Apollo | Night Club, DJ Event WordPress Theme theme <= 1.3.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Apollo | Night Club, DJ Event WordPress Theme versions = 1.3.1...

8.1CVSS5.9AI score0.00403EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/26 4:32 a.m.4 views

CVE-2026-1419 D-Link DCS700l Web Form setDayNightMode command injection

A weakness has been identified in D-Link DCS700l 1.03.09. Affected is an unknown function of the file /setDayNightMode of the component Web Form Handler. Executing a manipulation of the argument LightSensorControl can lead to command injection. The attack may be launched remotely. The exploit has...

5.8CVSS5.6AI score0.15138EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/01/26 4:32 a.m.4 views

CVE-2026-1419

A weakness has been identified in D-Link DCS700l 1.03.09. Affected is an unknown function of the file /setDayNightMode of the component Web Form Handler. Executing a manipulation of the argument LightSensorControl can lead to command injection. The attack may be launched remotely. The exploit has...

5.8CVSS5.6AI score0.15138EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder