Lucene search
+L

52 matches found

Nuclei
Nuclei
added yesterday32 views

LumisXP - Cross-site Scripting

A cross-site scripting XSS vulnerability in the XsltResultControllerHtml.jsp component of LumisXP v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via the lumPageID parameter. id: CVE-2024-33326 info: name: LumisXP - Cross-site Scripting author: 0xr2r severity: medium...

6.1CVSS5.3AI score0.0081EPSS
Exploits1References3
NVD
NVD
added 2026/07/10 5:16 a.m.7 views

CVE-2026-15284

The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formpageid' parameter in versions up to, and including, 51.1.62 This is due to insufficient input sanitization in the addtosubmissions function, which applies sanitizetextfield which preserves...

6.4CVSS0.00307EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/07/10 4:31 a.m.6 views

CVE-2026-15284

The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formpageid' parameter in versions up to, and including, 51.1.62 This is due to insufficient input sanitization in the addtosubmissions function, which applies sanitizetextfield which preserves...

6.4CVSS6.1AI score0.00307EPSS
Exploits0References11
EUVD
EUVD
added 2026/07/10 4:31 a.m.6 views

EUVD-2026-42793

The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formpageid' parameter in versions up to, and including, 51.1.62 This is due to insufficient input sanitization in the addtosubmissions function, which applies sanitizetextfield which preserves...

6.4CVSS6.1AI score0.00307EPSS
Exploits0References10
CVE
CVE
added 2026/07/10 4:31 a.m.10 views

CVE-2026-15284

The King Addons for Elementor plugin (WordPress) has a Stored Cross-Site Scripting vulnerability affecting versions up to 51.1.62 via the form_page_id parameter. The root cause is insufficient input sanitization in add_to_submissions() (sanitize_text_field() preserves quotes) combined with missin...

6.4CVSS6.1AI score0.00307EPSS
Exploits0References10
CVE
CVE
added 2026/07/01 7:53 a.m.16 views

CVE-2026-10096

The Qi Blocks WordPress plugin is vulnerable to Insecure Direct Object Reference in all versions up to and including 1.4.9 via the page_id parameter. Authenticated users with author-level access can modify stored Qi Blocks styles on arbitrary posts, templates, or widgets, including site-wide surf...

4.3CVSS5.9AI score0.00196EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/03 12:30 a.m.14 views

EUVD-2026-34055

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/02 11:27 p.m.47 views

CVE-2026-9732 EmergencyWP <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...

4.3CVSS0.00128EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/23 6:30 p.m.13 views

EUVD-2018-21862

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to product.php with union-based SQL injection payloads in the id parameter to extract...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
NVD
NVD
added 2026/04/28 1:19 p.m.7 views

CVE-2026-7269

A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /index.php?page=product. Performing a manipulation of the argument ID results in cross site scripting. It is possible to initiate the attack remotely. The exploit has...

4.8CVSS0.0021EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/27 1:45 p.m.3 views

CVE-2026-7129 SourceCodester Pharmacy Sales and Inventory System index.php cross site scripting

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /index.php?page=categories. Performing a manipulation of the argument ID results in cross site scripting. The attack is possible to be carried out remotely. The...

5.3CVSS3.7AI score0.00263EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/27 10:15 a.m.6 views

CVE-2026-7114

A vulnerability was determined in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilize...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.8 views

PT-2026-6746

Name of the Vulnerable Software and Affected Versions SourceCodester Medical Center Portal Management System version 1.0 Description A flaw exists in SourceCodester Medical Center Portal Management System 1.0 that allows for SQL injection. The issue is located in the /emp edit1.php file,...

7.5CVSS5.7AI score0.00416EPSS
Exploits1References7
EUVD
EUVD
added 2025/12/23 12:30 a.m.7 views

EUVD-2023-60237

Atom CMS 2.0 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries through unvalidated parameters. Attackers can inject malicious SQL code in the 'id' parameter of the admin index page to execute time-based blind SQL injection attacks...

9.3CVSS8AI score0.00405EPSS
Exploits1References4
OSV
OSV
added 2025/12/17 5:15 p.m.5 views

CVE-2025-67285

A SQL injection vulnerability was found in the '/cts/admin/?page=zone' file of ITSourcecode COVID Tracking System Using QR-Code v1.0. The reason for this issue is that attackers inject malicious code from the parameter 'id' and use it directly in SQL queries without the need for appropriate...

7.3CVSS5.8AI score0.00177EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/24 9:33 p.m.10 views

CVE-2025-13569

A vulnerability has been found in itsourcecode COVID Tracking System 1.0. Affected is an unknown function of the file /admin/?page=city. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used...

8.8CVSS7AI score0.00276EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2006-1628

Malware in sbrugna...

7.5CVSS6.4AI score0.04274EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-31466

Malicious code in bioql PyPI...

9.8CVSS7.5AI score0.00456EPSS
Exploits1References6
OSV
OSV
added 2024/12/14 7:15 a.m.3 views

CVE-2024-11713

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'pageid' parameter of the wpjobportaldeactivate function in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied...

4.9CVSS5.8AI score0.0046EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/12/14 12:0 a.m.5 views

WordPress plugin WP Job Portal SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

4.9CVSS8.8AI score0.0046EPSS
Exploits0References3
Rows per page
Query Builder