Lucene search
K

1107 matches found

CVE
CVE
added 2026/05/07 11:45 p.m.20 views

CVE-2026-8117

CVE-2026-8117 concerns SourceCodester Pizzafy Ecommerce System 1.0. The issue arises from vulnerable handling of the argument in /admin/index.php , allowing cross-site scripting (XSS) via manipulated input. The attack can be carried out remotely and the exploit has been publicly disclosed. The co...

5.3CVSS4.2AI score0.00269EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/06 2:21 p.m.8 views

CVE-2026-6704

The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS6AI score0.00211EPSS
Exploits0References1
CVE
CVE
added 2026/05/05 7:0 p.m.10 views

CVE-2026-7856

CVE-2026-7856 affects D-Link DI-8100 Web Management Interface; a buffer overflow in /url_member.asp when manipulating the Name parameter can be triggered remotely. An exploit has been published; details on remediation/patch are not provided in the available documents.

8.6CVSS7.5AI score0.04589EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/05/05 3:31 a.m.13 views

EUVD-2026-27209

The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS6AI score0.00211EPSS
Exploits0References5
NVD
NVD
added 2026/05/05 3:16 a.m.31 views

CVE-2026-6704

The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS0.00211EPSS
Exploits0References4
CVE
CVE
added 2026/05/05 2:26 a.m.15 views

CVE-2026-6704

CVE-2026-6704 affects the WordPress WordPress Blog Settings plugin. It is vulnerable to a reflected Cross-Site Scripting attack via the 'page' parameter in all versions up to 1.0 due to insufficient input sanitization and output escaping. The weakness allows unauthenticated attackers to craft a l...

6.1CVSS6AI score0.00211EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/05 2:26 a.m.54 views

CVE-2026-6704 Blog Settings <= 1.0 - Reflected Cross-Site Scripting via 'page' Parameter

The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS0.00211EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/05 2:26 a.m.9 views

CVE-2026-6704 Blog Settings <= 1.0 - Reflected Cross-Site Scripting via 'page' Parameter

The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS6AI score0.00211EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/05 2:26 a.m.7 views

CVE-2026-6704

The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS6AI score0.00211EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.14 views

PT-2026-36961

Name of the Vulnerable Software and Affected Versions Blog Settings plugin for WordPress versions prior to 1.1 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts. This occurs via the page parameter, enabling scripts to...

6.1CVSS6AI score0.00211EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.11 views

Tenda 4G300 缓冲区错误漏洞

The Tenda 4G300 is a wireless router produced by the Chinese company Tenda. The Tenda 4G300 US4G300V1.0MtV1.01.42CNTDC01 version contains a buffer error vulnerability. This vulnerability stems from the operation of the parameter “page” in the function sub427C3C within the file/goform/SafeMacFilte...

9CVSS7.7AI score0.00516EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/28 12:0 p.m.4 views

CVE-2026-7269 SourceCodester Pharmacy Sales and Inventory System index.php cross site scripting

A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /index.php?page=product. Performing a manipulation of the argument ID results in cross site scripting. It is possible to initiate the attack remotely. The exploit has...

4.8CVSS3.3AI score0.0021EPSS
Exploits0References6
NVD
NVD
added 2026/04/27 3:15 a.m.13 views

CVE-2026-7078

A security flaw has been discovered in Tenda F456 1.0.0.5. The impacted element is the function fromSetIpBind of the file /goform/SetIpBind of the component httpd. The manipulation of the argument page results in buffer overflow. The attack can be launched remotely. The exploit has been released ...

9CVSS0.00619EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.10 views

Tenda F456 缓冲区错误漏洞

The Tenda F456 is a wireless router produced by the Chinese company Tenda. Version 1.0.0.5 of the Tenda F456 contains a buffer overflow vulnerability. This vulnerability stems from the fromwebExcptypemanFilter function in the httpd component’s/goform/webExcptypemanFilter file, where improper...

9CVSS7.8AI score0.00815EPSS
Exploits1References2
NVD
NVD
added 2026/04/26 10:17 p.m.9 views

CVE-2026-7056

A vulnerability was detected in Tenda F456 1.0.0.5. Impacted is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter of the component httpd. The manipulation of the argument page results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be...

9CVSS0.00622EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/04/26 6:30 p.m.36 views

CVE-2026-7056 Tenda F456 httpd SafeUrlFilter fromSafeUrlFilter buffer overflow

A vulnerability was detected in Tenda F456 1.0.0.5. Impacted is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter of the component httpd. The manipulation of the argument page results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be...

9CVSS0.00622EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/04/26 9:15 a.m.5 views

CVE-2026-7030 Tenda F456 RouteStatic fromRouteStatic buffer overflow

A security vulnerability has been detected in Tenda F456 1.0.0.5. This affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and...

9CVSS8.6AI score0.00632EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/04/26 12:0 a.m.12 views

Tenda F456 缓冲区错误漏洞

The Tenda F456 is a wireless router produced by the Chinese company Tenda. Version 1.0.0.5 of the Tenda F456 contains a buffer overflow vulnerability. This vulnerability stems from the improper handling of the page parameter in the frmL7ProtForm function of the goform/L7Prot component in the http...

9CVSS7.8AI score0.00619EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/26 12:0 a.m.9 views

Tenda F456 缓冲区错误漏洞

The Tenda F456 is a wireless router produced by the Chinese company Tenda. Version 1.0.0.5 of the Tenda F456 contains a buffer error vulnerability. This vulnerability stems from improper handling of the page parameter in the SafeEmailFilter function of the/goform/SafeEmailFilter file, which may...

9CVSS7.7AI score0.00632EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/26 12:0 a.m.13 views

Tenda F456 缓冲区错误漏洞

The Tenda F456 is a wireless router produced by the Chinese company Tenda. Version 1.0.0.5 of the Tenda F456 contains a buffer error vulnerability. This vulnerability stems from improper handling of the page parameter in the fromRouteStatic function within the/goform/RouteStatic file, which may...

9CVSS7.7AI score0.00632EPSS
Exploits1References2
Rows per page
Query Builder