Lucene search
K

89223 matches found

NVD
NVD
added yesterday7 views

CVE-2026-55110

A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing CORS misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session...

7.5CVSS
Exploits0References1
EUVD
EUVD
added yesterday6 views

EUVD-2026-41388

A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing CORS misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session...

7.5CVSS5.7AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-55110

A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing CORS misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session...

7.5CVSS5.7AI score
Exploits0References2
Cvelist
Cvelist
added yesterday18 views

CVE-2026-55110

A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing CORS misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session...

7.5CVSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-57754

Contributor Cross Site Scripting XSS in Livemesh Addons for WPBakery Page Builder = 3.9.4 versions...

6.5CVSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-57678

CVE-2026-57678 concerns the WordPress Slider Revolution plugin by ThemePunch, affecting versions 7.0.0 through 7.0.16. The issue is a Reflected Cross-Site Scripting (XSS) vulnerability arising from improper neutralization of input during web page generation. The CVSSv3.1 metrics indicate a NETWOR...

7.1CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added yesterday20 views

CVE-2026-57754 WordPress Livemesh Addons for WPBakery Page Builder plugin <= 3.9.4 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting XSS in Livemesh Addons for WPBakery Page Builder = 3.9.4 versions...

6.5CVSS
Exploits0References1
Nuclei
Nuclei
added yesterday12 views

WordPress Restrict User Access <= 2.5 - Cross-Site Scripting

WordPress Restrict User Access – Membership Plugin with Force versions before 2.6 is vulnerable to Reflected Cross-Site Scripting via the 'ruasection' parameter in the admin level edit page. id: CVE-2024-29138 info: name: WordPress Restrict User Access = 2.5 - Cross-Site Scripting author: Shivam...

7.1CVSS7.3AI score0.00622EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday9 views

ECT Home Page Products - Reflected XSS

ECT Home Page Products WordPress plugin through 1.9 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users such as admin, exploit...

6.1CVSS7.2AI score0.00577EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday16 views

Duplicate Page WordPress - Stored Cross-Site Scripting

Duplicate Page WordPress plugin = 4.4.2 contains a stored cross-site scripting caused by unsanitized Duplicate Post Suffix settings in output, letting high privilege users execute malicious scripts, exploit requires high privilege user role. id: CVE-2021-24681 info: name: Duplicate Page WordPress...

4.8CVSS5.7AI score0.0087EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday26 views

ZZcms - Cross-Site Scripting

ZZcms 2019 contains a cross-site scripting vulnerability in the user login page. An attacker can inject arbitrary JavaScript code in the referer header via user/login.php, which can allow theft of cookie-based credentials and launch of subsequent attacks. id: CVE-2020-20285 info: name: ZZcms -...

5.4CVSS6.1AI score0.01552EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday22 views

Agentejo Cockpit 0.10.2 - Cross-Site Scripting

Agentejo Cockpit 0.10.2 contains a reflected cross-site scripting vulnerability due to insufficient sanitization of the to parameter in the /auth/login route, which allows for injection of arbitrary JavaScript code into a web page's content. id: CVE-2020-14408 info: name: Agentejo Cockpit 0.10.2 ...

6.1CVSS6.4AI score0.03003EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday10 views

LumisXP - Cross-site Scripting

A cross-site scripting XSS vulnerability in the XsltResultControllerHtml.jsp component of LumisXP v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via the lumPageID parameter. id: CVE-2024-33326 info: name: LumisXP - Cross-site Scripting author: 0xr2r severity: medium...

6.1CVSS5.8AI score0.0081EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday64 views

WPS Hide Login <= 1.9.15.2 - Login Page Disclosure

The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may...

5.3CVSS5.8AI score0.01235EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday9 views

Hoppscotch <= 2026.2.1 - Open Redirect

Hoppscotch = 2026.2.1 is vulnerable to a DOM-based open redirect on the /enter page. The redirect query parameter is passed directly to windowz location.href with no origin validation. Requires one additional query parameter to trigger. Exploited via a crafted URL such as...

6.1CVSS5.8AI score0.00401EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday19 views

SickChill - Open Redirect

SickChill's login endpoint's 'next' parameter accepts arbitrary content, allowing authenticated attackers to perform open redirects, but this was fixed in commit c7128a8946c3701df95c285810eb75b2de18bf82 by redirecting to a default page. id: CVE-2024-53995 info: name: SickChill - Open Redirect...

4.8CVSS5.9AI score0.00935EPSS
Exploits0References6
Nuclei
Nuclei
added yesterday47 views

XWiki < 14.10.14 - Cross-Site Scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy disabled by default, XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1 is vulnerable to a reflecte...

9.6CVSS7.4AI score0.05166EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday36 views

Zyxel - Cross-Site Scripting

Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, and ZyWALL 1100 devices contain a reflected cross-site scripting vulnerability on the security firewall login page via the mpidx...

6.1CVSS6.2AI score0.2095EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday9 views

Export WP Page to Static HTML <= 4.3.4 - Cookie Exposure

Export WP Page to Static HTML & PDF WordPress plugin = 4.3.4 contains a sensitive information exposure caused by publicly exposed cookies.txt files with authentication cookies, letting unauthenticated attackers access sensitive authentication data, exploit requires site administrator to trigger...

9.8CVSS5.6AI score0.01954EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday20 views

Jeg Elementor Kit < 2.5.7 - Unauthenticated Settings Update

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...

8.6CVSS7.1AI score0.01594EPSS
Exploits1References4
Rows per page
Query Builder