Lucene search
K

11076 matches found

CVE
CVE
added yesterday6 views

CVE-2026-53365

CVE-2026-53365 concerns the Linux kernel patch for vsock/virtio zerocopy completion across multi-skb sends. The fix ensures zerocopy uarg is allocated before the send loop and attached to every skb via skb_zcopy_set(), so each skb carries a reference and completion decrements correctly. This prev...

6AI score
Exploits0References3
Nuclei
Nuclei
added yesterday23 views

WordPress Page Layout builder v1.9.3 - Cross-Site Scripting

WordPress plugin Page-layout-builder v1.9.3 contains a cross-site scripting vulnerability. id: CVE-2016-1000141 info: name: WordPress Page Layout builder v1.9.3 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress plugin Page-layout-builder v1.9.3 contains a cross-site...

6.1CVSS6.4AI score0.03462EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday35 views

Aajoda Testimonials < 2.2.2 - Cross-Site Scripting

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. id: CVE-2023-2178 info: name: Aajoda Testimonials...

4.8CVSS6.4AI score0.00773EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday337 views

PhpMyAdmin <4.8.2 - Local File Inclusion

PhpMyAdmin before version 4.8.2 is susceptible to local file inclusion that allows an attacker to include view and potentially execute files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted...

8.8CVSS7AI score0.98462EPSS
Exploits21References5
Nuclei
Nuclei
added yesterday89 views

Academy LMS 6.0 - Cross-Site Scripting

Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting XSS vulnerability through query parameter. id: CVE-2023-38964 info: name: Academy LMS 6.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Creative Item Academy LMS 6.0 was discovered to...

6.1CVSS6.4AI score0.01056EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday51 views

OURPHP <= 7.2.0 - Cross Site Scripting

OURPHP a...

6.1CVSS6.4AI score0.08115EPSS
Exploits9References5
Nuclei
Nuclei
added yesterday46 views

WP Custom Pages 0.5.0.1 - Local File Inclusion (LFI)

A directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F encoded dot dot sequences in the url parameter. id: CVE-2011-1669 info: name: WP Custom Pages 0.5.0.1 - Local File Inclusion LFI...

5CVSS6.2AI score0.22157EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday61 views

Progress ShareFile Storage Zones Controller - Authentication Bypass

Customer Managed ShareFile Storage Zones Controller SZC contains an authentication bypass Execution After Redirect that allows unauthenticated attackers to access restricted configuration pages. This leads to changing system configuration and potential remote code execution. id: CVE-2026-2699 inf...

9.8CVSS7.2AI score0.49424EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday57 views

eShop 3.0.4 - Cross-Site Scripting

eShop 3.0.4 contains a reflected cross-site scripting vulnerability in json search parse and json response in wrteam.in. id: CVE-2022-35493 info: name: eShop 3.0.4 - Cross-Site Scripting author: arafatansari severity: medium description: | eShop 3.0.4 contains a reflected cross-site scripting...

6.1CVSS6.4AI score0.01422EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday57 views

WordPress Country Selector <1.6.6 - Cross-Site Scripting

WordPress Country Selector plugin prior to 1.6.6 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the country and lang parameters before outputting them back in the response. An attacker can inject arbitrary script in the browser of an unsuspecting user in th...

6.1CVSS6.5AI score0.01436EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday73 views

Jenkins build-metrics 1.3 - Cross-Site Scripting

Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides. id: CVE-2019-10475 info: name: Jenkins build-metrics 1.3 - Cross-Site Scripting author: madrobot severity...

6.1CVSS6.5AI score0.57735EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday52 views

Seo Panel 4.8.0 - Cross-Site Scripting

Seo Panel 4.8.0 contains a reflected cross-site scripting vulnerability via the seo/seopanel/login.php?sec=forgot email parameter. id: CVE-2021-3002 info: name: Seo Panel 4.8.0 - Cross-Site Scripting author: edoardottt severity: medium description: Seo Panel 4.8.0 contains a reflected cross-site...

6.1CVSS6.4AI score0.04278EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday35 views

WordPress E2Pdf <1.16.45 - Cross-Site Scripting

WordPress E2Pdf plugin before 1.16.45 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some of its settings, even when the unfilteredhtml capability is disallowed. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context o...

4.8CVSS6.2AI score0.01262EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday35 views

WordPress Post Grid <2.1.8 - Cross-Site Scripting

WordPress Post Grid plugin before 2.1.8 contains a reflected cross-site scripting vulnerability. The slider import search feature and tab parameter of thesettings are not properly sanitized before being output back in the pages, id: CVE-2021-24488 info: name: WordPress Post Grid 2.1.8 - Cross-Sit...

6.1CVSS6.4AI score0.11241EPSS
Exploits5References4
Nuclei
Nuclei
added yesterday78 views

Spotweb <= 1.5.1 - Cross Site Scripting

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter. id: CVE-2021-40973 info: name: Spotweb = 1.5.1 - Cross Site Scripting author: theamanrawat severity:...

6.1CVSS6.5AI score0.02214EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday18 views

Squid Proxy - HTTP Authentication Credentials Disclosure

Squid versions prior to 7.2 fail to redact HTTP authentication credentials in error page responses. The Authorization header value is embedded in plain text inside the mailto: diagnostic block when Squid generates an error page e.g. ERRDNSFAIL. id: CVE-2025-62168 info: name: Squid Proxy - HTTP...

10CVSS7AI score0.62871EPSS
Exploits1References2
NVD
NVD
added 2 days ago8 views

CVE-2026-61876

LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing adjacent network attackers to inject HTML markup. Attackers can send a DHCPv6 Client FQDN containing script tags that execute in the administrator's browser when viewing DHCP lease pages...

9.4CVSS0.002EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-43236

LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing adjacent network attackers to inject HTML markup. Attackers can send a DHCPv6 Client FQDN containing script tags that execute in the administrator's browser when viewing DHCP lease pages...

9.4CVSS6.2AI score0.002EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago11 views

EUVD-2026-43235

luci-app-upnp contains a stored cross-site scripting vulnerability that allows unauthenticated LAN clients to inject JavaScript via UPnP IGD AddPortMapping SOAP requests. Attackers can send malicious HTML in the NewPortMappingDescription field, which miniupnpd stores and luci-app-upnp renders...

8.8CVSS6.1AI score0.00289EPSS
Exploits0References2
NVD
NVD
added 3 days ago7 views

CVE-2026-12141

The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premiumtooltiptext' parameter in all versions up to, and including, 4.11.84 due to insufficient input sanitization and output escaping. This makes i...

4.9CVSS0.00193EPSS
Exploits0References5
Rows per page
Query Builder