Lucene search
+L

21 matches found

nvd
nvd
added 5 days ago5 views

CVE-2026-14262

The Simple JWT Login – Allows you to use JWT on REST endpoints. plugin for WordPress is vulnerable to Authentication Bypass to Privilege Escalation in all versions up to, and including, 3.6.6 via the payload parameter. The vulnerability exists because AuthenticateService::generatePayload only...

8.8CVSS0.00393EPSS
Exploits0References6
cvelist
cvelist
added 5 days ago32 views

CVE-2026-14262 Simple JWT Login <= 3.6.6 - Authenticated (Subscriber+) Authentication Bypass to Privilege Escalation via 'payload' Parameter

The Simple JWT Login – Allows you to use JWT on REST endpoints. plugin for WordPress is vulnerable to Authentication Bypass to Privilege Escalation in all versions up to, and including, 3.6.6 via the payload parameter. The vulnerability exists because AuthenticateService::generatePayload only...

8.8CVSS0.00393EPSS
Exploits0References6
cve
cve
added 5 days ago13 views

CVE-2026-14262

The CVE concerns the WordPress plugin Simple JWT Login . All versions up to and including 3.6.6 are vulnerable to Authentication Bypass to Privilege Escalation via the payload parameter. The flaw arises because AuthenticateService::generatePayload() only overwrites JWT payload keys listed in the ...

8.8CVSS6.1AI score0.00393EPSS
Exploits0References6
euvd
euvd
added 5 days ago5 views

EUVD-2026-43145

The Simple JWT Login – Allows you to use JWT on REST endpoints. plugin for WordPress is vulnerable to Authentication Bypass to Privilege Escalation in all versions up to, and including, 3.6.6 via the payload parameter. The vulnerability exists because AuthenticateService::generatePayload only...

8.8CVSS6.1AI score0.00393EPSS
Exploits0References6
ptsecurity
ptsecurity
added 5 days ago11 views

PT-2026-57390

Name of the Vulnerable Software and Affected Versions The Simple JWT Login – Allows you to use JWT on REST endpoints. versions prior to 3.6.7 Description An authentication bypass leading to privilege escalation exists due to improper handling of identity claims. The...

8.8CVSS6.1AI score0.00393EPSS
Exploits0References10
nvd
nvd
added 2026/05/08 6:16 a.m.29 views

CVE-2024-45257

A Command Injection issue in the payload build page in BYOB Build Your Own Botnet 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in freeze in core/generators.py...

7.3CVSS0.03891EPSS
Exploits3References3
redhatcve
redhatcve
added 2026/03/26 3:1 p.m.6 views

CVE-2026-1708

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection in all versions up to, and including, 1.6.9.27. This is due to the dbwhereconditions method in the TDDBModel class failing to prevent the appendwheresql paramet...

7.5CVSS6AI score0.00406EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/12/14 12:2 p.m.10 views

CVE-2025-41080

A flaw was found in Seafile. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with POST parámetro 'p' in '/api/v2.1/repos/repoid/file/', leading to a stored Cross-Site Scripting XSS. Mitigation Restrict network access to the...

6.1CVSS6.5AI score0.00167EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2025/12/04 12:0 a.m.7 views

PT-2025-49018

Name of the Vulnerable Software and Affected Versions Seafile version 12.0.10 Description A stored Cross-Site Scripting XSS issue exists in Seafile. This allows an attacker to execute arbitrary code in a victim’s browser. The issue is caused by storing malicious payloads with the POST parameter p...

6.1CVSS6.6AI score0.00167EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2025/11/11 12:0 a.m.8 views

PT-2025-46657

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A path traversal issue exists that could lead to elevated system access. This occurs when a Web Admin user on the local network manipulates the POST /REST/UpdateJRE request payload. The issue involve...

7.3CVSS6AI score0.00131EPSS
Exploits0References8
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-24591

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00397EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/08/13 12:0 a.m.3 views

CVE-2025-50614

A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN0047151c function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wdsset in the payload, which can cause the program to crash and potentially lead to a Denial...

7.5AI score0.00397EPSS
Exploits1References1
cve
cve
added 2025/08/13 12:0 a.m.23 views

CVE-2025-50614

Netis WF2880 v2.1.40207 is affected by a buffer overflow in the FUN_0047151c function of cgitest.cgi. Exploitation is triggered by controlling wds_set in the payload, potentially crashing the program and enabling a Denial of Service (DoS). Multiple sources (CNVD, Red Hat, NVD, CVE list, CNNVD, et...

7.5CVSS7.5AI score0.00397EPSS
Exploits1References1Affected Software1
osv
osv
added 2024/05/30 3:15 p.m.3 views

CVE-2024-35504

A cross-site scripting XSS vulnerability in the login page of FineSoft v8.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL:errorname parameter after a failed login attempt...

5.4CVSS5.9AI score0.00254EPSS
Exploits1References1
attackerkb
attackerkb
added 2023/12/14 3:15 p.m.3 views

CVE-2023-50566

A stored cross-site scripting XSS vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Registration Number parameter...

5.4CVSS6.2AI score0.00375EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2023/08/28 12:0 a.m.9 views

CVE-2023-39059

An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter...

8.8AI score0.01429EPSS
Exploits1References2
cnnvd
cnnvd
added 2022/10/28 12:0 a.m.7 views

seccome Ehoney SQL注入漏洞

seccome Ehoney is a secure, fast, highly interactive, enterprise-grade honeypot management system open-sourced by China seccome. seccome Ehoney has a security vulnerability , the vulnerability stems from its file /api/v1/bait/set in the unknown function of the parameter Payload operation leads to...

9.8CVSS8.4AI score0.00437EPSS
Exploits0References3
cnvd
cnvd
added 2018/11/28 12:0 a.m.5 views

Xiaomi Mi Router 3 Command Injection Vulnerability

Xiaomi Mi Router 3 is a wireless router product from Chinese company Xiaomi. A system command injection vulnerability exists in the requestmitv endpoint in Xiaomi Mi Router 3 version 2.22.15. The vulnerability can be exploited to execute arbitrary system commands with the 'payload' URL parameter...

9CVSS9.3AI score0.23955EPSS
Exploits1References1
osv
osv
added 2018/11/27 8:29 p.m.3 views

CVE-2018-16130

System command injection in requestmitv in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary system commands via the "payload" URL parameter...

8.8CVSS6AI score0.23955EPSS
Exploits1References1
zdt
zdt
added 2016/02/15 12:0 a.m.25 views

Tiny Tiny RSS - Blind SQL Injection

Exploit for php platform in category web applications Exploit Title: Tiny Tiny RSS Blind SQL Injection Date: 15-02-2016 Software Link: http://tt-rss.org/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description...

7.1AI score
Exploits0
Rows per page
Query Builder