Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

28 matches found

Cvelist
Cvelistadded 2023/01/23 2:31 p.m.13 views

CVE-2022-4715 Structured Content < 1.5.1 - Contributor+ Stored XSS in Shortcode

The Structured Content WordPress plugin before 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.5AI score0.00285EPSS
Exploits2References1
Cvelist
Cvelistadded 2023/01/16 3:38 p.m.15 views

CVE-2022-4476 Download Manager < 3.2.62 - Contributor+ Stored XSS

The Download Manager WordPress plugin before 3.2.62 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins...

5.6AI score0.00363EPSS
Exploits2References1
WPVulnDB
WPVulnDBadded 2022/05/17 12:0 a.m.16 views

Popup Box < 2.2 - Admin+ LFI

The plugin does not properly validate the current tab used before generating a path and using it in an include statement, which could lead to LFI...

7.2CVSS1AI score0.01141EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDBadded 2022/03/23 12:0 a.m.16 views

Amministrazione Aperta < 3.8 - Admin+ LFI

The plugin does not validate the open parameter before using it in an include statement, leading to a Local File Inclusion issue. The original advisory mentions that unauthenticated users can exploit this, however the affected file generates a fatal error when accessed directly and the affected...

6.5CVSS1.2AI score0.2244EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDBadded 2022/03/01 12:0 a.m.25 views

Narnoo Distributor <= 2.5.1 - Unauthenticated LFI to Arbitrary File Read / RCE

The plugin fails to validate and sanitize the libpath parameter before it is passed into a call to require via the narnoodistributorlibrequest AJAX action available to both unauthenticated and authenticated users which results in the disclosure of arbitrary files as the content of the file is the...

9.8CVSS0.3AI score0.84482EPSS
Exploits2Affected Software1
Cvelist
Cvelistadded 2022/02/14 9:20 a.m.12 views

CVE-2021-25033 Noptin < 1.6.5 - Open Redirect

The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue...

6.4AI score0.01059EPSS
Exploits2References2
OSV
OSVadded 2021/01/08 3:15 p.m.0 views

CVE-2021-1060

NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input index is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x prior to 8.6 and version 11.0 prior to 11.3...

7.1CVSS7.1AI score
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2015/03/26 12:0 a.m.33 views

Debian DLA-20-1 : munin security update

Christoph Biedl - munin-node: more secure state file handling, introducing a new plugin state directory root, owned by uid 0. Then each plugin runs in its own UID plugin state directory, owned by that UID. Closes: 684075, Closes: 679897, closes CVE-2012-3512. - plugins: use runtime...

7.2CVSS5.3AI score0.00719EPSS
Exploits1References5
Rows per page
Query Builder