Lucene search
K

37774 matches found

Nuclei
Nuclei
added yesterday18 views

WCAPF WooCommerce Ajax Product Filter - SQL Injection

WCAPF WooCommerce Ajax Product Filter = 4.2.3 contains a time-based SQL injection caused by insufficient escaping of the 'post-author' parameter, letting unauthenticated attackers extract sensitive database information remotely. id: CVE-2026-3396 info: name: WCAPF WooCommerce Ajax Product Filter ...

7.5CVSS6AI score0.01473EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday12 views

GiveWP - Missing Authorization to Settings Update

GiveWP plugin through 2.5.9 for WordPress contains an unauthenticated settings change caused by insecure access in includes/gateways/stripe/includes/admin/admin-actions.php, letting attackers modify settings without authentication, exploit requires no authentication. id: CVE-2020-20627 info: name...

5.3CVSS6.1AI score0.01881EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday18 views

Post Grid <= 2.2.50 - Information Exposure via REST API

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks.This issue affects Post Grid Combo – 36+ Gutenberg Blocks: from n/a through 2.2.50. id: CVE-2023-40211 info: name: Post Grid = 2.2.50 - Information Exposure via REST API...

7.5CVSS7.1AI score0.02041EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday43 views

Mlflow - Cross-Site Scripting

The vulnerability allows an attacker to inject malicious code into the Content-Type header of a POST request, which is then reflected back to the user without proper sanitization or escaping. id: CVE-2023-6568 info: name: Mlflow - Cross-Site Scripting author: ritikchaddha severity: medium...

6.5CVSS6.7AI score0.01649EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday37 views

SuperWebMailer 9.00.0.01710 - Cross-Site Scripting

An issue was discovered in SuperWebMailer 9.00.0.01710 allowing XSS via crafted incorrect passwords. id: CVE-2023-38192 info: name: SuperWebMailer 9.00.0.01710 - Cross-Site Scripting author: ritikchaddha severity: medium description: | An issue was discovered in SuperWebMailer 9.00.0.01710 allowi...

6.1CVSS6.4AI score0.01116EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday26 views

WordPress AJAX Random Post <=2.00 - Cross-Site Scripting

WordPress AJAX Random Post 2.00 is vulnerable to reflected cross-site scripting. id: CVE-2016-1000127 info: name: WordPress AJAX Random Post =2.00 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress AJAX Random Post 2.00 is vulnerable to reflected cross-site scripting...

6.1CVSS6AI score0.03223EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday10 views

Advance Post Prefix WordPress plugin - Reflected XSS

Advance Post Prefix WordPress plugin through 1.1.1 contains a reflected cross-site scripting caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request. id: CVE-2024-12734 info: name: Advance...

6.1CVSS5.9AI score0.00521EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday13 views

Post Sync Plugin <= 1.1 - Cross-Site Scripting

Post Sync WordPress plugin = 1.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a maliciou...

6.1CVSS7.1AI score0.0061EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday37 views

WordPress Post Status Notifier Lite <1.10.1 - Cross-Site Scripting

WordPress Post Status Notifier Lite plugin before 1.10.1 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the...

6.1CVSS6.4AI score0.00902EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday142 views

mooSocial 3.1.8 - External Service Interaction

mooSocial 3.1.8 is vulnerable to external service interaction via multiple parameters in the post function. id: CVE-2023-43323 info: name: mooSocial 3.1.8 - External Service Interaction author: ritikchaddha severity: medium description: | mooSocial 3.1.8 is vulnerable to external service...

6.5CVSS6.6AI score0.0186EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday252 views

Ivanti Connect Secure - XXE

Ivanti Connect Secure is vulnerable to XXE XML External Entity injection. id: CVE-2024-22024 info: name: Ivanti Connect Secure - XXE author: watchTowr severity: high description: | Ivanti Connect Secure is vulnerable to XXE XML External Entity injection. impact: | Successful exploitation of this...

8.3CVSS7.3AI score0.94721EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday38 views

Flatpress < v1.2.1 - Cross Site Scripting

Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting XSS vulnerability via the page parameter at /flatpress/admin.php. id: CVE-2022-40047 info: name: Flatpress v1.2.1 - Cross Site Scripting author: r3Y3r53 severity: medium description: | Flatpress v1.2.1 was discovered to...

5.4CVSS6AI score0.01431EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday58 views

QCube Cross-Site-Scripting

A reflected cross-site scripting vulnerability in qcubed all versions including 3.1.1 in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users. id: CVE-2020-24912 info: name: QCube Cross-Site-Scripting author: pikpikcu severity: medium...

6.1CVSS6.8AI score0.06289EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday39 views

Alfresco Share - Open Redirect

Alfresco Share before 5.2.6, 6.0.N and 6.1.N contains an open redirect vulnerability via a crafted POST request. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2019-14223 info: name:...

6.1CVSS6.4AI score0.04474EPSS
Exploits1References5
Circl
Circl
added yesterday7 views

CVE-2026-14774

creationtimestamp| type| source ---|---|--- 2026-07-06 00:40:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpwu4kxmoc2p...

6.5CVSS5.9AI score0.00204EPSS
Exploits0References1
Circl
Circl
added yesterday7 views

CVE-2026-59511

creationtimestamp| type| source ---|---|--- 2026-07-06 00:05:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpws6kxmih2p...

5.3CVSS5.9AI score0.00201EPSS
Exploits0References1
Circl
Circl
added 2 days ago5 views

CVE-2026-59520

creationtimestamp| type| source ---|---|--- 2026-07-05 23:59:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpwrsytwez2p...

4.3CVSS5.9AI score0.001EPSS
Exploits0References1
Circl
Circl
added 2 days ago6 views

CVE-2026-14777

creationtimestamp| type| source ---|---|--- 2026-07-05 23:57:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpwrpn7cv42e...

6.5CVSS6.6AI score0.00214EPSS
Exploits0References1
Circl
Circl
added 2 days ago5 views

CVE-2026-56140

creationtimestamp| type| source ---|---|--- 2026-07-05 21:04:18+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mpwi25d2p32g 2026-07-06 11:58:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpxzyzuuuz22 2026-07-06 20:28:13+00:00| seen|...

9.8CVSS5.9AI score0.0016EPSS
Exploits0References3
Circl
Circl
added 2 days ago5 views

CVE-2026-48206

creationtimestamp| type| source ---|---|--- 2026-07-05 20:24:43+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mpwftcmt4q2i...

5.3CVSS5.9AI score0.00161EPSS
Exploits0References1
Rows per page
Query Builder