Lucene search
+L

15342 matches found

Cvelist
Cvelist
added 2026/07/02 11:15 a.m.33 views

CVE-2026-57358 WordPress Customize My Account for WooCommerce plugin <= 4.3.9 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Customize My Account for WooCommerce = 4.3.9 versions...

7.1CVSS0.00191EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:14 a.m.15 views

CVE-2026-27430

CVE-2026-27430 affects the WordPress TheFox theme (

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:14 a.m.21 views

CVE-2026-27408

CVE-2026-27408 affects WordPress NativeChurch theme versions

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 9:12 p.m.24 views

CVE-2026-54263

Wagtail (Django-based CMS) has a reflected XSS in the dynamic image URL generator view within the admin. A limited-permission editor could craft a URL that, when seen by a higher-privilege user, could act with that user’s credentials. Affected versions: &lt; 7.0.8, &lt; 7.3.3,

7.3CVSS5.5AI score0.00203EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/30 3:11 p.m.8 views

CVE-2026-48307

ColdFusion versions 2025.9, 2023.20 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially resulting in arbitrary code execution in the context of the current user...

8.8CVSS6.4AI score0.00314EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-39900

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the...

6.1CVSS6.1AI score0.00155EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-39897

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the htmlauthfooter. This...

6.1CVSS6.1AI score0.00155EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/29 2:59 p.m.7 views

WordPress Automotive Listings plugin <= 18.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Automotive Listings versions = 18.6...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/06/29 1:36 p.m.29 views

CVE-2026-57333

CVE-2026-57333 describes an unauthenticated reflected Cross Site Scripting (XSS) vulnerability in the WordPress plugin Link Whisper Free , affecting versions up to and including 0.9.4 . The connected sources consistently identify it as a reflected XSS issue in the Free plugin; no root-cause detai...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/27 5:33 a.m.9 views

CVE-2026-13245

The MaxButtons – Create buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'view' parameter in all versions up to, and including, 9.8.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.9AI score0.00211EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.33 views

CVE-2026-57312 WordPress Everest Forms plugin <= 3.4.8 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Everest Forms = 3.4.8 versions...

7.1CVSS0.0018EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 11:16 p.m.12 views

CVE-2026-39900

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the authprofile.php JavaScript context. This issue has been fixed in version 1.2.31...

6.1CVSS0.00155EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 11:16 p.m.6 views

DEBIAN-CVE-2026-39900

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the authprofile.php JavaScript context. This issue has been fixed in version 1.2.31...

6.1CVSS5.7AI score0.00155EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 10:37 p.m.3 views

CVE-2026-39900 Cacti: Reflected XSS via tab parameter in auth_profile.php JavaScript context

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the authprofile.php JavaScript context. This issue has been fixed in version 1.2.31...

5.3CVSS5.9AI score0.00155EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/24 10:0 p.m.8 views

CVE-2026-39897

Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the htmlauthfooter. This issue has been fixed in version 1.2.31...

6.1CVSS5.7AI score0.00155EPSS
Exploits0
OSV
OSV
added 2026/06/24 10:0 p.m.3 views

CVE-2026-39897 Cacti has a Reflected XSS Vulnerability via html_auth_footer

Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the htmlauthfooter. This issue has been fixed in version 1.2.31...

5.3CVSS5.9AI score0.00155EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/06/24 2:37 p.m.7 views

WordPress Quick Interest Slider plugin <= 3.1.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by hivesec in WordPress Plugin Quick Interest Slider versions = 3.1.6...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/24 1:31 p.m.7 views

WordPress Image Sizes on Demand plugin <= 1.3 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Image Sizes on Demand versions = 1.3...

6.1CVSS5.8AI score0.00168EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/23 9:16 p.m.9 views

CVE-2026-46547

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, a reflected XSS vulnerability exists in the Page Leaving Warning page. The ncRedirectUrl and ncBackUrl query parameters are used in window.location.href and tag bindings without validation, allowing javascript: URI...

6.1CVSS0.00156EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:42 p.m.30 views

CVE-2026-46547 NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, a reflected XSS vulnerability exists in the Page Leaving Warning page. The ncRedirectUrl and ncBackUrl query parameters are used in window.location.href and tag bindings without validation, allowing javascript: URI...

6.1CVSS0.00156EPSS
Exploits0References1
Rows per page
Query Builder