Lucene search
K

2441 matches found

Nuclei
Nuclei
added 12 hours ago22 views

Responsive Pricing Table <= 5.1.12 - Cross-Site Scripting

The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'planicons' parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...

6.4CVSS6.2AI score0.00598EPSS
Exploits0References3
Nuclei
Nuclei
added 12 hours ago20 views

WP Responsive Images <= 1.0 - Arbitrary File Read

WP Responsive Images plugin for WordPress = 1.0 contains a path traversal caused by improper sanitization of the 'src' parameter, letting unauthenticated attackers read arbitrary files on the server. id: CVE-2026-1557 info: name: WP Responsive Images = 1.0 - Arbitrary File Read author: Shivam...

7.5CVSS6.2AI score0.01722EPSS
Exploits0References2
Nuclei
Nuclei
added 12 hours ago143 views

WordPress Responsive Vector Maps < 6.4.2 - Arbitrary File Read

WordPress Responsive Vector Maps 6.4.2 contains an arbitrary file read vulnerability because the plugin does not have proper authorization and validation of the rvmuploadregionsfilepath parameter in the rvmimportregions AJAX action, allowing any authenticated user to read arbitrary files on the w...

6.5CVSS6.7AI score0.03005EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday65 views

WordPress ARPrice <3.6.1 - SQL Injection

WordPress ARPrice plugin prior to 3.6.1 contains a SQL injection vulnerability. It fails to properly sanitize and escape user supplied POST data before being inserted in an SQL statement and executed via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or...

9.8CVSS7.2AI score0.13256EPSS
Exploits1References5
CVE
CVE
added 3 days ago15 views

CVE-2026-15471

Eleveo Call Recording Software 9.7.0 contains a vulnerability in an unknown portion of /callrec/pci_dss_status.jsp that allows improper authorization. The issue supports remote exploitation and the exploit has been made public. No remediation details are provided in the document. Vendor contact o...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References5
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42510

The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sign or verify its guest-session cookie, allowing unauthenticated attackers to forge it and impersonate any ticket owner identified by email address to read, reply to, and close that person's support tickets...

5.3CVSS6AI score0.00193EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/04 12:0 p.m.9 views

EUVD-2026-41670

A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. The impacted element is the function AIAgent.runconversation of the file runagent.py of the component HTTP API. This manipulation of the argument todos causes denial of service. The attack can be initiated remotely. The...

5.3CVSS5.6AI score0.00277EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/04 11:30 a.m.37 views

CVE-2026-14625 NousResearch hermes-agent server.py shell.exec protection mechanism

A security flaw has been discovered in NousResearch hermes-agent up to 0.15.2. The affected element is the function shell.exec of the file tuigateway/server.py. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The exploit has been released to...

6.5CVSS0.00224EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/30 6:0 a.m.8 views

CVE-2026-11589

The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not properly validate uploaded files, allowing unauthenticated users to upload files containing malicious JavaScript such as HTML or SVG to a publicly accessible location, leading to Stored Cross-Site Scripting attac...

5.6AI score0.00276EPSS
Exploits0References1
NVD
NVD
added 2026/06/29 12:16 p.m.8 views

CVE-2026-13560

A security vulnerability has been detected in Edimax EW-7478APC 1.04. The affected element is the function formAccept of the file /goform/formAccept of the component POST Request Handler. The manipulation of the argument submit-url leads to os command injection. The attack is possible to be carri...

6.5CVSS0.01158EPSS
Exploits0References5
NVD
NVD
added 2026/06/26 3:16 p.m.8 views

CVE-2026-56041

Unauthenticated Cross Site Scripting XSS in Responsive Lightbox = 2.7.6 versions...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.15 views

CVE-2026-56041

Summary: CVE-2026-56041 describes an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress plugin “Responsive Lightbox” up to version 2.7.6. The incident is classified with CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L, indicating a network-vector XSS that requires user intera...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.34 views

CVE-2026-56041 WordPress Responsive Lightbox plugin <= 2.7.6 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Responsive Lightbox = 2.7.6 versions...

7.1CVSS0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.6 views

EUVD-2026-39703

Unauthenticated Cross Site Scripting XSS in Responsive Lightbox = 2.7.6 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52756

Name of the Vulnerable Software and Affected Versions Responsive Lightbox versions prior to 2.7.7 Description An unauthenticated Cross Site Scripting XSS issue exists, which allows an attacker to execute malicious scripts in the browser of a user by injecting code into a web page. Recommendations...

7.1CVSS5.9AI score0.0018EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in Firefox, Thunderbird

Sandbox escape in the Responsive Design Mode component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

10CVSS7AI score0.00487EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/24 3:2 p.m.4 views

WordPress Responsive Lightbox plugin <= 2.7.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Responsive Lightbox versions = 2.7.6...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/06/24 1:13 p.m.5 views

OESA-2026-2731 mercurial security update

Mercurial is a free, distributed source control management tool. It efficiently handles projects of any size and offers an easy and intuitive interface. Security Fixes: A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. It has been declared as problematic. This vulnerability affects...

5.3CVSS3.6AI score0.00486EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 4:16 p.m.14 views

CVE-2017-20258

Joomla! Component RPC Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=compofos&view=pofo&id=SQL ...

8.8CVSS0.00334EPSS
Exploits0References4
CVE
CVE
added 2026/06/19 3:37 p.m.18 views

CVE-2017-20258

CVE-2017-20258 concerns the Joomla! extension RPC Responsive Portfolio 1.6.1 . The vulnerability is an SQL injection in the affected component, exploitable by unauthenticated attackers via a crafted HTTP GET request to index.php with the query string option=com_pofos&view=pofo&id=[SQL]. The under...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4
Rows per page
Query Builder