Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Positive Technologies
Positive Technologiesadded 2026/05/14 12:0 a.m.6 views

PT-2026-40849

The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in the update gallery data function and improper output escaping in the gallery init function. The...

6.4CVSS6AI score0.00016EPSS
Exploits0References7
Vulnrichment
Vulnrichmentadded 2026/05/01 5:29 a.m.0 views

CVE-2026-6127 Elementor Website Builder <= 4.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API

The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the elementordata meta field in versions up to, and including, 4.0.4. This is due to insufficient input sanitization when processing form-encoded REST API requests. The plugin registers the...

6.4CVSS6AI score0.00055EPSS
Exploits0References8
ATTACKERKB
ATTACKERKBadded 2026/03/11 8:9 p.m.1 views

CVE-2026-32106

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the REST API createUser endpoint uses string-based rank checks that only block creating owner accounts, while the Dashboard API uses indexOf-based rank comparison that prevents creating users at...

4.7CVSS5.8AI score0.00025EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologiesadded 2026/01/07 12:0 a.m.1 views

PT-2026-1553

Name of the Vulnerable Software and Affected Versions EmailKit versions up to and including 1.6.1 Description The EmailKit plugin for WordPress is susceptible to Arbitrary File Read due to a Path Traversal issue. This occurs because of a lack of path validation in the create template REST API...

6.5CVSS5.9AI score0.00043EPSS
Exploits0References5
NVD
NVDadded 2025/07/03 5:15 p.m.2 views

CVE-2025-6074

Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to source code and control network, the attacker can bypass the REST interface authentication and gain access to MQTT configuration data...

6.5CVSS0.00158EPSS
Exploits0References1
OSV
OSVadded 2023/12/12 12:15 p.m.1 views

CVE-2023-48430

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically...

2.7CVSS5.7AI score
Exploits0References1
OSV
OSVadded 2019/07/02 9:15 p.m.0 views

CVE-2019-6622

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, an undisclosed iControl REST worker is vulnerable to command injection by an administrator or resource administrator user. This attack is only exploitable on multi-bladed systems...

7.2CVSS7.1AI score0.02522EPSS
Exploits0References1
CNVD
CNVDadded 2017/11/25 12:0 a.m.2 views

Swagger-Parser's and swagger-codegen Arbitrary Code Execution Vulnerabilities

Swagger-Parser's is a Swagger cross-language REST API interface parser. swagger-codegen is an API development tool. A security vulnerability exists in Swagger-Parser's 1.0.30 and earlier and swagger-codegen 2.2.2 and earlier. An attacker can exploit the vulnerability to execute arbitrary code...

8.8CVSS7.4AI score0.00463EPSS
Exploits0References1
Rows per page
Query Builder