Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

CVE
CVEadded 2026/02/07 8:26 a.m.15 views

CVE-2026-1643

The CVE-2026-1643 entry concerns the MP-Ukagaka WordPress plugin with Reflected Cross-Site Scripting vulnerabilities in all versions up to 1.5.2, caused by insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary scripts into pages that are ex...

6.1CVSS5.6AI score0.00069EPSS
Exploits0References4
Veracode
Veracodeadded 2025/12/13 7:32 a.m.3 views

Reflected Cross-Site Scripting (XSS)

NiceGUI is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to improper sanitization or encoding in the ui.addcss, ui.addscss, and ui.addsass functions, which allows an attacker to inject closing tags and execute arbitrary JavaScript...

6.1CVSS6AI score0.00042EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2025/09/17 6:17 a.m.15 views

CVE-2025-9565

The CVE concerns the WordPress Blocksy Companion plugin. All versions up to 2.1.10 are affected via the blocksy_newsletter_subscribe shortcode due to insufficient input sanitization and output escaping, allowing authenticated users with contributor-level access or higher to inject arbitrary scrip...

6.4CVSS4.7AI score0.00066EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2025/05/23 6:20 a.m.2 views

CVE-2024-9655

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon widget in all versions up to, and including, 6.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...

6.4CVSS4.9AI score0.00169EPSS
Exploits0References1
OSV
OSVadded 2025/02/13 2:15 a.m.1 views

CVE-2024-13644

The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's De Gallery widget in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS7.4AI score0.00162EPSS
Exploits0References2
CVE
CVEadded 2024/08/24 2:2 a.m.46 views

CVE-2023-6987

CVE-2023-6987 affects the WordPress plugin String locator. It is a reflected XSS vulnerability triggered by the sql-column parameter in all versions up to and including 2.6.5, due to insufficient input sanitization and output escaping. Exploitation requires WP_DEBUG to be enabled and allows an un...

6.1CVSS6AI score0.01414EPSS
Exploits0References2Affected Software1
Prion
Prionadded 2021/08/30 4:15 p.m.12 views

Design/Logic Flaw

Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the "error" and "errorrelatedto" parameters of the POST request of the bounce management callback will be permanently stored and execute...

4.3CVSS6.6AI score0.00435EPSS
Exploits0References1Affected Software1
exploitpack
exploitpackadded 2005/11/29 12:0 a.m.10 views

DRZES Hms 3.2 - Multiple SQL Injections

DRZES Hms 3.2 - Multiple SQL Injections source: https://www.securityfocus.com/bid/15644/info DRZES HMS is prone to multiple SQL injection vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input before it is used in SQL queries. Successful exploitation could...

0.4AI score
Exploits0
Rows per page
Query Builder