Lucene search
K

4238 matches found

Nuclei
Nuclei
added yesterday141 views

Companion Sitemap Generator < 4.5.3 - Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2023-1780 info: name: Companion Sitemap Generator 4.5.3 - Cross-Site Scripting author:...

6.1CVSS6.7AI score0.00998EPSS
Exploits2References2
NVD
NVD
added 2 days ago8 views

CVE-2026-15527

A vulnerability has been found in better-auth better-icons up to 1.0.5. This vulnerability affects unknown code of the component scanprojecticons/syncicon. Such manipulation of the argument iconsfile leads to path traversal. An attack has to be approached locally. The exploit has been disclosed t...

5.3CVSS0.0014EPSS
Exploits0References6
NVD
NVD
added 2 days ago8 views

CVE-2026-15526

A flaw has been found in augmnt augments-mcp-server 7.1.0. This issue affects the function scanProjectDeps of the file src/tools/v4/scan-project-deps.ts of the component scanprojectdeps. Executing a manipulation of the argument packageJsonPath can lead to path traversal. The attack can only be...

4.8CVSS0.00137EPSS
Exploits0References6
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43271

A vulnerability has been found in better-auth better-icons up to 1.0.5. This vulnerability affects unknown code of the component scanprojecticons/syncicon. Such manipulation of the argument iconsfile leads to path traversal. An attack has to be approached locally. The exploit has been disclosed t...

5.3CVSS5.6AI score0.0014EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-15527 better-auth better-icons scan_project_icons/sync_icon path traversal

A vulnerability has been found in better-auth better-icons up to 1.0.5. This vulnerability affects unknown code of the component scanprojecticons/syncicon. Such manipulation of the argument iconsfile leads to path traversal. An attack has to be approached locally. The exploit has been disclosed t...

5.3CVSS0.0014EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-15526 augmnt augments-mcp-server scan_project_deps scan-project-deps.ts scanProjectDeps path traversal

A flaw has been found in augmnt augments-mcp-server 7.1.0. This issue affects the function scanProjectDeps of the file src/tools/v4/scan-project-deps.ts of the component scanprojectdeps. Executing a manipulation of the argument packageJsonPath can lead to path traversal. The attack can only be...

4.8CVSS0.00137EPSS
Exploits0References6
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-43269

A flaw has been found in augmnt augments-mcp-server 7.1.0. This issue affects the function scanProjectDeps of the file src/tools/v4/scan-project-deps.ts of the component scanprojectdeps. Executing a manipulation of the argument packageJsonPath can lead to path traversal. The attack can only be...

4.8CVSS5.6AI score0.00137EPSS
Exploits0References6
CVE
CVE
added 2 days ago10 views

CVE-2026-15526

A vulnerability in augmnt augments-mcp-server 7.1.0 affects the function scanProjectDeps (src/tools/v4/scan-project-deps.ts) of the scan_project_deps component. The issue arises from manipulating the argument packageJsonPath, enabling path traversal. The attack is local, and a proof-of-concept/ex...

4.8CVSS5.6AI score0.00137EPSS
Exploits0References6
OSV
OSV
added 2 days ago2 views

CVE-2026-15526 augmnt augments-mcp-server scan_project_deps scan-project-deps.ts scanProjectDeps path traversal

A flaw has been found in augmnt augments-mcp-server 7.1.0. This issue affects the function scanProjectDeps of the file src/tools/v4/scan-project-deps.ts of the component scanprojectdeps. Executing a manipulation of the argument packageJsonPath can lead to path traversal. The attack can only be...

4.8CVSS5.6AI score0.00137EPSS
Exploits0References8
NVD
NVD
added 5 days ago5 views

CVE-2026-14475

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

4.9CVSS0.00294EPSS
Exploits0References7
NVD
NVD
added 5 days ago6 views

CVE-2026-12955

The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verification on the gdprcookieconsentajaxsaveschedulescan function the wpajaxgccsaveschedulescan AJAX action in versions up to, and including, 4.3.6...

4.3CVSS0.00196EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 5 days ago8 views

CVE-2026-12955

The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verification on the gdprcookieconsentajaxsaveschedulescan function the wpajaxgccsaveschedulescan AJAX action in versions up to, and including, 4.3.6...

4.3CVSS6.1AI score0.00196EPSS
Exploits0References6
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42849

The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verification on the gdprcookieconsentajaxsaveschedulescan function the wpajaxgccsaveschedulescan AJAX action in versions up to, and including, 4.3.6...

4.3CVSS6.1AI score0.00196EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42844

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

4.9CVSS6.1AI score0.00294EPSS
Exploits0References7
CVE
CVE
added 5 days ago6 views

CVE-2026-14475

The CVE-2026-14475 entry relates to the WordPress plugin “WPLP Cookie Consent” (GDPR/CCPA banner) with a SQL Injection vulnerability via the scan_id parameter in all versions up to 4.3.6. The root cause is insufficient escaping of the user-supplied parameter and inadequate preparation of the exis...

4.9CVSS6.1AI score0.00294EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-14475

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

4.9CVSS6.1AI score0.00294EPSS
Exploits0References8
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-14475 Cookie Banner for GDPR / CCPA <= 4.3.6 - Authenticated (Administrator+) SQL Injection via 'scan_id' Parameter

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

4.9CVSS0.00294EPSS
Exploits0References7
Patchstack
Patchstack
added 6 days ago4 views

WordPress Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin <= 4.3.6 - Missing Authorization to Authenticated (Subscriber+) Scan Schedule Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Scan Schedule Modification vulnerability discovered by PRISM in WordPress Plugin WP Cookie Notice for GDPR, CCPA & ePrivacy Consent versions = 4.3.6...

4.3CVSS6.1AI score0.00196EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-59887

linkify-it is a links recognition library with full Unicode support. Prior to 5.0.2, the mailto: schema validator used by .test and .match can be invoked at every mailto: occurrence and scan the remaining input through srcemailname in lib/re.mjs, causing On^2 CPU consumption on crafted user text...

7.5CVSS5.9AI score0.00346EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added last week6 views

CVE-2026-59870

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addItem to perform a linear duplicate-key scan on every insertion, causing On^2 CPU consumption when yaml.load parses a crafted ordered-map...

7.5CVSS6.5AI score0.00358EPSS
Exploits1
Rows per page
Query Builder