Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

20040 matches found

CNNVD
CNNVDadded 2026/04/20 12:0 a.m.4 views

WordPress plugin Image Source Control Lite – Show Image Credits and Captions 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.9AI score0.00155EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/04/20 12:0 a.m.5 views

WordPress plugin wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.7CVSS6AI score0.00272EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/04/20 12:0 a.m.2 views

PT-2026-33819

Cross Site Scripting vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the visname parameter of visitors-form.php. An authenticated attacker can inject arbitrary JavaScript that is later executed when the malicious input is viewed in...

5.4CVSS5.9AI score0.00165EPSS
Exploits0References5
EUVD
EUVDadded 2026/04/19 6:31 a.m.2 views

EUVD-2026-23681

The EMC – Easily Embed Calendly Scheduling Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's calendly shortcode in all versions up to, and including, 4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.9AI score0.00194EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/04/19 3:26 a.m.0 views

CVE-2026-0868

The EMC – Easily Embed Calendly Scheduling Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's calendly shortcode in all versions up to, and including, 4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.9AI score0.00194EPSS
Exploits0References3
CNNVD
CNNVDadded 2026/04/19 12:0 a.m.6 views

WordPress plugin EMC – Easily Embed Calendarly Scheduling Features 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is a...

6.4CVSS5.9AI score0.00194EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/04/19 12:0 a.m.4 views

PT-2026-33616

The EMC – Easily Embed Calendly Scheduling Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's calendly shortcode in all versions up to, and including, 4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.9AI score0.00194EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/04/18 11:16 a.m.1 views

CVE-2026-2986 Contextual Related Posts <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'other_attributes'

The Contextual Related Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'otherattributes' parameter in versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.9AI score0.00304EPSS
Exploits0References2
NVD
NVDadded 2026/04/18 5:16 a.m.3 views

CVE-2026-6048

The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flipbox widget's button URL customattributes field in all versions up to, and including, 2.1.1 due to insufficient validation of custom attribute names. Specifically, the plugin uses eschtml ...

6.4CVSS0.00249EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/04/18 12:0 a.m.4 views

WordPress plugin Content Blocks (Custom Post Widget) 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.9AI score0.00194EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/04/18 12:0 a.m.6 views

WordPress plugin Flipbox Addon for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.9AI score0.00249EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/04/18 12:0 a.m.8 views

WordPress plugin Hostel 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.1CVSS6AI score0.00254EPSS
Exploits0References2
CVE
CVEadded 2026/04/17 11:44 a.m.8 views

CVE-2026-28263

CVE-2026-28263 affects Dell PowerProtect Data Domain running DD OS Feature Release 7.7.1.0–8.5, LTS2025 8.3.1.0–8.3.1.20, and LTS2024 7.13.1.0–7.13.1.50. It describes a cross-site scripting vulnerability that could be exploited by a high-privilege attacker with remote access, leading to script in...

5.9CVSS5.7AI score0.00204EPSS
Exploits0References1Affected Software2
CNNVD
CNNVDadded 2026/04/17 12:0 a.m.6 views

WordPress plugin Pz-LinkCard 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

6.4CVSS5.9AI score0.00235EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/04/17 12:0 a.m.6 views

WordPress plugin VideoZen 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.4CVSS6AI score0.00199EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/04/17 12:0 a.m.2 views

PT-2026-33395

Name of the Vulnerable Software and Affected Versions WP Statistics versions prior to 14.16.5 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. The referral parser copies the raw value of the 'utm source' parameter into the source name fiel...

7.2CVSS6AI score0.00476EPSS
Exploits0References13
Positive Technologies
Positive Technologiesadded 2026/04/17 12:0 a.m.1 views

PT-2026-33445

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain with Data Domain Operating System versions 7.7.1.0 through 8.5 Dell PowerProtect Data Domain with Data Domain Operating System versions 8.3.1.0 through 8.3.1.20 Dell PowerProtect Data Domain with Data Domain...

5.9CVSS5.8AI score0.00204EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEVadded 2026/04/17 12:0 a.m.13 views

VulnCheck KEV: CVE-2026-5231

The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utmsource' parameter in all versions up to, and including, 14.16.4. This is due to insufficient input sanitization and output escaping. The plugin's referral parser copies the raw utmsource value into the...

7.2CVSS5.9AI score0.00476EPSS
In wildExploits0References2
OSV
OSVadded 2026/04/16 9:8 p.m.2 views

GHSA-4FXQ-2X3X-6XQX zrok: Reflected XSS in GitHub OAuth callback via unsanitized refreshInterval error rendering

Summary The proxyUi template engine uses Go's text/template which performs no HTML escaping instead of html/template. The GitHub OAuth callback handlers in both publicProxy and dynamicProxy embed the attacker-controlled refreshInterval query parameter verbatim into an error message when...

6.1CVSS5.9AI score0.00209EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2026/04/16 8:42 p.m.4 views

ApostropheCMS: Stored XSS via CSS Custom Property Injection in @apostrophecms/color-field Escaping Style Tag Context

Summary The @apostrophecms/color-field module bypasses color validation for values prefixed with -- intended for CSS custom properties, but performs no HTML sanitization on these values. When styles containing attacker-controlled color values are rendered into tags — both in the global stylesheet...

5.4CVSS6.1AI score0.0021EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder