Lucene search
K

2371 matches found

Nuclei
Nuclei
added 19 hours ago26 views

WordPress Select All Categories and Taxonomies <1.3.2 - Cross-Site Scripting

WordPress Select All Categories and Taxonomies plugin before 1.3.2 contains a cross-site scripting vulnerability. The settings page of the plugin does not properly sanitize the tab parameter before outputting it back. An attacker can inject arbitrary script in the browser of an unsuspecting user ...

6.1CVSS6.4AI score0.10358EPSS
Exploits5References5
NVD
NVD
added 3 days ago7 views

CVE-2026-14029

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter in all versions up to, and including, 4.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS0.00441EPSS
Exploits0References10
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-14029 Groundhogg <= 4.5.8 - Authenticated (Custom+) SQL Injection via 'select' Parameter

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter in all versions up to, and including, 4.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS0.00441EPSS
Exploits0References10
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41270

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter in all versions up to, and including, 4.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS5.8AI score0.00441EPSS
Exploits0References10
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-40764

Inappropriate implementation in Select in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00169EPSS
Exploits0References3
OSV
OSV
added 5 days ago2 views

DEBIAN-CVE-2026-14077

Inappropriate implementation in Select in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00169EPSS
Exploits0References1
NVD
NVD
added 5 days ago5 views

CVE-2026-14077

Inappropriate implementation in Select in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.00169EPSS
Exploits0References2
CVE
CVE
added 5 days ago32 views

CVE-2026-14077

The CVE-2026-14077 entry describes an issue in Google Chrome on macOS (before version 150.0.7871.47) where an inappropriate implementation in the Select control allows a remote attacker to spoof the Omnibox (URL bar) contents via a crafted HTML page. Affected component: Select in the browser; roo...

4.3CVSS5.8AI score0.00169EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-54352

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 150.0.7871.47 Description An inappropriate implementation in the Select component allows a remote attacker to spoof the contents of the Omnibox the browser's URL bar by using a specially crafted HTML page...

4.3CVSS6AI score0.00169EPSS
Exploits0References4
NVD
NVD
added 6 days ago9 views

CVE-2026-13583

A vulnerability has been found in Edimax EW-7478APC 1.04. Impacted is the function formUSBFolder of the file /goform/formUSBFolder of the component POST Request Handler. Such manipulation of the argument ShareName/SelectName leads to buffer overflow. The attack may be performed from remote. The...

9CVSS0.00445EPSS
Exploits0References5
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-40114

phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to access the full contents of the uploaded-files database table by visiting any page of the application. The index model executes an unbounded SELECT query and embeds the comple...

8.7CVSS5.8AI score0.00365EPSS
Exploits0References4
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-40081

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM0 POST parameter. Attackers can supply malicious SQL syntax through the...

7.1CVSS6AI score0.00148EPSS
Exploits0References4
Jake Archibald's Blog
Jake Archibald's Blog
added 6 days ago13 views

The Goldilocks customizable select height

I recently gave a talk on customizable as in fully-stylable , and as I was building demos I realised there's a sizing 'pattern' that's almost always the-one-you-want, but it took me a long time to figure out how to do it in CSS. Well, I say I figured it out. I actually failed, and asked a bunch o...

5.9AI score
Exploits0
NVD
NVD
added 2026/06/27 2:16 a.m.11 views

CVE-2026-13333

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via 'queryselect' Parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS0.00344EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/27 1:27 a.m.7 views

EUVD-2026-39930

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via 'queryselect' Parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS6AI score0.00344EPSS
Exploits0References6
CVE
CVE
added 2026/06/27 1:27 a.m.14 views

CVE-2026-13333

CVE-2026-13333 affects the Groundhogg WordPress plugin up to version 4.5.5. The issue is a generic SQL injection in the query[select] path caused by insufficient escaping and inadequate preparation of the SQL query, allowing an authenticated attacker with Sales Representative-level access or high...

6.5CVSS6AI score0.00344EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/24 6:32 p.m.6 views

EUVD-2026-38803

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the MultiSelectDialog component...

4.8CVSS5.8AI score0.00239EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 4:16 p.m.9 views

CVE-2026-50708

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the MultiSelectDialog component...

4.8CVSS0.00239EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.22.0, the URBDRC client used server-supplied interface numbers as array indices without bounds checks, resulting in a out-of-bounds read in libusbudevselectinterface. This vulnerability has been fixed in version...

9.1CVSS5.3AI score0.00489EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 2:58 p.m.11 views

CVE-2026-50708

CVE-2026-50708 affects Frappe Framework 17.0.0-dev, with a Stored XSS in the MultiSelectDialog component caused by improper neutralization of user-controlled input. The CVSS v4.0 base score is 4.8 (Medium), with network attack vector, low privileges required, and user interaction required. The im...

4.8CVSS5.8AI score0.00239EPSS
Exploits0References2
Rows per page
Query Builder