Lucene search
K

1246 matches found

Nuclei
Nuclei
added 3 days ago80 views

WordPress SP Project & Document Manager <4.22 - Authenticated Shell Upload

WordPress SP Project & Document Manager plugin before 4.22 is susceptible to authenticated shell upload. The plugin allows users to upload files; however, the plugin attempts to prevent PHP and other similar executable files from being uploaded via checking the file extension. PHP files can still...

8.8CVSS7AI score0.52007EPSS
Exploits8References5
NVD
NVD
added 2026/07/07 3:16 p.m.7 views

CVE-2026-12948

A stored cross-site scripting XSS vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the...

4.8CVSS0.00269EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/07 2:32 p.m.35 views

CVE-2026-12948 Stored Cross-Site Scripting (XSS)

A stored cross-site scripting XSS vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the...

4.8CVSS0.00269EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/07 2:32 p.m.8 views

CVE-2026-12948

A stored cross-site scripting XSS vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the...

4.8CVSS5.8AI score0.00269EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.8 views

PT-2026-56193

Name of the Vulnerable Software and Affected Versions Digi PortServer TS affected versions not specified Digi One SP affected versions not specified Digi One SP IA affected versions not specified Digi One IA affected versions not specified Description A stored cross-site scripting XSS issue exist...

4.8CVSS6.1AI score0.00269EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.8 views

SUSE SLES15 Security Update : kernel (Live Patch 14 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:2594-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2594-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.52 fixes various security issues The following security issues were fixed: -...

9.8CVSS6.7AI score0.0049EPSS
Exploits8References17
GithubExploit
GithubExploit
added 2026/06/24 12:23 p.m.93 views

Exploit for CVE-2026-48908

CVE-2026-48908 — SP Page Builder Unauthenticated RCE SP Pag...

10CVSS6.2AI score0.01569EPSS
Exploits6
OSV
OSV
added 2026/06/24 7:34 a.m.1 views

SUSE-SU-2026:2608-1 Security update for the Linux Kernel (Live Patch 24 for SUSE Linux Enterprise 15 SP6)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.103 fixes various security issues The following security issues were fixed: - CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache bsc1261640. - CVE-2026-31504: net: fix fanout UAF in packetrelease via NETDEVUP race...

9.8CVSS5.9AI score0.0049EPSS
Exploits8References12
CVE
CVE
added 2026/06/24 5:33 a.m.12 views

CVE-2026-8617

The CVE concerns the WordPress SearchPlus plugin (versions up to and including 1.7.1). The vulnerability arises from a missing capability check and missing nonce validation in two AJAX callback functions, searchplus_save_token_action_callback() and searchplus_reset_token_action_callback(), which ...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References5
OSV
OSV
added 2026/06/23 10:36 a.m.2 views

SUSE-SU-2026:2532-1 Security update for the Linux Kernel RT (Live Patch 1 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.3 fixes various security issues The following security issues were fixed: - CVE-2026-23278: netfilter: nftables: always walk all pending catchall elements bsc1260907. - CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay...

9.8CVSS6.4AI score0.0049EPSS
Exploits8References14
NVD
NVD
added 2026/06/20 1:16 p.m.13 views

CVE-2026-48908

A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code...

10CVSS0.01569EPSS
Exploits6References5
EUVD
EUVD
added 2026/06/20 11:57 a.m.11 views

EUVD-2026-38110

A vulnerability in the SP Page Builder for Joomla allows the upload of arbitrary files for unauthenticated users, ultimately resulting in PHP code upload and execution...

10CVSS6.1AI score0.01569EPSS
Exploits6References1
Vulnrichment
Vulnrichment
added 2026/06/20 11:57 a.m.55 views

CVE-2026-48908 Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2

A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code...

10CVSS6.1AI score0.01569EPSS
Exploits6References1
ATTACKERKB
ATTACKERKB
added 2026/06/20 11:57 a.m.11 views

CVE-2026-48908

A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code...

10CVSS6.1AI score0.01569EPSS
Exploits6References2Affected Software1
Cvelist
Cvelist
added 2026/06/20 11:57 a.m.62 views

CVE-2026-48908 Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2

A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code...

10CVSS0.01569EPSS
Exploits6References1
Vulnrichment
Vulnrichment
added 2026/06/20 11:56 a.m.8 views

CVE-2026-48909 Joomla Extension - joomshaper.com - PHP Object injection in SP LMS extension for Joomla < 4.1.4

SP LMS comsplms 4.1.4 by JoomShaper deserializes user-controlled cookie data without validation, enabling an unauthenticated remote attacker to execute arbitrary code on the server...

9.5CVSS6.3AI score0.02726EPSS
Exploits5References1
Cvelist
Cvelist
added 2026/06/20 11:56 a.m.34 views

CVE-2026-48909 Joomla Extension - joomshaper.com - PHP Object injection in SP LMS extension for Joomla < 4.1.4

SP LMS comsplms 4.1.4 by JoomShaper deserializes user-controlled cookie data without validation, enabling an unauthenticated remote attacker to execute arbitrary code on the server...

9.5CVSS0.02726EPSS
Exploits5References1
Cvelist
Cvelist
added 2026/06/19 4:4 p.m.33 views

CVE-2017-20266 Joomla SP Movie Database 1.3 SQL Injection via searchword

Joomla SP Movie Database 1.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the searchword parameter. Attackers can send GET requests to the searchresults view with crafted SQL payloads in the...

8.8CVSS0.00334EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50943

Name of the Vulnerable Software and Affected Versions Joomla SP Movie Database version 1.3 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code into the searchword parameter when sending GET requests to the...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 12:5 a.m.14 views

Malicious code in sp-api-dev-assistant-mcp-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18b5b59005300a7a8612a3bf36d3707df573ac722e94e52a3854844345d63745 Package contains only package.json and README.md, with the README explicitly stating it is a proof-of-concept squatting an unclaimed npm name that wa...

6.3AI score
Exploits0References2
Rows per page
Query Builder