Lucene search
K

2780 matches found

Nuclei
Nuclei
added yesterday44 views

Super Socializer < 7.13.52 - Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2023-2779 info: name: Super Socializer 7.13.52 - Cross-Site Scripting author: r3Y3r53...

6.1CVSS6.7AI score0.05991EPSS
Exploits4References4
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-43224

Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted superadmin users retain access to deletenoncompliantbundles and countnoncompliantbundles RPCs due to stale orgusers.userright column not being cleared during role binding deletion. Attackers can exploit this by...

8.3CVSS6.1AI score0.00211EPSS
Exploits0References2
Patchstack
Patchstack
added 4 days ago6 views

WordPress Super Forms – Drag & Drop Form Builder plugin <= 6.3.313 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by andrea bocchetti in WordPress Plugin Super Forms versions = 6.3.313...

9.8CVSS5.9AI score0.00523EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-14894

The Super Forms – Drag & Drop Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 6.3.313 via the submitform function. This is due to missing file type validation and the absence of any capability check on the submitform nopriv AJAX...

9.8CVSS6.6AI score0.00523EPSS
Exploits1References3
CVE
CVE
added 4 days ago13 views

CVE-2026-14894

The CVE concerns the WordPress plugin Super Forms – Drag & Drop Form Builder. All versions up to 6.3.313 are vulnerable to Arbitrary File Upload via the submit_form function due to missing file type validation and absence of any capability check on the submit_form nopriv AJAX handler; the only ba...

9.8CVSS6.6AI score0.00523EPSS
Exploits1References2
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-14894 Super Forms <= 6.3.313 - Unauthenticated Arbitrary File Upload via 'data' Parameter (datauristring / value)

The Super Forms – Drag & Drop Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 6.3.313 via the submitform function. This is due to missing file type validation and the absence of any capability check on the submitform nopriv AJAX...

9.8CVSS0.00523EPSS
Exploits1References2
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42266

Grav API plugin before v1.0.0-rc.16 accepts JWT tokens via the ?token= URL query parameter and responds with Access-Control-Allow-Origin: , allowing unauthenticated attackers to make fully authenticated cross-origin API requests from any malicious website. Attackers who obtain a leaked JWT token...

8.7CVSS6AI score0.00271EPSS
Exploits0References2
NVD
NVD
added 6 days ago9 views

CVE-2026-11798

The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'heateormastodonshare' parameter in all versions up to, and including, 7.14.5 due to insufficient input sanitization and output escaping. This...

6.1CVSS0.00204EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-42168

The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'heateormastodonshare' parameter in all versions up to, and including, 7.14.5 due to insufficient input sanitization and output escaping. This...

6.1CVSS6.1AI score0.00204EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-11798 Social Share, Social Login and Social Comments Plugin <= 7.14.5 - Reflected Cross-Site Scripting via 'heateor_mastodon_share' Parameter

The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'heateormastodonshare' parameter in all versions up to, and including, 7.14.5 due to insufficient input sanitization and output escaping. This...

6.1CVSS0.00204EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/07/07 4:27 a.m.5 views

CVE-2026-8924

A flaw was found in curl's cookie parsing logic. A malicious HTTP server can exploit this by setting 'super cookies' that bypass the Public Suffix List check. This allows an attacker-controlled origin to inject cookies that curl then transmits to unrelated third-party domains, leading to...

9.1CVSS5.9AI score0.00649EPSS
Exploits1References6
EUVD
EUVD
added 2026/07/07 12:30 a.m.5 views

EUVD-2026-41977

mrubyc through 3.4.1 was found to contain a NULL pointer dereference in src/vm.c in opsuper / OPSUPER due to a missing runtime guard for top-level super...

7.5CVSS5.9AI score0.00339EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-56022

Name of the Vulnerable Software and Affected Versions mrubyc versions prior to 3.4.2 Description A NULL pointer dereference occurs in the src/vm.c file within the op super function OP SUPER. This issue is caused by a missing runtime guard for top-level super. Recommendations Update to version 3.4...

7.5CVSS5.9AI score0.00339EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/06 12:0 a.m.28 views

CVE-2026-38976

mrubyc through 3.4.1 was found to contain a NULL pointer dereference in src/vm.c in opsuper / OPSUPER due to a missing runtime guard for top-level super...

0.00339EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 12:0 a.m.2 views

CVE-2026-38976

mrubyc through 3.4.1 was found to contain a NULL pointer dereference in src/vm.c in opsuper / OPSUPER due to a missing runtime guard for top-level super...

7.5CVSS5.9AI score0.00339EPSS
Exploits0References5
OSV
OSV
added 2026/07/03 7:16 a.m.4 views

ALPINE-CVE-2026-8924

A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...

9.1CVSS6AI score0.00649EPSS
Exploits1References1
NVD
NVD
added 2026/07/03 7:16 a.m.7 views

CVE-2026-8924

A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...

9.1CVSS0.00649EPSS
Exploits1References3
EUVD
EUVD
added 2026/07/03 6:15 a.m.7 views

EUVD-2026-41505

A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...

6AI score0.00649EPSS
Exploits1References3
CVE
CVE
added 2026/07/03 6:15 a.m.24 views

CVE-2026-8924

CVE-2026-8924 – curl cookie parsing flaw. The vulnerability arises from curl’s cookie parsing logic, enabling a malicious HTTP server to set ‘super cookies’ that bypass the Public Suffix List check. This allows an attacker-controlled origin to inject cookies that curl subsequently scopes and tran...

9.1CVSS6AI score0.00649EPSS
Exploits1References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/07/03 6:15 a.m.6 views

CVE-2026-8924

A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...

9.1CVSS6AI score0.00649EPSS
Exploits1References3
Rows per page
Query Builder