Lucene search
K

5681 matches found

Nuclei
Nuclei
added 17 hours ago76 views

Spotweb <= 1.5.1 - Cross Site Scripting

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter. id: CVE-2021-40973 info: name: Spotweb = 1.5.1 - Cross Site Scripting author: theamanrawat severity:...

6.1CVSS6.5AI score0.02214EPSS
Exploits1References4
Nuclei
Nuclei
added 17 hours ago28 views

WordPress Title Experiments Free <9.0.1 - SQL Injection

WordPress Title Experiments Free plugin before 9.0.1 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via the wpextitles AJAX action, available to unauthenticated users. An attacker can possibly obtain sensitive...

9.8CVSS7.3AI score0.10352EPSS
Exploits2References5
CVE
CVE
added 2 days ago11 views

CVE-2026-12731

The CVE-2026-12731 entry concerns the weDocs WordPress plugin (Docs, Documentation, Wiki & AI Chatbot). Affected: all versions up to 2.3.0. Issue: Stored Cross-Site Scripting via the Block Attributes sectionTitleTag and articleTitleTag, caused by insufficient input sanitization and output escapin...

6.4CVSS5.9AI score0.00206EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-41470

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sectionTitleTag' and 'articleTitleTag' Block Attributes in all versions up to, and including, 2.3.0 due to insufficient input sanitization and outpu...

6.4CVSS5.9AI score0.00206EPSS
Exploits0References5
NVD
NVD
added 4 days ago7 views

CVE-2026-55790

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22 and 4.0.0-RC1 through 4.17.15, an attacker with only a GitHub account can plant a JavaScript payload in a craftcms/cms issue title. When a Craft admin uses the CraftSupport widget’s "Give feedback" screen and types...

7.4CVSS0.00311EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago23 views

CVE-2026-55790 Craft CMS: DOM XSS via GitHub issue title in CraftSupport widget

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22 and 4.0.0-RC1 through 4.17.15, an attacker with only a GitHub account can plant a JavaScript payload in a craftcms/cms issue title. When a Craft admin uses the CraftSupport widget’s "Give feedback" screen and types...

7.4CVSS0.00311EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-55790

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22 and 4.0.0-RC1 through 4.17.15, an attacker with only a GitHub account can plant a JavaScript payload in a craftcms/cms issue title. When a Craft admin uses the CraftSupport widget’s "Give feedback" screen and types...

7.4CVSS5.8AI score0.00311EPSS
Exploits0References3Affected Software1
CVE
CVE
added 4 days ago8 views

CVE-2026-55790

Summary of CVE-2026-55790 (Craft CMS) : This is a DOM-based cross-site scripting flaw in Craft CMS. Versions affected are 5.0.0-RC1–5.9.22 and 4.0.0-RC1–4.17.15. An attacker with only a GitHub account can insert a JavaScript payload into a craftcms/cms issue title. When a Craft admin uses the Cra...

7.4CVSS5.8AI score0.00311EPSS
Exploits0References2
NVD
NVD
added 4 days ago4 views

CVE-2026-55793

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or any control panel user with saveEntries for the same Structure section, drags another entry under th...

5.9CVSS0.00412EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-55793

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or any control panel user with saveEntries for the same Structure section, drags another entry under th...

5.9CVSS5.7AI score0.00412EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-55793 Craft CMS: Stored XSS via Structure entry title in table view

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or any control panel user with saveEntries for the same Structure section, drags another entry under th...

5.9CVSS0.00412EPSS
Exploits0References2
CVE
CVE
added 4 days ago8 views

CVE-2026-55793

Craft CMS versions 5.0.0-RC1–5.9.22 are affected by a stored XSS in a Structure entry title. An author-level control panel user can insert malicious JavaScript into an entry title. When a victim with saveEntries permission drags another entry under the poisoned one in table view, the payload exec...

5.9CVSS5.7AI score0.00412EPSS
Exploits0References2
OSV
OSV
added 4 days ago3 views

GHSA-8XWF-RJM4-XVHV oras-go has file store write outside workingDir via symlink traversal

The file content store in oras-go attempts to confine writes to workingDir when AllowPathTraversalOnWrite=false, but the guard is lexical and does not account for symlink traversal. If workingDir contains a symlink path component and an attacker-controlled blob title via ocispec.AnnotationTitle...

6.9CVSS5.7AI score
Exploits0References3
Debian CVE
Debian CVE
added 4 days ago4 views

CVE-2026-58026

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Parser/Parser.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

5.8AI score0.00382EPSS
Exploits0
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-40893

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Lesson Attachment Title in all versions up to, and including, 3.9.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00206EPSS
Exploits0References8
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-13443 Tutor LMS <= 3.9.13 - Authenticated (Author+) Stored Cross-Site Scripting via Lesson Attachment Title

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Lesson Attachment Title in all versions up to, and including, 3.9.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00206EPSS
Exploits0References8
CVE
CVE
added 4 days ago9 views

CVE-2026-13443

The CVE-2026-13443 entry concerns the WordPress plugin Tutor LMS (eLearning and online course solution). Affected: all versions up to and including 3.9.13. Issue: Stored Cross-Site Scripting via the Lesson Attachment Title due to insufficient input sanitization and output escaping. Impact: authen...

6.4CVSS5.9AI score0.00206EPSS
Exploits0References8
OSV
OSV
added 4 days ago2 views

UBUNTU-CVE-2026-58026

Make sure the actual title thats being transcluded is includable...

5.8AI score0.00382EPSS
Exploits0References5
NVD
NVD
added 5 days ago6 views

CVE-2026-44628

An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record...

8.7CVSS0.00395EPSS
Exploits0References3
CVE
CVE
added 5 days ago14 views

CVE-2026-44628

CVE-2026-44628 corresponds to an OFFIS DCMTK Toolkit Type Confusion issue. An unauthenticated attacker can crash the worklist server by sending a single crafted query when the server has a valid Called AE Title/storage directory, the expected lockfile, and at least one matching worklist record. T...

8.7CVSS5.8AI score0.00395EPSS
Exploits0References3
Rows per page
Query Builder