Lucene search
K

3134 matches found

Nuclei
Nuclei
added 12 hours ago65 views

BestWebSoft's Twitter < 2.55 - Cross-Site Scripting

The twitter-plugin plugin before 2.55 for WordPress has XSS. id: CVE-2017-18505 info: name: BestWebSoft's Twitter 2.55 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The twitter-plugin plugin before 2.55 for WordPress has XSS. impact: | Authenticated attackers can...

6.1CVSS6.4AI score0.01652EPSS
Exploits1References4
Nuclei
Nuclei
added 5 days ago19 views

twitter-server Cross-Site Scripting

twitter-server before 20.12.0 is vulnerable to cross-site scripting in some configurations. The vulnerability exists in the administration panel of twitter-server in the histograms component via server/handler/HistogramQueryHandler.scala. id: CVE-2020-35774 info: name: twitter-server Cross-Site...

5.4CVSS5.8AI score0.87622EPSS
Exploits0References5
NVD
NVD
added last week10 views

CVE-2026-56285

Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and uses a hardcoded default HMAC key, allowing unauthenticated attackers to compute valid HMACs for arbitrary URLs. Attackers can retrieve HTTP responses from any host reachable by the server, including...

8.6CVSS0.0036EPSS
Exploits0References3
EUVD
EUVD
added last week6 views

EUVD-2026-40154

Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and uses a hardcoded default HMAC key, allowing unauthenticated attackers to compute valid HMACs for arbitrary URLs. Attackers can retrieve HTTP responses from any host reachable by the server, including...

8.6CVSS5.9AI score0.0036EPSS
Exploits0References3
CVE
CVE
added last week8 views

CVE-2026-56285

Nitter is affected by a Server-Side Request Forgery in the /video media proxy endpoint. The vulnerability arises because the endpoint does not validate target URLs against Twitter/X domains and uses a hardcoded default HMAC key, enabling unauthenticated attackers to compute valid HMACs for arbitr...

8.6CVSS5.9AI score0.0036EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in twitter-bootstrap3

Improper neutralization of input during web page generation XSS or “cross-site scripting” vulnerability in Bootstrap allows cross-site scripting. This issue affects Bootstrap: from version 3.4.1 to 4.0.0...

5.6CVSS5.7AI score0.00259EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:17 p.m.10 views

CVE-2026-53736

Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the duplicatepost action handler that lacks nonce verification. Attackers can trick an authenticated user into visiting a crafted link that duplicates any post regardless of post type...

5.1CVSS0.00104EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 8:39 p.m.7 views

CVE-2026-53736 Easy Twitter Feeds before 1.2.13 Cross-Site Request Forgery via duplicate_post Action

Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the duplicatepost action handler that lacks nonce verification. Attackers can trick an authenticated user into visiting a crafted link that duplicates any post regardless of post type...

5.1CVSS5.3AI score0.00104EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 8:39 p.m.16 views

CVE-2026-53736

CVE-2026-53736 affects the Easy Twitter Feeds WordPress plugin prior to 1.2.13. The issue is a cross-site request forgery in the duplicate_post action handler that lacks nonce verification. An attacker could entice an authenticated user to visit a crafted link that duplicates posts regardless of ...

5.1CVSS5.3AI score0.00104EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.14 views

CVE-2026-10875

A security flaw has been discovered in projectworlds Online Art Gallery Shop Project 1.0. The impacted element is an unknown function of the file /admin/adminHome.ph. The manipulation of the argument socialtwitter results in sql injection. The attack may be launched remotely. The exploit has been...

6.5CVSS6.4AI score0.00303EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.9 views

CVE-2026-6177

The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTFDisplayElements::getposttext function when rendering cached tweet text. The plugin's ctfgetmoreposts AJAX action ...

7.2CVSS5.7AI score0.00493EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 12:31 a.m.11 views

EUVD-2026-34543

A security flaw has been discovered in projectworlds Online Art Gallery Shop Project 1.0. The impacted element is an unknown function of the file /admin/adminHome.ph. The manipulation of the argument socialtwitter results in sql injection. The attack may be launched remotely. The exploit has been...

6.5CVSS6.4AI score0.00303EPSS
Exploits0References6
NVD
NVD
added 2026/06/04 11:16 p.m.9 views

CVE-2026-10875

A security flaw has been discovered in projectworlds Online Art Gallery Shop Project 1.0. The impacted element is an unknown function of the file /admin/adminHome.ph. The manipulation of the argument socialtwitter results in sql injection. The attack may be launched remotely. The exploit has been...

6.5CVSS0.00303EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/04 11:0 p.m.29 views

CVE-2026-10875 projectworlds Online Art Gallery Shop Project adminHome.ph sql injection

A security flaw has been discovered in projectworlds Online Art Gallery Shop Project 1.0. The impacted element is an unknown function of the file /admin/adminHome.ph. The manipulation of the argument socialtwitter results in sql injection. The attack may be launched remotely. The exploit has been...

6.5CVSS0.00303EPSS
Exploits0References5
CVE
CVE
added 2026/06/04 11:0 p.m.18 views

CVE-2026-10875

The CVE-2026-10875 entry affects projectworlds Online Art Gallery Shop Project 1.0. The vulnerability is in an unknown function of the file /admin/adminHome.ph; manipulating the social_twitter argument causes SQL injection. A remote attack is possible, and the exploit has been released publicly. ...

6.5CVSS6.4AI score0.00303EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.7 views

Projectworlds Online Art Gallery Shop Project SQL注入漏洞

Projectworlds Online Art Gallery Shop Project is a online art gallery store project developed by the Projectworlds team. Version 1.0 of Projectworlds Online Art Gallery Shop Project has a SQL injection vulnerability. This vulnerability arises from an unknown function in the file admin/adminHome.p...

6.5CVSS6.6AI score0.00303EPSS
Exploits0References5
NVD
NVD
added 2026/05/25 3:16 p.m.13 views

CVE-2018-25364

Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including username...

8.8CVSS0.00337EPSS
Exploits0References3
NVD
NVD
added 2026/05/25 3:16 p.m.17 views

CVE-2018-25363

Twitter-Clone 1 contains a cross-site request forgery vulnerability that allows remote attackers to force victims to delete posts by crafting malicious HTML forms. Attackers can create hidden forms targeting tweetdel.php with tweet IDs and automatically submit them to delete arbitrary posts from...

5.3CVSS0.00199EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/25 2:15 p.m.7 views

CVE-2018-25364 Twitter-Clone 1 SQL Injection via search.php

Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including username...

8.8CVSS6.2AI score0.00337EPSS
Exploits0References3
CVE
CVE
added 2026/05/25 2:15 p.m.22 views

CVE-2018-25364

Twitter-Clone 1 contains a SQL injection flaw accessible without authentication via search.php. An attacker can inject malicious code into the name parameter to perform error-based and union-based SQL injections, enabling extraction of database information such as usernames, credentials, and syst...

8.8CVSS6.2AI score0.00337EPSS
Exploits0References3
Rows per page
Query Builder