Lucene search
K

2673 matches found

Nuclei
Nuclei
added 12 hours ago43 views

Good Layers LMS Plugin <= 2.1.4 - SQL Injection

An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin = 2.1.4 exists due to the usage of "wpajaxnopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlrlmscancelbooking" where POST Parameter "id" was sent straight into SQL query witho...

9.8CVSS7.1AI score0.1064EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday48 views

SaltStack <=3002 - Shell Injection

SaltStack Salt through 3002 allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt-API using the SSH client. id: CVE-2020-16846 info: name: SaltStack =3003 to mitigate this vulnerability. reference: -...

9.8CVSS7AI score0.99585EPSS
Exploits5References5
ATTACKERKB
ATTACKERKB
added 3 days ago5 views

CVE-2026-0279

Multiple cross site scripting vulnerabilities in the User-ID™ Authentication Portal aka Captive Portal service, GlobalProtect™ gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS® software enables a malicious unauthenticated user to store or execute malicious JavaScript payloa...

5.3CVSS5.4AI score0.01172EPSS
Exploits0References2Affected Software2
NVD
NVD
added 4 days ago11 views

CVE-2026-6818

The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'specialrequests' parameter in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS0.00236EPSS
Exploits0References4
NVD
NVD
added 4 days ago9 views

CVE-2026-9842

The Backstage - Customizer Demo Access plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.2. This is due to the plugin assigning the manageoptions capability to the backstagecustomizeruser demo role, which is more permissive than necessary for...

7.5CVSS0.00256EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/04 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2025-71385

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG...

6.1CVSS6AI score0.0024EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 2:13 p.m.3 views

PYSEC-2026-741 XML Entity Expansion in trytond and proteus

An XML Entity Expansion XEE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform Command Line Client proteus 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. A...

7.5CVSS6AI score0.01927EPSS
Exploits0References10
OSV
OSV
added 2026/06/29 7:16 p.m.5 views

UBUNTU-CVE-2026-13757

A flaw was found in p11-kit. The RPC message attribute parsing functions p11rpcmessagegetattribute and p11rpcmessagegetattributearrayvalue form a mutually-recursive call chain with no recursion depth limit when processing nested CKAWRAPTEMPLATE, CKAUNWRAPTEMPLATE, and CKADERIVETEMPLATE attributes...

6.2CVSS5.8AI score0.00132EPSS
Exploits0References3
NVD
NVD
added 2026/06/27 6:16 a.m.8 views

CVE-2026-13245

The MaxButtons – Create buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'view' parameter in all versions up to, and including, 9.8.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00211EPSS
Exploits0References4
CVE
CVE
added 2026/06/26 8:44 p.m.46 views

CVE-2026-54350

Budibase CVE-2026-54350 describes an unauthenticated NoSQL injection against published Budibase apps. EnrichContext substitutes query parameters into the JSON body and JSON.parse can lift attacker-controlled fields into the parsed filter, allowing an attacker with a PUBLIC query to read (and for ...

10CVSS5.8AI score0.00538EPSS
Exploits2References1Affected Software1
CISA KEV Catalog
CISA KEV Catalog
added 2026/06/18 12:0 a.m.10 views

Splunk Enterprise Missing Authentication for Critical Function Vulnerability

Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint...

9.8CVSS5.9AI score0.88171EPSS
In wildExploits5
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.14 views

PT-2026-50500

Name of the Vulnerable Software and Affected Versions Cisco Webex App affected versions not specified Description An issue in the browser-based version of the application allows an unauthenticated remote attacker to redirect users to a malicious webpage. This occurs due to improper input validati...

5CVSS5.9AI score0.00202EPSS
Exploits0References8
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.262 views

Confluence Server - Remote Code Execution

Confluence Server and Data Center contain an OGNL injection vulnerability that could allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version...

9.8CVSS8.5AI score0.99999EPSS
Exploits45References5
CVE
CVE
added 2026/06/15 8:17 p.m.11 views

CVE-2026-39514

The CVE describes an unauthenticated Reflected Cross Site Scripting (XSS) vulnerability in the WordPress plugin Paid Member Subscriptions (versions up to 2.17.3 ). The issue is triggered via reflected input, affecting the plugin’s handling of user-supplied data and potentially enabling code execu...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 9:5 a.m.9 views

BIT-GITLAB-2026-7250 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an unauthenticated user to cause denial of service due to improper input validation in the API request...

7.5CVSS5.4AI score0.0037EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.10 views

CVE-2026-9211

An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation...

8.8CVSS5.5AI score0.00235EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 6:31 p.m.11 views

EUVD-2026-35458

An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation...

7.7CVSS5.5AI score0.00235EPSS
Exploits0References5
NVD
NVD
added 2026/06/09 5:17 p.m.15 views

CVE-2026-9211

An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation...

8.8CVSS0.00235EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.11 views

CVE-2026-45660

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.22 and 6.18.1, the Glide image proxy's URL validation could be bypassed using an IP representation that wasn't normalized before the public-IP check. An unauthenticated user could cause the server to make HTTP...

5.4CVSS5.5AI score0.00151EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.10 views

CVE-2026-45620

WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck or admin gate. It only has an entry guard: pregmatch'/^@/', $REQUEST'term' and hard-coded rowCount=10. This enables unauthenticated user enumeration...

5.3CVSS5.4AI score0.00193EPSS
Exploits0References1
Rows per page
Query Builder