Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10 matches found

NVD
NVDadded 2026/05/27 7:16 a.m.11 views

CVE-2026-8911

The WP AutoBuzz plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web script...

6.1CVSS0.00145EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/03/12 7:47 p.m.3 views

CVE-2026-32274

Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...

8.7CVSS5.9AI score0.00424EPSS
Exploits0References5Affected Software1
Veracode
Veracodeadded 2020/11/16 3:53 a.m.8 views

Cross-site Scripting (XSS)

shopware/shopware is vulnerable to cross-site scripting XSS. The vulnerability exists as the unsanitized value of the newsletter title, headline, is displayed in the description of campaignKey...

1AI score
Exploits0
Veracode
Veracodeadded 2020/04/07 6:32 a.m.17 views

OS Command Injection

apiconnect-cli-plugins is vulnerable to OS command injection. The vulnerability exists the values of pluginUri is not sanitized and can be controlled by users...

9.8CVSS4AI score0.04358EPSS
Exploits1References2Affected Software1
Veracode
Veracodeadded 2020/04/06 5:54 a.m.16 views

OS Command Injection

node-key-sender is vulnerable to OS command injection. The vulnerability exists through the unsanitized value of arrParams used in exec...

9.8CVSS3.3AI score0.04118EPSS
Exploits1References3Affected Software1
Veracode
Veracodeadded 2020/02/04 1:22 a.m.24 views

SQL Injection

django is vulnerable to SQL injection. The vulnerability exists through the unsanitized value of the user-specified column delimiter in contrib.postgres.aggregates.StringAgg...

9.8CVSS2.3AI score0.65336EPSS
Exploits9References15Affected Software1
Veracode
Veracodeadded 2020/01/28 3:19 a.m.20 views

Cross-Site Scripting (XSS)

simplesamlphp/simplesamlphp is vulnerable to cross-site scripting XSS. The vulnerability exists through the unsanitized value of $this-text in Utils/EMail.php, which is subsequently rendered and executed when a browser loads www/errorreport.php...

5.4CVSS1.6AI score0.00544EPSS
Exploits0References4Affected Software1
Veracode
Veracodeadded 2020/01/13 12:54 a.m.18 views

Arbitrary Code Injection

hot-formula-parser is vulnerable to arbitrary code injection. The vulnerability exists due to the lack of sanitization of the value of yytext, which is used in the exec command...

9.8CVSS3.4AI score0.02107EPSS
Exploits0References4Affected Software1
Veracode
Veracodeadded 2019/07/11 6:7 a.m.13 views

Cross-site Scripting (XSS)

paypal/adaptivepayments-sdk-php is vulnerable to cross-site scripting XSS. The vulnerability exists in the sample application where the value of $REQUEST'payKey' was not sanitized...

6.1CVSS5.8AI score0.0124EPSS
Exploits1References1Affected Software1
OSV
OSVadded 2018/09/05 9:29 p.m.2 views

CVE-2018-16146

The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. The value parameter is not properly sanitized, leading to arbitrary command injection wi...

7.2CVSS5.9AI score0.06197EPSS
Exploits3References3
Rows per page
Query Builder