Lucene search
K

8202 matches found

SUSE CVE
SUSE CVE
added 12 hours ago5 views

SUSE CVE-2025-1015

The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book,...

7.8CVSS6.9AI score0.01276EPSS
Exploits0References7
Nuclei
Nuclei
added 12 hours ago22 views

Nevma Adaptive Images - Arbitrary File Deletion

Nevma Adaptive Images plugin before 0.6.67 for WordPress contains an arbitrary file deletion caused by unsanitized input in adaptive-images-script.php, letting remote attackers delete arbitrary files, exploit requires sending specific request parameters. id: CVE-2019-14206 info: name: Nevma...

7.5CVSS7.4AI score0.04728EPSS
Exploits2References6
Nuclei
Nuclei
added 12 hours ago14 views

Label Studio < 1.16.0 - Cross-Site Scripting

Label Studio prior to version 1.16.0 contains a cross-site scripting caused by rendering unsanitized user-provided HTML in the /projects/upload-example endpoint, letting attackers execute arbitrary JavaScript via crafted labelconfig in a GET request, exploit requires victims to visit malicious UR...

6.1CVSS5.9AI score0.01778EPSS
Exploits2References2
Nuclei
Nuclei
added 12 hours ago7 views

Pinger 1.0 - Remote Code Execution

Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters. id:...

9.8CVSS6.6AI score0.03135EPSS
Exploits0References2
Nuclei
Nuclei
added 12 hours ago10 views

Widget4Call WordPress - Cross-Site Scripting

Widget4Call WordPress plugin = 1.0.7 contains a reflected cross-site scripting caused by unsanitized parameter output in the page, letting attackers execute arbitrary scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13099 info: name:...

5.4CVSS7.4AI score0.00674EPSS
Exploits1References1
Nuclei
Nuclei
added 12 hours ago10 views

WP Pricing Table - Reflected XSS

WP Pricing Table WordPress plugin = 1.1 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute scripts in the context of high privilege users, exploit requires attacker to craft malicious URL. id: CVE-2024-13628 info: name: WP Pricing Table -...

6.1CVSS7.2AI score0.00641EPSS
Exploits1References1
Nuclei
Nuclei
added 12 hours ago8 views

SlideDeck 1 Lite Content Slider - Cross-Site Scripting

SlideDeck 1 Lite Content Slider WordPress plugin = 1.4.8 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13224 inf...

6.1CVSS7.2AI score0.00577EPSS
Exploits1References1
Nuclei
Nuclei
added 12 hours ago21 views

Prometheus Blackbox Exporter - Server-Side Request Forgery (SSRF)

Prometheus Blackbox Exporter through 0.17.0 contains a server-side request forgery caused by unsanitized target parameter in /probe, letting attackers perform SSRF attacks, exploit requires sending crafted target parameter. id: CVE-2020-16248 info: name: Prometheus Blackbox Exporter - Server-Side...

5.8CVSS6.2AI score0.02698EPSS
Exploits1References4
Nuclei
Nuclei
added 12 hours ago17 views

GestioIP - Reflected Cross-Site Scripting

GestioIP v3.5.7 contains a reflected cross-site scripting caused by unsanitized input in the ipdojob request, letting attackers execute scripts in the victim's browser, exploit requires specific user permissions. id: CVE-2024-50857 info: name: GestioIP - Reflected Cross-Site Scripting author:...

4.8CVSS5.6AI score0.01172EPSS
Exploits3References4
Nuclei
Nuclei
added 12 hours ago15 views

Shopware < 5.5.8 - Cross-Site Scripting

Shopware before 5.5.8 contains a reflected cross-site scripting XSS caused by unsanitized query string parameters in the backend/Login or backend/Login/load/ URI, letting attackers execute arbitrary scripts in the context of the victim's browser, exploit requires sending crafted URL to the victim...

7.4CVSS6.9AI score0.02734EPSS
Exploits1References2
Nuclei
Nuclei
added 12 hours ago9 views

WordPress Popup Builder < 4.0.7 - Remote Code Execution

Popup Builder WordPress plugin before 4.0.7 contains a local file inclusion caused by unsanitized 'sgpbtype' parameter in require statement, letting attackers include arbitrary local files or execute code via wrappers like PHAR, exploit requires attacker to control 'sgpbtype' parameter. id:...

8.8CVSS7.5AI score0.05365EPSS
Exploits2References2
Nuclei
Nuclei
added 12 hours ago13 views

phpLDAPadmin <= 1.2.3 - Reflected XSS

phpLDAPadmin = 1.2.3 contains a reflected cross-site scripting caused by unsanitized input in htdocs/entrychooser.php via the form, element, rdn, or container parameter, letting attackers execute malicious scripts in victim browsers, exploit requires sending crafted input. id: CVE-2017-11107 info...

6.1CVSS6.3AI score0.02069EPSS
Exploits1References3
Nuclei
Nuclei
added 12 hours ago10 views

WP BASE Booking - Reflected XSS

WP BASE Booking of Appointments, Services and Events WordPress plugin 5.0.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to...

6.1CVSS7.2AI score0.00578EPSS
Exploits1References1
Nuclei
Nuclei
added 12 hours ago10 views

WordPress User Messages <= 1.2.4 - Reflected XSS

WordPress User Messages plugin = 1.2.4 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires victim to load a...

6.1CVSS7.2AI score0.00567EPSS
Exploits1References2
Nuclei
Nuclei
added 12 hours ago10 views

Guten Free Options - Cross Site Scripting

Guten Free Options WordPress plugin = 0.9.5 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to click malicious link. id: CVE-2024-13492 info: name: Guten Free...

6.1CVSS7.2AI score0.00561EPSS
Exploits1References1
Nuclei
Nuclei
added 12 hours ago10 views

Advance Post Prefix WordPress plugin - Reflected XSS

Advance Post Prefix WordPress plugin through 1.1.1 contains a reflected cross-site scripting caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request. id: CVE-2024-12734 info: name: Advance...

6.1CVSS5.6AI score0.00521EPSS
Exploits1References2
Nuclei
Nuclei
added 12 hours ago14 views

YesWiki < 4.5.4 - Cross-Site Scripting

YesWiki 4.5.4 contains a reflected cross-site scripting caused by unsanitized idformulaire parameter in /?BazaR endpoint, letting attackers steal cookies and hijack sessions, exploit requires user to click malicious link. id: CVE-2025-46550 info: name: YesWiki 4.5.4 - Cross-Site Scripting author:...

6.1CVSS5.6AI score0.00498EPSS
Exploits1References2
Nuclei
Nuclei
added 12 hours ago14 views

iBuildApp <= 0.2.0 - Reflected Cross-Site Scripting

iBuildApp WordPress plugin through 0.2.0 contains a reflected cross-site scripting caused by unsanitized parameter output in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13326 info:...

6.1CVSS7.2AI score0.00561EPSS
Exploits1References2
Nuclei
Nuclei
added 12 hours ago5 views

OWL Carousel Slider - Cross-Site Scripting

OWL Carousel Slider WordPress plugin v2.2 contains a reflected cross-site scripting caused by unsanitized parameter output in the page, letting attackers execute arbitrary scripts in the context of high privilege users, exploit requires attacker to craft malicious URL. id: CVE-2024-13627 info:...

4.7CVSS7.4AI score0.00805EPSS
Exploits1References1
Nuclei
Nuclei
added 12 hours ago12 views

WP DeskLite - Reflected XSS

WP DeskLite WordPress plugin through 1.0.0 contains a reflected XSS caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request. id: CVE-2024-12724 info: name: WP DeskLite - Reflected XSS...

6.1CVSS5.8AI score0.00521EPSS
Exploits1References2
Rows per page
Query Builder