Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

CVE
CVEadded 2026/04/15 8:28 a.m.8 views

CVE-2026-3643

The Accessibly WordPress plugin (versions ≤ 3.0.3) is vulnerable to an unauthenticated Stored XSS via REST API endpoints /otm-ac/v1/update-widget-options and /otm-ac/v1/update-app-config. These endpoints have permission_callback set to __return_true, so no auth checks occur. updateWidgetOptions()...

7.2CVSS5.7AI score0.00179EPSS
Exploits0References9
Cvelist
Cvelistadded 2026/04/15 8:28 a.m.30 views

CVE-2026-3643 Accessibly <= 3.0.3 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Widget Source Injection via REST API

The Accessibly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in all versions up to, and including, 3.0.3. The plugin registers REST API endpoints at /otm-ac/v1/update-widget-options and /otm-ac/v1/update-app-config with the permissioncallback set to returntrue...

7.2CVSS0.00179EPSS
Exploits0References9
RedhatCVE
RedhatCVEadded 2025/08/01 12:7 a.m.4 views

CVE-2025-43239

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. Processing a maliciously crafted file may lead to unexpected app termination...

7.1CVSS6.3AI score0.00074EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 10:47 a.m.8 views

CVE-2024-47127

In the goTenna Pro App there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. This vulnerability can be exploited if the device is being used in an unencrypted environment or if the...

6.5CVSS6.9AI score0.00056EPSS
Exploits0
Vulnrichment
Vulnrichmentadded 2025/03/10 7:11 p.m.10 views

CVE-2024-54560

A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, watchOS 11. A malicious app may be able to modify other apps without having App Management permission...

5.8AI score0.00048EPSS
Exploits0References4
The Hacker News
The Hacker Newsadded 2021/04/07 7:16 a.m.27 views

Pre-Installed Malware Dropper Found On German Gigaset Android Phones

In what appears to be a fresh twist in Android malware, users of Gigaset mobile devices are encountering unwanted apps that are being downloaded and installed through a pre-installed system update app. "The culprit installing these malware apps is the Update app, package name com.redstone.ota.ui,...

1.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notesadded 2016/06/27 5:23 a.m.2 views

DMM Movie Player App fails to verify SSL server certificates

Overview DMM Movie Player App provided by DMM.com Labo Co.,Ltd. fails to verify SSL server certificates. Yuji Tounai of NTT Com Security Japan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

5.9CVSS6.5AI score0.00184EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notesadded 2013/01/18 4:36 a.m.2 views

Documents Pro (formerly Files HD) vulnerable to cross-site scripting

Overview Documents Pro provided by Olive Toast Software Ltd. contains a cross-site scripting vulnerability. Documents Pro provided by Olive Toast Software Ltd. is a document viewer for iOS devices. Documents Pro contains a cross-site scripting vulnerability. Keigo Yamazaki of LAC Co., Ltd. report...

4.3CVSS6.1AI score0.00254EPSS
Exploits0References5
Rows per page
Query Builder