Lucene search
+L

6701 matches found

Nuclei
Nuclei
added 14 hours ago12 views

WP BASE Booking - Reflected XSS

WP BASE Booking of Appointments, Services and Events WordPress plugin 5.0.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to...

6.1CVSS8.1AI score0.00573EPSS
Exploits1References1
Nuclei
Nuclei
added 14 hours ago12 views

WordPress TS Poll < 2.4.0 - SQL Injection

WordPress TS Poll plugin 2.4.0 contains a SQL injection caused by lack of sanitization and escaping of a parameter before using it in a SQL statement, letting attackers perform SQL injection attacks, exploit requires admin privileges. id: CVE-2024-8625 info: name: WordPress TS Poll 2.4.0 - SQL...

7.2CVSS5.6AI score0.02277EPSS
Exploits1References2
Nuclei
Nuclei
added 14 hours ago83 views

MetInfo CMS <= 8.1 - Remote Code Execution

MetInfo CMS 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability caused by insufficient input neutralization in the execution path, letting remote attackers execute arbitrary code remotely, exploit requires crafted requests. id: CVE-2026-29014 info: name: MetInfo CMS = 8....

9.8CVSS9.5AI score0.39688EPSS
Exploits4References3
Nuclei
Nuclei
added 14 hours ago18 views

PublishPress Capabilities < 2.3.1 - Missing Authorization

The PublishPress Capabilities plugin for WordPress before 2.3.1 does not have proper authorization and CSRF checks when updating settings via the init hook, allowing unauthenticated attackers to update arbitrary blog options, such as setting the default role to administrator. id: CVE-2021-25032...

9.8CVSS8.6AI score0.06745EPSS
Exploits2References4
Nuclei
Nuclei
added 14 hours ago22 views

Responsive Pricing Table <= 5.1.12 - Cross-Site Scripting

The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'planicons' parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...

6.4CVSS5.4AI score0.00598EPSS
Exploits0References3
Nuclei
Nuclei
added 14 hours ago56 views

WordPress Job Portal < 2.0.6 - SQL Injection

The WP Job Portal WordPress plugin before 2.0.6 does not sanitise and escape the city parameter before using it in a SQL statement,leading to a SQL injection vulnerability that is exploitable by unauthenticated users. This vulnerability can be used to extractsensitive data from the database or...

9.8CVSS8.6AI score0.03096EPSS
Exploits2References2
Nuclei
Nuclei
added 14 hours ago69 views

WordPress Download Manager - File Password Exposure

The WordPress Download Manager plugin contains a vulnerability that allows attackers to obtain passwords for password-protected downloads by sending a specially crafted request to the validate-password API endpoint. id: CVE-2023-6421 info: name: WordPress Download Manager - File Password Exposure...

7.5CVSS7.3AI score0.02437EPSS
Exploits3References1
Nuclei
Nuclei
added 14 hours ago22 views

CodiMD <2.5.4 - Insecure Filename Randomization

CodiMD does not require valid authentication to access uploaded images or to upload new image data. An attacker who can determine an uploaded image's URL can gain unauthorised access to uploaded image data. Due to the insecure random filename generation in the underlying Formidable library, an...

5.3CVSS5.4AI score0.01158EPSS
Exploits1References3
Nuclei
Nuclei
added 14 hours ago29 views

FasterXML jackson-databind - Deserialization Remote Code Execution

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig aka ibatis-sqlmap. This vulnerability allows attackers to execute arbitrary code through deserialization of...

9.8CVSS8.7AI score0.18671EPSS
Exploits0References3
Nuclei
Nuclei
added 14 hours ago46 views

WordPress JoomSport <5.2.8 - SQL Injection

WordPress JoomSport plugin before 5.2.8 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operation...

9.8CVSS8.8AI score0.04756EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday22 views

Spring Data REST < 2.6.9 (Ingalls SR9) / 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution

Spring Data REST 2.6.9 and 3.0.1, Spring Boot 1.5.9 and 2.0 M6 contain a remote code execution caused by processing malicious PATCH requests with crafted JSON data, letting attackers execute arbitrary Java code, exploit requires sending malicious PATCH requests. id: CVE-2017-8046 info: name: Spri...

9.8CVSS7.5AI score0.74355EPSS
Exploits8References5
Nuclei
Nuclei
added yesterday145 views

FoxCMS v.1.2.5 - Remote Code Execution

An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component. id: CVE-2025-29306 info: name: FoxCMS v.1.2.5 - Remote Code Execution author: ritikchaddha severity: critical description: | An issue in FoxCMS v.1.2.5 allows a...

9.8CVSS7.3AI score0.43655EPSS
Exploits11References3
Nuclei
Nuclei
added yesterday12 views

SolarWinds Web Help Desk - Authentication Bypass

SolarWinds Web Help Desk contains an authentication bypass vulnerability caused by improper access control, letting attackers execute protected actions without authentication, exploit requires no special conditions. id: CVE-2025-40552 info: name: SolarWinds Web Help Desk - Authentication Bypass...

9.8CVSS7.2AI score0.6039EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday1210 views

Flowise - Remote Code Execution

Flowise 3.0.5 contains a remote code execution vulnerability caused by unsafe evaluation of user input in the CustomMCP node's convertToValidJSONString function, letting remote attackers execute arbitrary code with full Node.js privileges, exploit requires user input to be processed by the...

10CVSS7.6AI score0.90183EPSS
Exploits21References2
RedHat Linux
RedHat Linux
added 3 days ago7 views

Important: Red Hat Security Advisory: kernel update

Please update Please update...

8.8CVSS6.7AI score0.00176EPSS
Exploits29References9
Tenable Nessus
Tenable Nessus
added 3 days ago5 views

Oracle Linux 8 : xorg-x11-server-Xwayland (ELSA-2026-38488)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-38488 advisory. 21.1.3-20.3 - CVE fix for: CVE-2026-55999 Resolves: https://redhat.atlassian.net/browse/RHEL-191516 Tenable has extracted the preceding description block...

8.5CVSS6.2AI score0.00212EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 5 days ago8 views

Fedora 43 : xorg-x11-server-Xwayland (2026-6a00d3109f)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-6a00d3109f advisory. Update to xwayland 24.1.13, fixes for: CVE-2026-55999, CVE-2026-56000 Tenable has extracted the preceding description block directly from the Fedora...

9CVSS6.2AI score0.00212EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 5 days ago7 views

Fedora 44 : xorg-x11-server (2026-28b7854014)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-28b7854014 advisory. Update to xserver 21.1.24, fixes for: CVE-2026-55999, CVE-2025-56000 Tenable has extracted the preceding description block directly from the Fedora...

8.5CVSS6.2AI score0.00212EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/10 12:0 a.m.7 views

MiracleLinux 9 : nginx-1.20.1-28.el9_8.2.ML.1 (AXSA:2026-1233:04)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-1233:04 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the MiracleLinux...

9.2CVSS7.2AI score0.61469EPSS
Exploits40References2
Tenable Nessus
Tenable Nessus
added 2026/07/10 12:0 a.m.11 views

Fedora 44 : pam (2026-377015b34b)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-377015b34b advisory. pamuserdb: fix password comparison timing leak Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

8.2CVSS6.2AI score0.00321EPSS
Exploits0References2
Rows per page
Query Builder