Lucene search
K

108857 matches found

Nuclei
Nuclei
added 14 hours ago15 views

WSO2 - Server Side Request Forgery

WSO2 products contain SSRF and reflected XSS vulnerabilities in the deprecated Try-It feature accessible only to administrative users, caused by improper URL validation and direct content reflection, letting attackers trick admins into executing arbitrary JavaScript and querying internal services...

5.9CVSS6.2AI score0.00583EPSS
Exploits0References1
Nuclei
Nuclei
added 14 hours ago39 views

RosarioSIS 6.7.2 - Cross-Site Scripting

RosarioSIS version 6.7.2 and earlier contains a reflected cross-site scripting XSS vulnerability in the Preferences module. The 'tab' parameter in Modules.php is not properly sanitized, allowing an attacker to inject arbitrary JavaScript code via a crafted URL. id: CVE-2020-15718 info: name:...

6.1CVSS6.5AI score0.06325EPSS
Exploits2
Nuclei
Nuclei
added 14 hours ago17 views

BMC FootPrints 'feedUrl' - Server-Side Request Forgery

BMC FootPrints versions 20.20.02 through 20.24.01.001 contain a Server-Side Request Forgery SSRF vulnerability in the /footprints/servicedesk/externalfeed/RSS endpoint. The 'feedUrl' parameter allows unauthenticated attackers to force the server to make HTTP requests to arbitrary URLs, enabling...

8.8CVSS6.3AI score0.3436EPSS
Exploits2References3
Nuclei
Nuclei
added 14 hours ago54 views

Ally – Web Accessibility & Usability <= 4.0.3 - SQL Injection

The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user-supplied URL parameter in the getglobalremediations method, where it is directly concatenated...

7.5CVSS6.7AI score0.02289EPSS
Exploits1References2
Nuclei
Nuclei
added 14 hours ago11 views

URL Shortify <= 1.12.1 - Open Redirect

The URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.12.1 due to insufficient validation on the 'redirectto' parameter in the promotional dismissal handler. This makes it possible for unauthenticated attackers to redirect users to potentiall...

4.7CVSS6.1AI score0.00592EPSS
Exploits0References2
Nuclei
Nuclei
added 14 hours ago12 views

DedeCMS - Open Redirect via download.php

Dedecms 5.71sp1 and earlier contain a URL redirect caused by a logic error that does not properly validate GET request input, letting attackers redirect users to arbitrary URLs, exploit requires sending crafted GET requests. id: CVE-2024-57241 info: name: DedeCMS - Open Redirect via download.php...

6.5CVSS6.2AI score0.01125EPSS
Exploits0References2
Nuclei
Nuclei
added 14 hours ago18 views

WordPress FluentCRM <= 2.9.87 - Unauthenticated Blind SSRF

FluentCRM WordPress plugin = 2.9.87 contains a blind server-side request forgery caused by improper validation of the 'SubscribeURL' parameter, letting unauthenticated attackers make arbitrary web requests, exploit requires unconfigured SES bounce handling key. id: CVE-2026-7798 info: name:...

5.4CVSS6.2AI score0.00645EPSS
Exploits0References3
Nuclei
Nuclei
added 14 hours ago15 views

Ozette Plugins - Cross-Site Request Forgery

An attacker can update, create, and remove the site's mobile redirects via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. id: CVE-2023-23897 info: name: Ozette Plugins - Cross-Site Request Forgery author: popcorn94 severity: medi...

8.8CVSS7AI score0.0161EPSS
Exploits0References3
Nuclei
Nuclei
added 14 hours ago18 views

FastChat - Open Redirect

Detects an open redirect vulnerability in lm-sys/fastchat version 0.2.36, which allows attackers to redirect users to malicious URLs. id: CVE-2024-10908 info: name: FastChat - Open Redirect author: DhiyaneshDK severity: medium description: | Detects an open redirect vulnerability in lm-sys/fastch...

6.1CVSS6.4AI score0.0077EPSS
Exploits1References1
Nuclei
Nuclei
added 14 hours ago12 views

Fides Privacy Center ≤ 2.39.1 - Server-Side URL Disclosure

Fides versions 2.19.0 to before 2.39.2rc0 contain an information disclosure caused by unauthenticated HTTP GET request to the Privacy Center, letting attackers access the SERVERSIDEFIDESAPIURL, which may reveal server configuration details, exploit requires no authentication. id: CVE-2024-31223...

5.3CVSS6.1AI score0.01114EPSS
Exploits1References3
Nuclei
Nuclei
added 14 hours ago75 views

WordPress HC Custom WP-Admin URL <=1.4 - Admin Login URL Disclosure

The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request id: CVE-2022-1595 info: name: WordPress HC Custom WP-Admin URL =1.5 to mitigate the vulnerability. reference: -...

5.3CVSS6.2AI score0.02621EPSS
Exploits2References3
Nuclei
Nuclei
added 14 hours ago67 views

ClinicCases 7.3.3 Cross-Site Scripting

ClinicCases 7.3.3 is susceptible to multiple reflected cross-site scripting vulnerabilities that could allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in account takeover via session token theft. id: CVE-2021-38704 info: name:...

6.1CVSS6.5AI score0.03521EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago110 views

WordPress Redux Framework <=4.2.11 - Information Disclosure

WordPress Redux Framework plugin through 4.2.11 is susceptible to information disclosure. The plugin registers several unique AJAX actions available to unauthenticated users in the includes function in redux-core/class-redux-core.php. These are predictable, given that they are based on an md5 has...

5.3CVSS6.2AI score0.28961EPSS
Exploits6References5
Nuclei
Nuclei
added 14 hours ago188 views

XWiki >= 6.2-milestone-1 - Cross-Site Scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the DeleteApplication page to perform a XSS, e.g. by using URL such as:...

9.6CVSS6.3AI score0.02377EPSS
Exploits0References2
Nuclei
Nuclei
added 14 hours ago99 views

Calibre <= 7.15.0 - Reflected Cross-Site Scripting (XSS)

It is possible to inject arbitrary JavaScript code into the /browse endpoint of the Calibre content server, allowing an attacker to craft a URL that when clicked by a victim, will execute the attacker’s JavaScript code in the context of the victim’s browser. If the Calibre server is running with...

6.1CVSS6.3AI score0.2406EPSS
Exploits1References1
Nuclei
Nuclei
added 14 hours ago107 views

MooSocial 3.1.8 - Cross-Site Scripting

A reflected cross-site scripting XSS vulnerability exisits in the dataredirecturl parameter on user login function of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL. id: CVE-2023-43325 info: name: MooSocial 3.1.8 - Cross-Sit...

6.1CVSS6.4AI score0.01857EPSS
Exploits4References5
Nuclei
Nuclei
added 14 hours ago21 views

WP Dream Carousel < 1.0.1b - Cross-Site Scripting

WP Dream Carousel WordPress plugin 1.0.1b contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute arbitrary scripts in the context of high privilege users, exploit requires victim to load a...

6.1CVSS7.2AI score0.00567EPSS
Exploits1References2
Circl
Circl
added 14 hours ago5 views

CVE-2026-11567

creationtimestamp| type| source ---|---|--- 2026-07-14 06:39:52+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mqllwpvip62s 2026-07-14 09:23:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqlv2n25xx27...

5.9CVSS6.1AI score
Exploits0References2
Circl
Circl
added 14 hours ago5 views

CVE-2026-15669

creationtimestamp| type| source ---|---|--- 2026-07-14 06:38:25+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mqllu4jrw32u 2026-07-14 09:50:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqlwkujr2s2w...

5.3CVSS6.2AI score
Exploits0References2
Circl
Circl
added 15 hours ago7 views

CVE-2026-15628

creationtimestamp| type| source ---|---|--- 2026-07-14 05:52:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqljbsldb52l...

6.5CVSS6.6AI score
Exploits0References1
Rows per page
Query Builder