Lucene search
K

14259 matches found

Nuclei
Nuclei
added 18 hours ago72 views

Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored)

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting XSS vulnerability via Post content. id: CVE-2022-42096 info: name: Backdrop CMS version 1.23.0 - Cross Site Scripting Stored author: theamanrawat severity: medium description: | Backdrop CMS version 1.23.0 was...

4.8CVSS6AI score0.0196EPSS
Exploits1References5
Nuclei
Nuclei
added 18 hours ago79 views

WWBN AVideo 11.6 - Cross-Site Scripting

A reflected XSS vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff, allowing arbitrary Javascript execution. id: CVE-2023-48728 info: name: WWBN AVideo 11.6 - Cross-Site Scripting author: ritikchaddha severity: medium...

9.6CVSS6.8AI score0.02268EPSS
Exploits1References2
Nuclei
Nuclei
added 18 hours ago69 views

IBAX - SQL Injection

IBAX go-ibax functionality is susceptible to SQL injection via the file /api/v2/open/rowsInfo. The manipulation of the argument tablename leads to SQL injection, and the attack may be launched remotely. An attacker can potentially obtain sensitive information, modify data, and/or execute...

8.8CVSS7AI score0.02241EPSS
Exploits0References4
Nuclei
Nuclei
added 18 hours ago107 views

Online Fire Reporting System v1.0 - SQL injection

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=deleteinquiry. id: CVE-2022-31978 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: critical description: | Online Fire Reporting System v1.0 is vulnerable to...

9.8CVSS7.1AI score0.0716EPSS
Exploits1References3
Nuclei
Nuclei
added 18 hours ago76 views

GamiPress <= 2.8.9 - SQL Injection

GamiPress WordPress plugin version 2.8.9 and below suffers from an SQL injection vulnerability due to insufficient sanitization of user input, allowing attackers to execute arbitrary SQL commands. id: CVE-2024-13496 info: name: GamiPress = 2.8.9 - SQL Injection author: ritikchaddha severity: high...

7.5CVSS7.3AI score0.0215EPSS
Exploits0References2
Nuclei
Nuclei
added 18 hours ago68 views

PuneethReddyHC Online Shopping System homeaction.php SQL Injection

An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping System through the /homeaction.php catid parameter. Using a post request does not sanitize the user input. id: CVE-2021-41649 info: name: PuneethReddyHC Online Shopping System homeaction.php SQL Injection...

9.8CVSS7.1AI score0.5177EPSS
Exploits2References5
Nuclei
Nuclei
added 18 hours ago109 views

Hongdian H8922 3.0.5 Devices - Local File Inclusion

Hongdian H8922 3.0.5 devices are vulnerable to local file inclusion. The /logdownload.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ e.g., ../../etc/passwd This can be carried out wi...

6.5CVSS6.8AI score0.13751EPSS
Exploits1References5
Nuclei
Nuclei
added 18 hours ago55 views

WordPress AnyComment <0.3.5 - Open Redirect

WordPress AnyComment plugin before 0.3.5 contains an open redirect vulnerability via an API endpoint which passes user input via the redirect parameter to the wpredirect function without being validated. An attacker can redirect a user to a malicious site and possibly obtain sensitive information...

6.1CVSS6.4AI score0.02208EPSS
Exploits2References4
Nuclei
Nuclei
added 18 hours ago236 views

OpenAM<=15.0.3 FreeMarker - Template Injection

OpenAM is an open access management solution. In versions 15.0.3 and prior, the getCustomLoginUrlTemplate method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input id: CVE-2024-41667 info: name: OpenAM=15.0.3 FreeMarker - Template Injection...

8.8CVSS7AI score0.03536EPSS
Exploits0References4
Nuclei
Nuclei
added 18 hours ago17 views

Push Notification for Post and BuddyPress <= 1.93 - SQL Injection

Push Notification for Post and BuddyPress plugin for WordPress is vulnerable to SQL Injection via the 'onesignalexternalid' and 'onesignalgetsubscriptionoptionsid' paramters in all versions up to, and including, 1.93 due to insufficient escaping on the user supplied parameter and lack of sufficie...

9.8CVSS6.1AI score0.02491EPSS
Exploits1References2
Nuclei
Nuclei
added 18 hours ago18 views

Moodle LMS Jmol Plugin <= 6.1 - Cross-Site Scripting

A reflected cross-site scripting XSS vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript...

6.1CVSS6.3AI score0.00626EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56661

Name of the Vulnerable Software and Affected Versions Location Selector versions 0.0.0 through 1.3.0 Description An SQL injection issue exists in the Location Selector module, which provides a Views filter for selecting location values. A specific Views filter fails to sufficiently sanitize value...

6.1AI score0.00194EPSS
Exploits0References3
OSV
OSV
added 6 days ago4 views

PYSEC-2026-1474 Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter

The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as opposed to only values as user input, and...

5.4CVSS6.7AI score0.00979EPSS
Exploits0References11
NVD
NVD
added 2026/07/06 9:16 p.m.6 views

CVE-2026-21384

Memory Corruption when updating prepared commands with invalid port indices based on user space input exceeds supported read client limits...

5.3CVSS0.00056EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:9 p.m.11 views

CVE-2026-21384

Memory Corruption when updating prepared commands with invalid port indices based on user space input exceeds supported read client limits...

5.3CVSS6AI score0.00056EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/06 8:9 p.m.10 views

EUVD-2026-41931

Memory Corruption when updating prepared commands with invalid port indices based on user space input exceeds supported read client limits...

5.3CVSS6AI score0.00056EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 8:9 p.m.12 views

CVE-2026-21384

CVE-2026-21384 describes a memory corruption vulnerability in a camera driver where updating prepared commands with invalid port indices (driven by user-space input) can exceed read client limits, causing an out-of-bounds write. The issue is tied to a local attack vector with high complexity and ...

5.3CVSS6AI score0.00056EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.6 views

PT-2026-55993

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon affected versions not specified Description Memory corruption occurs when updating prepared commands using invalid port indices derived from user space input that exceed the supported read client limits. Recommendations At...

5.3CVSS6.1AI score0.00056EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/01 2:51 p.m.34 views

CVE-2026-58037 Core log entries for exceptions and XSS issues in log entry formatting code that may be caused by user-controlled input

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Language/Language.Php, includes/Logging/BlockLogFormatter.Php, includes/Logging/LogFormatter.Php,...

0.00228EPSS
Exploits0References1
Snyk
Snyk
added 2026/07/01 6:9 a.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper handling of user-supplied input in the map format. An attacker can execute arbitrary JavaScript code in the context of users viewing affected pages by injecting malicious payloads. Details Cross-sit...

8.3CVSS5.8AI score0.00134EPSS
Exploits0References2
Rows per page
Query Builder