Lucene search
K

417 matches found

Nuclei
Nuclei
added 14 hours ago48 views

Securepoint UTM - Leaking Remote Memory Contents

An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not use...

6.5CVSS6.8AI score0.04074EPSS
Exploits4References5
Nuclei
Nuclei
added 14 hours ago35 views

SecurePoint UTM 12.x Session ID Leak

An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface. id:...

7.5CVSS7AI score0.03888EPSS
Exploits4References5
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.32 views

CVE-2026-57351 WordPress HandL UTM Grabber plugin <= 2.9.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in HandL UTM Grabber = 2.9.2 versions...

7.1CVSS0.00191EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:15 a.m.10 views

CVE-2026-57351

Unauthenticated Cross Site Scripting XSS in HandL UTM Grabber = 2.9.2 versions...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 11:15 a.m.19 views

CVE-2026-57351

CVE-2026-57351 affects the WordPress plugin HandL UTM Grabber up to version 2.9.2, with an unauthenticated XSS vulnerability. The connected documents provide the vulnerability type and affected software but do not supply root cause specifics, exploit details, or a remediation. CVSS data (3.1) fro...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-56026

Subscriber Server Side Request Forgery SSRF in utm.codes = 1.9.0 versions...

6.4CVSS0.0022EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.8 views

CVE-2026-56026

The WordPress utm.codes plugin (versions

6.4CVSS5.8AI score0.0022EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/23 12:8 p.m.5 views

WordPress utm.codes plugin <= 1.9.0 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by theviper17 in WordPress Plugin utm.codes versions = 1.9.0...

6.4CVSS5.8AI score0.0022EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/17 9:21 a.m.7 views

WordPress WP Statistics plugin <= 14.16.4 - Unauthenticated Stored Cross-Site Scripting via 'utm_source' Parameter vulnerability

Unauthenticated Stored Cross-Site Scripting via 'utmsource' Parameter vulnerability discovered by daroo in WordPress Plugin WP Statistics versions = 14.16.4...

7.2CVSS5.8AI score0.00476EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/17 1:24 a.m.7 views

EUVD-2026-23342

The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utmsource' parameter in all versions up to, and including, 14.16.4. This is due to insufficient input sanitization and output escaping. The plugin's referral parser copies the raw utmsource value into the...

7.2CVSS5.9AI score0.00476EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/09 10:45 a.m.6 views

CVE-2022-0652

Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710...

7.8CVSS6.7AI score0.00185EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:33 a.m.8 views

CVE-2024-39340

The authentication system of Securepoint UTM mishandles OTP keys. This allows the bypassing of second-factor verification when OTP is enabled in both the administration web interface and the user portal. Affected versions include UTM 11.5 through 12.6.4 and Reseller Preview 12.7.0. The issue has...

8.8CVSS7.2AI score0.0091EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/15 6:6 p.m.12 views

WordPress HandL UTM Grabber / Tracker plugin <= 2.8.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Alex Tselevich nos3curity in WordPress Plugin HandL UTM Grabber versions = 2.8.0...

7.1CVSS6.1AI score0.00147EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/11 6:3 a.m.24 views

CVE-2025-13073

The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6AI score0.00147EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/11 6:3 a.m.20 views

CVE-2025-13072

The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6AI score0.00147EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/10 6:30 a.m.6 views

EUVD-2025-202398

The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.6AI score0.00147EPSS
Exploits0References2
NVD
NVD
added 2025/12/10 6:15 a.m.5 views

CVE-2025-13073

The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS0.00147EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/10 6:0 a.m.35 views

CVE-2025-13073 HandL UTM Grabber / Tracker < 2.8.1 - Reflected XSS via handl_landing_page

The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

0.00147EPSS
Exploits0References1
CVE
CVE
added 2025/12/10 6:0 a.m.19 views

CVE-2025-13073

CVE-2025-13073 refers to the HandL UTM Grabber / Tracker WordPress plugin (versions before 2.8.1). The issue is a Reflected Cross‑Site Scripting flaw where a parameter is output without proper sanitization/escaping, enabling an attacker to potentially affect high‑privilege users (e.g., admin). Af...

7.1CVSS5.7AI score0.00147EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/10 6:0 a.m.2 views

CVE-2025-13072 HandL UTM Grabber / Tracker < 2.8.1 - Reflected XSS via utm_source

The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

5.7AI score0.00147EPSS
Exploits0References1
Rows per page
Query Builder