Lucene search
K

175 matches found

Nuclei
Nuclei
added yesterday17 views

Sunshine Photo Cart <= 3.2.5 - Reflected Cross-Site Scripting

WP Sunshine Sunshine Photo Cart versions up to 3.2.5 contain a reflected cross-site scripting caused by improper input neutralization during web page generation, letting attackers execute malicious scripts in users' browsers, exploit requires attacker to craft malicious input. id: CVE-2024-43971...

7.1CVSS5.8AI score0.00593EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.11 views

CVE-2026-36767

A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request...

10CVSS5.6AI score0.00412EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/30 6:30 p.m.11 views

Shopizer is vulnerable to Cross-site Scripting

Multiple authenticated cross-site scripting XSS vulnerabilities in the XssHttpServletRequestWrapper class of shopizer through version 3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream or getReader functions...

5.4CVSS5.9AI score0.00138EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/30 6:30 p.m.6 views

GHSA-F5W4-7CCJ-5M75 Shopizer has a path traversal issue

A path traversal vulnerability in the /content/images/add endpoint of shopizer through version 3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request...

10CVSS5.9AI score0.00412EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/30 6:30 p.m.16 views

Shopizer has a path traversal issue

A path traversal vulnerability in the /content/images/add endpoint of shopizer through version 3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request...

10CVSS5.9AI score0.00412EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/30 12:0 a.m.3 views

EUVD-2026-26406

Multiple authenticated cross-site scripting XSS vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream or getReader functions...

5.4CVSS5.3AI score0.00138EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/30 12:0 a.m.6 views

EUVD-2026-26401

A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request...

10CVSS5.5AI score0.00412EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/30 12:0 a.m.31 views

CVE-2026-36766

Multiple authenticated cross-site scripting XSS vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream or getReader functions...

0.00138EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/30 12:0 a.m.11 views

CVE-2026-36766

Multiple authenticated cross-site scripting XSS vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream or getReader functions...

5.4CVSS5.3AI score0.00138EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.9 views

Shopizer 跨站脚本漏洞

Shopizer is an open-source e-commerce solution developed by the Shopizer team, based on Java. Version 3.2.5 of Shopizer contains a cross-site scripting vulnerability. This vulnerability stems from the XssHttpServletRequestWrapper class, which has multiple authenticated cross-site scripting...

5.4CVSS5.9AI score0.00138EPSS
Exploits0References1
CVE
CVE
added 2026/04/30 12:0 a.m.14 views

CVE-2026-36767

shopizer 3.2.5 is affected by a path traversal vulnerability in the /content/images/add endpoint that allows an attacker to write arbitrary files to any writable path via a crafted POST request. This is a high-impact issue (CVSS v3.1: 10.0, critical, network access, no authentication, user intera...

10CVSS5.6AI score0.00412EPSS
Exploits0References2
NVD
NVD
added 2026/03/05 6:16 a.m.4 views

CVE-2026-28042

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Astoundify Listify listify allows Reflected XSS.This issue affects Listify: from n/a through = 3.2.5...

7.1CVSS0.0018EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.9 views

WordPress plugin Listify 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5.6AI score0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/18 6:45 p.m.3 views

CVE-2026-22860 Rack has a Directory Traversal via Rack:Directory

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory...

7.5CVSS5.5AI score0.00665EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.8 views

Rack 安全漏洞

Rack is a modular Ruby web server interface developed by the Rack open-source project. Versions of Rack prior to 2.2.22, 3.1.20, and 3.2.5 contained security vulnerabilities. These vulnerabilities stemmed from Rack::Directory’s path checking mechanism, which used string prefix matching, potential...

7.5CVSS6.4AI score0.00665EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/12/17 10:3 a.m.2 views

CVE-2025-59009

Cross-Site Request Forgery CSRF vulnerability in Astoundify Listify listify allows Cross Site Request Forgery.This issue affects Listify: from n/a through = 3.2.5...

4.3CVSS6.9AI score0.00107EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/16 8:12 a.m.25 views

CVE-2025-59009 WordPress Listify theme <= 3.2.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Astoundify Listify listify allows Cross Site Request Forgery.This issue affects Listify: from n/a through = 3.2.5...

4.3CVSS0.00107EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/16 8:12 a.m.2 views

CVE-2025-59009 WordPress Listify theme <= 3.2.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Astoundify Listify listify allows Cross Site Request Forgery.This issue affects Listify: from n/a through = 3.2.5...

4.3CVSS6.5AI score0.00107EPSS
Exploits0References1
CVE
CVE
added 2025/12/16 8:12 a.m.6 views

CVE-2025-59009

CVE-2025-59009 is a CSRF vulnerability in the WordPress theme Listify (Astoundify Listify) up to version 3.2.5. The connected sources describe the issue as an insufficient protection against forged requests originating from malicious sites, enabling actions on behalf of authenticated users. The i...

4.3CVSS6.5AI score0.00107EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.3 views

WordPress plugin Listify 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

4.3CVSS6.6AI score0.00107EPSS
Exploits0References1
Rows per page
Query Builder