Lucene search
K

3910 matches found

Nuclei
Nuclei
added yesterday40 views

Employee Records System 1.0 - Unauthenticated File Upload RCE

Employee Records System version 1.0 contains an unrestricted file upload vulnerability in uploadID.php that allows remote unauthenticated attackers to upload arbitrary PHP files and achieve remote code execution. id: CVE-2021-4462 info: name: Employee Records System 1.0 - Unauthenticated File...

9.8CVSS6.3AI score0.03237EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday65 views

WordPress Jannah Theme <5.4.4 - Cross-Site Scripting

WordPress Jannah theme before 5.4.4 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the options JSON parameter in its tiegetuserweather AJAX action before outputting it back in the page. id: CVE-2021-24364 info: name: WordPress Jannah Theme 5.4.4 - Cross-Sit...

6.1CVSS6.3AI score0.01975EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday37 views

Hongjing e-HR 2020 - SQL Injection

A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /wselfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the argument...

9.8CVSS6.7AI score0.03766EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday67 views

Webkul QloApps 1.6.0 - Cross-site Scripting

An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter. id: CVE-2023-36287 info: name: Webkul QloApps 1.6.0 - Cross-site Scripting author: theamanrawa...

6.1CVSS6.4AI score0.01199EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday40 views

LibreChat <= 0.7.9 - HTML Injection via Accept-Language Header

danny-avila/librechat 0.7.9 contains a stored XSS caused by improper sanitization of the Accept-Language header, letting logged-in users inject arbitrary HTML into the html lang= tag, exploit requires user to be logged in. id: CVE-2025-8848 info: name: LibreChat marker"...

5.4CVSS6.2AI score0.00423EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday19 views

Episerver 7 - Blind XML External Entity Injection

Episerver 7 patch 4 and earlier contains an XML external entity XXE caused by processing crafted DTD in XML requests involving util/xmlrpc/Handler.ashx, letting remote attackers read arbitrary files, exploit requires sending malicious XML payloads. id: CVE-2017-17762 info: name: Episerver 7 - Bli...

7.5CVSS7.1AI score0.04648EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday87 views

Stable Diffusion Webui 1.10.0 - Open Redirect

An open redirect vulnerability exists in Stable-Diffusion-Webui 1.10.0, where the file parameter in the /file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs. id: CVE-2024-11044...

6.1CVSS6.4AI score0.00816EPSS
Exploits1References1
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-48320 ColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79)

ColdFusion is affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user...

8.5CVSS0.0375EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-48253

CVE-2026-48253 affects Adobe Experience Manager and describes a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could cause malicious JavaScript to execute in the victim’s browser by manipulating the DOM; exploitation requires user interaction (the victim visits a crafted page). T...

5.4CVSS6.1AI score0.00271EPSS
Exploits0References1
CVE
CVE
added 3 days ago6 views

CVE-2026-15596

SourceCodester Class and Exam Timetabling System 1.0 is affected by a cross-site scripting flaw in the /subject.php file where manipulating the subject argument enables XSS. The vulnerability can be exploited remotely and public exploits exist. No specific vendor patch/version remediation is deta...

5.3CVSS4.7AI score0.00347EPSS
Exploits0References6
NVD
NVD
added 3 days ago3 views

CVE-2026-57394

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tribulant Software Newsletters newsletters-lite allows Reflected XSS.This issue affects Newsletters: from n/a through = 4.14...

7.1CVSS0.0018EPSS
Exploits0References1
NVD
NVD
added 3 days ago3 views

CVE-2026-57365

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hitesh Chandwani reCAPTCHA v2 & v3 for Asgaros Forum recaptcha-for-asgaros-forum allows DOM-Based XSS.This issue affects reCAPTCHA v2 & v3 for Asgaros Forum: from n/a through = 1.1.0...

6.5CVSS0.00161EPSS
Exploits0References1
Nuclei
Nuclei
added 3 days ago145 views

WAVLINK WN530H4 live_api.cgi - Command Injection

A remote command-line injection vulnerability in the /cgi-bin/liveapi.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication. id: CVE-2020-12124 info: name: WAVLINK WN530H4 liveapi.cgi - Command Injection author...

10CVSS7.3AI score0.7465EPSS
Exploits0References4
OSV
OSV
added 6 days ago4 views

CVE-2026-15085 AI SEO/GEO Analyzer - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-076

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AI SEO/GEO Analyzer allows Stored XSS. This issue affects AI SEO/GEO Analyzer versions: from 0.0.0 to 1.1.3...

5.4CVSS6.1AI score0.00274EPSS
Exploits0References5
CVE
CVE
added 2026/07/08 1:51 p.m.9 views

CVE-2026-60092

The CVE-2026-60092 entry describes a stored cross-site scripting vulnerability in the AVideo Meet plugin. When a participant joins a public meeting, the raw HTTP User-Agent header is stored in meet_join_log.user_agent without sanitization and later echoed in the Participants management panel (vis...

6.1CVSS5.7AI score0.002EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/07 5:29 p.m.7 views

CVE-2026-48954

Improper validation leads to a generic XSS vector in the language override feature...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/05 12:0 p.m.15 views

CVE-2026-14747

The CVE-2026-14747 entry concerns code-projects Real State Services 1.0. The vulnerability targets an unspecified functionality of /addprojectsale.php, where manipulation of the amen parameter leads to an SQL injection. It is described as exploitable remotely and classified with a CVSS impact pro...

7.5CVSS7AI score0.00269EPSS
Exploits0References6
NVD
NVD
added 2026/07/04 10:16 p.m.9 views

CVE-2026-14656

A security vulnerability has been detected in code-projects Assessment Management 1.0. This affects an unknown part of the file /admin/remove-user.php. The manipulation of the argument ID leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed...

5.3CVSS0.00443EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.11 views

PT-2026-55689

Name of the Vulnerable Software and Affected Versions jairiidriss restaurant-website-php-mysql versions up to 521428b5b612449df0cf4a5d15ee40cba67f3d35 Description A missing authentication flaw exists in the AJAX Endpoint component. A remote attacker can manipulate the '/admin/ajax files' endpoint...

7.5CVSS7.1AI score0.00517EPSS
Exploits0References9
NVD
NVD
added 2026/07/01 4:16 p.m.11 views

CVE-2026-58028

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation CentralAuth. This vulnerability is associated with program files includes/Api/ApiFormatBase.Php, includes/Api/ApiHelp.Php,...

5.4CVSS0.00267EPSS
Exploits0References1
Rows per page
Query Builder