Lucene search
K

277 matches found

Nuclei
Nuclei
added 10 hours ago74 views

ManageEngine ADSelfService Plus <6121 - Stored Cross-Site Scripting

ManageEngine ADSelfService Plus before 6121 contains a stored cross-site scripting vulnerability via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screens. id: CVE-2022-24681 info: name: ManageEngine ADSelfService Plus 6121 - Stored Cross-Site...

6.1CVSS6.4AI score0.03619EPSS
Exploits1References5
OSV
OSV
added 2026/07/06 6:26 a.m.4 views

OESA-2026-2819 gnome-tour security update

A guided tour and greeter for GNOME.Tour uses by default the logo of the distribution based on the info from /etc/os-release. The application comes with a feature to replace the logo with a welcome video shipped by the distribution. Security Fixes: slab is a pre-allocated storage for a uniform da...

5.1CVSS5.9AI score0.00167EPSS
Exploits0References2
OSV
OSV
added 2026/07/06 6:26 a.m.4 views

OESA-2026-2817 gnome-tour security update

A guided tour and greeter for GNOME.Tour uses by default the logo of the distribution based on the info from /etc/os-release. The application comes with a feature to replace the logo with a welcome video shipped by the distribution. Security Fixes: slab is a pre-allocated storage for a uniform da...

5.1CVSS5.9AI score0.00167EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/24 8:55 a.m.10 views

WordPress Welcome Software Publishing plugin <= 0.0.31 - Authenticated (Subscriber+) Arbitrary Options Update to Privilege Escalation vulnerability

Authenticated Subscriber+ Arbitrary Options Update to Privilege Escalation vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Welcome Software Publishing versions = 0.0.31...

8.8CVSS5.8AI score0.00463EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/24 7:16 a.m.8 views

CVE-2026-4297

The Welcome Software Publishing plugin for WordPress is vulnerable to Arbitrary Options Update in all versions up to and including 0.0.31. This is due to a missing capability check in the ncsetOption function, which is exposed via the nc.setOption XML-RPC method. The function authenticates the us...

8.8CVSS0.00463EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.32 views

CVE-2026-4297 Welcome Software Publishing <= 0.0.31 - Authenticated (Subscriber+) Arbitrary Options Update to Privilege Escalation via 'nc.setOption' XML-RPC Method

The Welcome Software Publishing plugin for WordPress is vulnerable to Arbitrary Options Update in all versions up to and including 0.0.31. This is due to a missing capability check in the ncsetOption function, which is exposed via the nc.setOption XML-RPC method. The function authenticates the us...

8.8CVSS0.00463EPSS
Exploits0References9
CVE
CVE
added 2026/06/24 5:33 a.m.10 views

CVE-2026-4297

The CVE concerns the Welcome Software Publishing WordPress plugin (

8.8CVSS5.8AI score0.00463EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.17 views

PT-2026-51677

Name of the Vulnerable Software and Affected Versions Welcome Software Publishing versions prior to 0.0.32 Description The plugin is subject to an Arbitrary Options Update issue caused by a missing capability check in the nc setOption function, which is exposed through the 'nc.setOption' XML-RPC...

8.8CVSS5.8AI score0.00463EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.9 views

CVE-2026-6184

A weakness has been identified in code-projects Simple Content Management System 1.0. This affects an unknown part of the file /web/admin/welcome.php. Executing a manipulation of the argument News Title can lead to cross site scripting. The attack can be executed remotely. The exploit has been ma...

4.8CVSS3.6AI score0.00302EPSS
Exploits0References1
Fedora
Fedora
added 2026/04/16 11:42 p.m.9 views

[SECURITY] Fedora 44 Update: plasma-welcome-6.6.4-1.fc44

A Friendly onboarding wizard for Plasma...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/04/13 6:30 p.m.5 views

EUVD-2026-21982

A weakness has been identified in code-projects Simple Content Management System 1.0. This affects an unknown part of the file /web/admin/welcome.php. Executing a manipulation of the argument News Title can lead to cross site scripting. The attack can be executed remotely. The exploit has been ma...

4.8CVSS4.2AI score0.00302EPSS
Exploits0References6
NVD
NVD
added 2026/04/13 4:16 p.m.5 views

CVE-2026-6184

A weakness has been identified in code-projects Simple Content Management System 1.0. This affects an unknown part of the file /web/admin/welcome.php. Executing a manipulation of the argument News Title can lead to cross site scripting. The attack can be executed remotely. The exploit has been ma...

4.8CVSS0.00302EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/13 3:0 p.m.8 views

CVE-2026-6184

A weakness has been identified in code-projects Simple Content Management System 1.0. This affects an unknown part of the file /web/admin/welcome.php. Executing a manipulation of the argument News Title can lead to cross site scripting. The attack can be executed remotely. The exploit has been ma...

4.8CVSS4.2AI score0.00302EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/04/13 3:0 p.m.33 views

CVE-2026-6184 code-projects Simple Content Management System welcome.php cross site scripting

A weakness has been identified in code-projects Simple Content Management System 1.0. This affects an unknown part of the file /web/admin/welcome.php. Executing a manipulation of the argument News Title can lead to cross site scripting. The attack can be executed remotely. The exploit has been ma...

4.8CVSS0.00302EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/13 3:0 p.m.3 views

CVE-2026-6184 code-projects Simple Content Management System welcome.php cross site scripting

A weakness has been identified in code-projects Simple Content Management System 1.0. This affects an unknown part of the file /web/admin/welcome.php. Executing a manipulation of the argument News Title can lead to cross site scripting. The attack can be executed remotely. The exploit has been ma...

4.8CVSS4.2AI score0.00302EPSS
Exploits0References5
CVE
CVE
added 2026/04/13 3:0 p.m.19 views

CVE-2026-6184

The vulnerability CVE-2026-6184 affects code-projects Simple Content Management System 1.0. A weakness exists in an unknown part of /web/admin/welcome.php where manipulating the argument News Title can result in cross-site scripting. Exploitation can be performed remotely, and public exploits are...

4.8CVSS4.2AI score0.00302EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.6 views

PT-2026-32378

A weakness has been identified in code-projects Simple Content Management System 1.0. This affects an unknown part of the file /web/admin/welcome.php. Executing a manipulation of the argument News Title can lead to cross site scripting. The attack can be executed remotely. The exploit has been ma...

4.8CVSS4.2AI score0.00302EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2026/03/31 11:2 p.m.6 views

nautobot-bgp-models (>=3.0.0a1 <=3.0.0a2), nautobot-capacity-metrics (=4.0.0a1) +12 more potentially affected by CVE-2026-34203 via nautobot (=3.0.0rc2)

nautobot PYPI version =3.0.0rc2 is affected by a known vulnerability. The following packages have a transitive dependency on nautobot and may be impacted: - nautobot-bgp-models =3.0.0a1, =3.0.0rc1, =4.0.0a1, =3.0.0a1, =4.0.0a1, =4.0.0a2 - nautobot-ssot =4.0.0a1 - nautobot-welcome-wizard =3.0.0a1...

4.3CVSS5.8AI score0.00245EPSS
Exploits0
CVE
CVE
added 2026/02/19 4:36 a.m.28 views

CVE-2026-1055

CVE-2026-1055 relates to the TalkJS WordPress plugin and is a stored XSS vulnerability in admin settings (notably the welcomeMessage parameter) present in versions up to 0.1.15. Exploitation requires administrator-level access and affects multi-site installs or sites with unfiltered_html disabled...

4.4CVSS5.7AI score0.00203EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/02/18 8:19 a.m.10 views

WordPress FluentForm plugin <= 5.1.19 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Welcome Screen Fields vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via Welcome Screen Fields vulnerability discovered by zer0gh0st in WordPress Plugin FluentForm versions = 5.1.19...

5.4CVSS5.5AI score0.00322EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder