4139 matches found
Lyrion Music Server <= 9.2.0 - Cross-Site Scripting
Lyrion Music Server 9.2.0 contains a reflected XSS caused by improper sanitization of the search parameter in the server.log endpoint, letting unauthenticated attackers execute arbitrary script in users' browsers. id: CVE-2026-50230 info: name: Lyrion Music Server = 9.2.0 - Cross-Site Scripting...
Python Flask-Security-Too <=5.3.2 - Open Redirect
An open redirect vulnerability exists in the python package Flask-Security-Too prior to version 5.3.3. Attackers can abuse the 'next' parameter on the /login and /register routes to redirect unsuspecting users to malicious sites via crafted URLs, which could lead to phishing or other attacks NVD...
Unlimited Elements for Elementor <= 1.5.93 - Cross Site Scripting
Unlimited Elements For Elementor Free Widgets, Addons, Templates versions up to 1.5.93 contain a reflected cross-site scripting caused by improper neutralization of input during web page generation, letting attackers execute malicious scripts in the victim's browser, exploit requires attacker to...
Sunshine Photo Cart <= 3.1.1 - Reflected Cross-Site Scripting
WP Sunshine Sunshine Photo Cart versions up to 3.1.1 contain a cross-site scripting caused by improper neutralization of input during web page generation, letting attackers execute malicious scripts in users' browsers, exploit requires attacker to craft malicious input. id: CVE-2024-30194 info:...
News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Local File Inclusion
The News & Blog Designer Pack WordPress plugin up to version 3.4.1 contains a remote code execution caused by local file inclusion in the bdpgetmorepost function, letting unauthenticated attackers include arbitrary PHP files, exploit requires AJAX request with crafted POST data. id: CVE-2023-5815...
ionCube Tester Plus <= 1.3 - Local File Inclusion
The ionCube Tester Plus plugin for WordPress versions = 1.3 is vulnerable to unauthenticated arbitrary file read via path traversal. The 'ininame' parameter in loader-wizard.php is not properly sanitized, allowing attackers to read sensitive files such as wp-config.php and /etc/passwd without...
LatePoint <= 5.0.11 - SQL Injection
The LatePoint plugin for WordPress is vulnerable to Arbitrary User Password Change via SQL Injection in versions up to, and including, 5.0.11. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...
A5 Custom Login Page - Reflected XSS
A5 Custom Login Page WordPress plugin v2.8.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires a crafted URL or...
LifterLMS < 8.0.1 - Cross-Site Scripting
LifterLMS WordPress plugin before 8.0.1 contains a reflected XSS caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin via a crafted request. id: CVE-2024-13619 info: name: LifterLMS 8.0.1 - Cross-Site Scripting author:...
Privacy Policy Genius - Cross-Site Scripting
Privacy Policy Genius WordPress plugin v2.0.4 contains a reflected cross-site scripting caused by unsanitized parameter output in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13219...
Astro SSR - Open Redirect
Astro 5.2.0 through 5.12.7 contains an open redirect caused by improper handling of paths with double slashes in trailing slash redirection logic, letting attackers redirect users to arbitrary external domains, exploit requires on-demand SSR with Node or Cloudflare adapters. id: CVE-2025-54793...
Heimdall Application Dashboard < 2.7.3 - Reflected XSS
LinuxServer.io Heimdall 2.7.3 contains a stored XSS caused by improper sanitization of the "q" parameter, letting remote attackers execute scripts, exploit requires crafted input. id: CVE-2025-54597 info: name: Heimdall Application Dashboard 2.7.3 - Reflected XSS author: 0xAkoko severity: medium...
Pinger 1.0 - Remote Code Execution
Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters. id:...
VvvebJs <= 2.0.5 - Cross-Site Scripting
Givanz Vvvebjs = 2.0.5 contains a stored XSS caused by manipulation of the "uploadAllowExtensions" argument in upload.php File Upload Endpoint, letting remote attackers execute scripts, exploit requires crafted input. id: CVE-2026-5615 info: name: VvvebJs = 2.0.5 - Cross-Site Scripting author:...
Vite dev server - Cross-Site Scripting
Vite's dev server, when used with appType: 'custom' and manually invoking server.transformIndexHtml using the unmodified request URL, is vulnerable to XSS via a crafted URL payload. If the HTML being served includes an inline module script ..., an attacker can inject a script via the URL,...
Stirling-PDF < 1.1.0 - Server-Side Request Forgery
Stirling-PDF 1.1.0 contains a server side request forgery caused by bypassing the sanitizer in the /api/v1/convert/html/pdf endpoint when processing HTML to PDF conversion, letting attackers perform SSRF, exploit requires local access. id: CVE-2025-55150 info: name: Stirling-PDF 1.1.0 - Server-Si...
Blesta <= 5.13.1 - Cross-Site Scripting
Blesta 3.x through 5.x before 5.13.3 contains an input validation vulnerability caused by mishandling input, letting attackers potentially exploit the system, exploit requires unspecified conditions. id: CVE-2026-25616 info: name: Blesta = 5.13.1 - Cross-Site Scripting author: 0xAkoko severity:...
SureForms <= 1.13.1 - Sensitive Information Exposure
SureForms WordPress plugin = 1.13.1 contains a sensitive information exposure caused by setting 'authcallback' to 'returntrue' in 'srfmemailnotification' post meta registration, letting unauthenticated attackers access sensitive email notification data, exploit requires no authentication. id:...
DokuWiki <= 2025-05-14a Librarian - Reflected Cross-Site Scripting
DokuWiki 2025-05-14a 'Librarian' contains a stored XSS caused by improper sanitization of the 'q' parameter, letting remote attackers execute arbitrary scripts, exploit requires no special privileges. id: CVE-2025-61224 info: name: DokuWiki = 2025-05-14a Librarian - Reflected Cross-Site Scripting...
LobeHub LobeChat <= 2.1.56 - Server-Side Request Forgery
LobeHub LobeChat versions up to and including 2.1.56 are vulnerable to an unauthenticated server-side request forgery vulnerability in the /webapi/proxy endpoint. The endpoint accepts a URL in the POST request body and fetches it server-side without authentication. id: CVE-2026-54157 info: name:...
MajorDoMo - Unauthenticated RCE
MajorDoMo contains a remote code execution caused by an include order bug and lack of exit after redirect in admin panel's PHP console, letting unauthenticated attackers execute arbitrary PHP code via crafted GET requests. id: CVE-2026-27174 info: name: MajorDoMo - Unauthenticated RCE author:...
Oliver 5 Library Server <8.00.008.053 - Local File Inclusion
Oliver 5 Library Server versions prior to 8.00.008.053 are vulnerable to local file inclusion via the FileServlet function. id: CVE-2021-45027 info: name: Oliver 5 Library Server 8.00.008.053 - Local File Inclusion author: gy741 severity: high description: Oliver 5 Library Server versions prior t...
CHAOS 5.0.1 'sendCommandHandler' - Cross-Site Scripting
Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component. id: CVE-2024-31839 info: name: CHAOS 5.0.1 'sendCommandHandler' - Cross-Site Scripting author: riteshs4hu severity:...
WhatsUp Gold GetStatisticalMonitorList SQL Injection - Authentication Bypass
In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. id: CVE-2024-6671 info: name: WhatsUp Gold GetStatisticalMonitorList SQL Injectio...
WordPress Realtyna Organic IDX Plugin <= 4.14.4 - SQL Injection
The Realtyna Organic IDX plugin plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.14.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...
ChanCMS <= 3.1. - Remote Code Execution
yanyutao0402 ChanCMS = 3.1.2 contains an insecure deserialization caused by manipulation of the "targetUrl" argument in getArticle function of app/modules/cms/controller/collect.js, letting remote attackers execute arbitrary code, exploit requires crafted input. id: CVE-2025-8266 info: name:...
Course Booking System <= 6.0.6 - SQL Injection
The Course Booking System plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 6.0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to...
Studiocart <= 2.9.0 - Cross-Site Scripting
The Studiocart plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if the...
WP Recipe Maker <= 9.1.0 - Reflected XSS via Referer Header
The WP Recipe Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'Referer' header in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. The Referer header value is used directly in the href attribute of the "Back"...
PropertyHive < 2.1.1 - Cross-Site Scripting
The Property Hive plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'phmessage' parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
WordPress File Manager < 3.0 - Cross-Site Scripting
WordPress File Manager plugin before 3.0 is vulnerable to authenticated reflected cross-site scripting XSS via the lang parameter in the admin dashboard. The parameter is directly echoed into a JavaScript context without proper sanitization. id: CVE-2018-16363 info: name: WordPress File Manager 3...
Dify - User Enumeration via "Account not found" Message
A user enumeration vulnerability exists in langgenius/dify, where the login API leaks information about whether a user account exists or not. When an invalid/non-existent email is used during login, the API returns a distinct error message such as "accountnotfound" or "Account not found.", allowi...
XWiki – Stored Cross-Site Scripting (XSS)
XWiki through version 17.3.0 contains stored cross-site scripting caused by improper sanitization of inputs in the Administration interface's Presentation section, letting authenticated administrators inject JavaScript that executes in visitors' browsers, exploit requires administrator...
WeiPHP 5.0 - Path Traversal
WeiPHP 5.0 contains a path traversal caused by insufficient input validation of the picUrl parameter in /public/index.php/material/Material/downloadimgage, letting unauthenticated remote attackers read arbitrary files. id: CVE-2025-34045 info: name: WeiPHP 5.0 - Path Traversal author: pikpikcu...
XWiki REST API - Attachments Disclosure
A vulnerability in XWiki's REST API allows unauthenticated users to access attachments list and metadata through the attachments endpoint. This could lead to disclosure of sensitive information stored in attachments metadata. id: CVE-2025-46554 info: name: XWiki REST API - Attachments Disclosure...
Adobe Experience Manager Forms - Insecure Deserialization
Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user...
SmarterTools SmarterMail - Admin Password Reset
Detected a SmartMail admin password reset vulnerability by sending a POST request to the /api/v1/auth/force-reset-password endpoint, indicating that administrative password resets could potentially be triggered without proper authorization. id: CVE-2026-23760 info: name: SmarterTools SmarterMail ...
Shenzhen Aitemi M300 Wi-Fi Repeater – Unauthenticated Remote Command Execution via `time` Parameter
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike othe...
XWiki XML View - Sensitive Information Exposure
A vulnerability in XWiki's XML view functionality exposes sensitive information such as passwords and email addresses that are stored in custom fields not explicitly named as password or email. This information disclosure occurs when accessing user profiles with the xml.vm template. id:...
EventON Lite <= 2.4 - Authenticated Local File Inclusion
Ashan Perera EventON contains a PHP remote file inclusion caused by improper control of filename in include/require statements, letting attackers include local files, exploit requires attacker to control include filename. id: CVE-2025-32614 info: name: EventON Lite = 2.4 - Authenticated Local Fil...
SiYuan <= v3.5.9 - Cross Site Scripting
SiYuan v3.5.10 contains a reflected XSS caused by improper sanitization of javascript: href attributes allowing ASCII control characters to bypass prefix checks in SVG sanitizer, letting unauthenticated attackers execute JavaScript via /api/icon/getDynamicIcon. id: CVE-2026-31809 info: name: SiYu...
WordPress Campress Theme <= 1.35 - Unauthenticated Local File Inclusion
Campress theme for WordPress up to 1.35 contains a local file inclusion caused by 'campresswoocommercegetajaxproducts' function, letting unauthenticated attackers include and execute arbitrary PHP files, exploit requires no authentication. id: CVE-2024-10763 info: name: WordPress Campress Theme =...
Letta Letta 0.7.12 - Remote Code Execution
Letta 0.7.12 is vulnerable to remote code execution via POST /v1/tools/run in letta.server.restapi.routers.v1.tools.runtoolfromsource, allowing attackers to execute arbitrary Python and OS commands via crafted tool source code. id: CVE-2025-51482 info: name: Letta Letta 0.7.12 - Remote Code...
WP Extended < 3.0.0 - Stored Cross-Site Scripting
The Ultimate WordPress Toolkit - WP Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...
WordPress Competition Form Plugin <= 2.0 - Cross-Site Scripting
Competition Form WordPress plugin = 2.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires victim to visit a...
WordPress Stray Random Quotes <= 1.9.9 - Cross-Site Scripting
Stray Random Quotes WordPress plugin = 1.9.9 contains a reflected cross-site scripting caused by a lack of sanitization and escaping of a parameter before output, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL...
LatePoint <= 5.0.12 - Authentication Bypass
LatePoint plugin for WordPress versions up to 5.0.12 contains an authentication bypass caused by insufficient verification of user during booking, letting unauthenticated attackers log in as any existing user if they have user ID access, exploit requires access to user ID, and the 'Use WordPress...
WordPress 1 Click Migration Plugin < 2.3 - Information Exposure
The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 via the class-ocm-backup.php. This makes it possible for unauthenticated attackers to extract sensitive data includi...
Frontend Post Submission Manager Lite <= 1.2.7 - Open Redirect
The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Open Redirection in all versions up to, and including, 1.2.7 due to insufficient validation on the 'requestedpage' POST parameter in the verifyusernamepassword function. This makes it possible for unauthenticated...
Cost Calculator Builder <= 3.2.15 - SQL Injection
The Cost Calculator Builder plugin for WordPress is vulnerable to SQL Injection via discount codes in versions up to, and including, 3.2.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...