4136 matches found
Payara Server - Cross-Site Scripting
Payara Server versions 4.1.2.191.54, 5.83.0, 6.34.0, and 7.2026.1 contain a stored XSS vulnerability caused by improper input sanitization in the REST Management Interface. This allows attackers to mislead administrators into changing the admin password via a URL payload; however, the exploit...
Letta Letta 0.7.12 - Remote Code Execution
Letta 0.7.12 is vulnerable to remote code execution via POST /v1/tools/run in letta.server.restapi.routers.v1.tools.runtoolfromsource, allowing attackers to execute arbitrary Python and OS commands via crafted tool source code. id: CVE-2025-51482 info: name: Letta Letta 0.7.12 - Remote Code...
Python Flask-Security-Too <=5.3.2 - Open Redirect
An open redirect vulnerability exists in the python package Flask-Security-Too prior to version 5.3.3. Attackers can abuse the 'next' parameter on the /login and /register routes to redirect unsuspecting users to malicious sites via crafted URLs, which could lead to phishing or other attacks NVD...
WordPress Stray Random Quotes <= 1.9.9 - Cross-Site Scripting
Stray Random Quotes WordPress plugin = 1.9.9 contains a reflected cross-site scripting caused by a lack of sanitization and escaping of a parameter before output, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL...
WordPress Competition Form Plugin <= 2.0 - Cross-Site Scripting
Competition Form WordPress plugin = 2.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires victim to visit a...
WP Travel Engine <= 5.7.9 - SQL Injection
WP Travel Engine 5.7.9 and earlier contains a SQL injection caused by improper neutralization of special elements used in an SQL command, letting attackers execute arbitrary SQL queries, exploit requires user interaction. id: CVE-2024-30502 info: name: WP Travel Engine = 5.7.9 - SQL Injection...
Mitel 6000 - OS Command Injection
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 R6.4.0.4006, and the 6970 Conference Unit through 6.4 SP4 R6.4.0.4006 or version V1 R0.1.0, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient paramete...
WordPress Clean Login <= 1.14.5 Authenticated (Contributor+) - Local File Inclusion
The Clean Login plugin for WordPress up to version 1.14.5 contains a path traversal caused by the 'template' attribute in the clean-login-register shortcode, letting authenticated attackers with contributor access include and execute arbitrary files, exploit requires attacker to have contributor ...
ChanCMS <= 3.1. - Remote Code Execution
yanyutao0402 ChanCMS = 3.1.2 contains an insecure deserialization caused by manipulation of the "targetUrl" argument in getArticle function of app/modules/cms/controller/collect.js, letting remote attackers execute arbitrary code, exploit requires crafted input. id: CVE-2025-8266 info: name:...
Studiocart <= 2.9.0 - Cross-Site Scripting
The Studiocart plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if the...
Avigilon ACM - Host Header Injection
A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL. id: CVE-2025-56266 info: name: Avigilon ACM - Host Header Injection author: DhiyaneshDK severity: medium description: | A Host Header Injection vulnerability in...
DAEnetIP4 METO v1.25 - Session Hijacking
DAEnetIP4 METO v1.25 contains improper session management in the /loginok.htm endpoint, letting attackers hijack sessions, exploit requires attacker to control or intercept session tokens. id: CVE-2025-28242 info: name: DAEnetIP4 METO v1.25 - Session Hijacking author: 0xAkoko severity: high...
YesWiki <= 4.5.1 - Cross-Site Scripting
YesWiki alertdocument.domain","YesWiki"' - 'statuscode == 200' - 'containscontenttype, "text/html"' condition: and digest: 4a0a0047304502200362ca1190c63e21f2923bf08de7cb7da7b574446b257e6007dfd76d97c7ed0b02210097168371a37ae69e386417974c7fa650ac4099a59a65f245bd361ac61d391a41:922c64590222798b...
Open Redirect via Organization Switching
An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation Multiple organizations must exist in the Grafana instance - Victim must be on a different organization than the one specified in the URL id: CVE-2025-6197 info:...
YesWiki Reflected XSS via File Upload
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to perform arbitrary actions. This issue has been...
WordPress WPCOM Member <= 1.7.6 - SQL Injection
WPCOM Member plugin for WordPress up to 1.7.6 contains a time-based SQL Injection caused by insufficient escaping and lack of preparation on the 'userphone' parameter, letting unauthenticated attackers extract sensitive information, exploit requires sending crafted 'userphone' parameter. id:...
OneUptime < 10.0.21 - Path Traversal
OneUptime 10.0.21 contains a path traversal caused by unsanitized componentName parameter in /workflow/docs/:componentName endpoint, letting unauthenticated attackers read arbitrary files from the server filesystem. id: CVE-2026-30958 info: name: OneUptime 10.0.21 - Path Traversal author:...
LeadConnector < 3.0.22 - Unauthenticated Arbitrary Data Write
LeadConnector WordPress plugin 3.0.22 contains a broken access control caused by missing authorization in a REST route, letting unauthenticated attackers overwrite existing data remotely, exploit requires no authentication. id: CVE-2026-1890 info: name: LeadConnector 3.0.22 - Unauthenticated...
Campaign Monitor for WordPress - Information Disclosure
Campaign Monitor for WordPress plugin for WordPress versions up to 2.8.15 contains a full path disclosure caused by improper access restriction and enabled displayerrors in /forms/views/admin/create.php, letting unauthenticated attackers retrieve server paths, exploit requires displayerrors to be...
Gogs < 0.14.3 - Unauthenticated Organization Teams Disclosure
Gogs before version 0.14.3 contains an unauthenticated information disclosure vulnerability. The GET /api/v1/orgs/:orgname/teams endpoint returns all teams for any organization without requiring authentication. The route group lacks the reqToken middleware, exposing team IDs, names, descriptions,...
SiYuan <= v3.5.9 - Cross Site Scripting
SiYuan v3.5.10 contains a reflected XSS caused by improper sanitization of javascript: href attributes allowing ASCII control characters to bypass prefix checks in SVG sanitizer, letting unauthenticated attackers execute JavaScript via /api/icon/getDynamicIcon. id: CVE-2026-31809 info: name: SiYu...
Xerte Online Toolkits <= 3.15 - Remote Code Execution
Xerte Online Toolkits versions 3.15 and earlier expose the elFinder file manager connector at /editor/elfinder/php/connector.php without authentication CVE-2026-34413, because the access-control redirect for unauthenticated users does not call exit/die and execution continues server-side. This is...
EventON Lite <= 2.4 - Authenticated Local File Inclusion
Ashan Perera EventON contains a PHP remote file inclusion caused by improper control of filename in include/require statements, letting attackers include local files, exploit requires attacker to control include filename. id: CVE-2025-32614 info: name: EventON Lite = 2.4 - Authenticated Local Fil...
OWL Carousel Slider - Cross-Site Scripting
OWL Carousel Slider WordPress plugin v2.2 contains a reflected cross-site scripting caused by unsanitized parameter output in the page, letting attackers execute arbitrary scripts in the context of high privilege users, exploit requires attacker to craft malicious URL. id: CVE-2024-13627 info:...
WordPress Google Map Professional - Cross-Site Scripting
WordPress Google Map Professional Map In Your Language plugin through 1.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users such ...
WP Extended < 3.0.0 - Stored Cross-Site Scripting
The Ultimate WordPress Toolkit - WP Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...
Dashy <= 4.3.6 - Reflected XSS via Workspace
Dashy versions up to 4.3.6 contain a reflected cross-site scripting vulnerability in the workspace view. The url query parameter is passed directly to an iframe src attribute without scheme validation, allowing an attacker to inject javascript: URIs that execute arbitrary JavaScript in the contex...
FUXA 1.3.0 - Unauthenticated ICS/SCADA Project Data Disclosure
FUXA v1.3.0 exposes full SCADA/HMI project configuration via GET /api/project without authentication, even when secureEnabled is true. The secureFnc middleware auto-generates a valid guest JWT when no token is provided, bypassing authentication. Exposed data includes server-side scripts, device...
AVideo <= 26.0 - WWBN AVideo - Remote Code Execution
WWBN AVideo = 26.0 contains multiple vulnerabilities in the CloneSite plugin including unauthenticated exposure of clone secret keys and OS command injection in rsync command construction, letting unauthenticated attackers achieve remote code execution. id: CVE-2026-33478 info: name: AVideo = 26....
WordPress The Wound Theme <= 0.0.1 - Local File Inclusion
The-wound WordPress theme through 0.0.1 contains a local file inclusion caused by insufficient validation of parameters used to generate paths passed to include functions, letting unauthenticated users perform LFI attacks and download arbitrary files from the server. id: CVE-2025-2558 info: name:...
Adobe Experience Manager Forms - Insecure Deserialization
Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user...
Securden Unified PAM - Authentication Bypass
An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM. id: CVE-2025-53118 info: name: Securden Unified PAM -...
PowerJob List - Authorization Bypass
PowerJob = 5.1.2 contains a broken access control caused by missing authorization in /user/list function, letting remote attackers access unauthorized resources, exploit requires no special privileges. id: CVE-2025-11580 info: name: PowerJob List - Authorization Bypass author: DhiyaneshDk severit...
Progress ADC LoadMaster - Command Injection
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints id: CVE-2026-8037 info: name: Progress ADC LoadMaste...
Spring Framework Path Traversal in Functional Web Frameworks
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...
phpBB < 3.3.17 - Authentication Bypass
phpBB before 3.3.17 contains an authentication bypass vulnerability in the login-link feature. By setting the authprovider query parameter to "apache", an unauthenticated attacker can bypass password verification and log in as any user, including administrators. The Apache auth provider trusts th...