Skip to main content
CVE-2021-47946 MEDIUM POC This Month

OpenCart 3.0.36 contains a cross-site request forgery vulnerability in the /account/edit endpoint that allows unauthenticated attackers to modify victim account details by tricking users into. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Authentication Bypass Opencart
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2022-50956 MEDIUM POC This Month

WordPress Plugin amministrazione-aperta 3.7.3 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in the. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress PHP
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2022-50954 MEDIUM POC This Month

WordPress Plugin cab-fare-calculator 1.0.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the controller parameter in. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress LFI PHP Path Traversal
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-8244 MEDIUM POC This Month

Improper authentication in Industrial Application Software IAS Canias ERP 8.03 allows unauthenticated remote attackers to bypass login authentication by manipulating the clientVersion argument in the Login RMI Interface component. The vulnerability enables unauthorized access to the ERP system without valid credentials. Publicly available exploit code exists and the vendor has not responded to disclosure attempts.

Authentication Bypass Canias Erp
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-8226 MEDIUM POC This Month

Denial of service vulnerability in Open5GS up to version 2.7.7 allows remote unauthenticated attackers to crash the service by triggering improper exception handling in the ogs_pcc_rule_install_flow_from_media function within the PCC rule processing library. Publicly available exploit code exists, and the project maintainers have not responded to the early notification despite issue tracking.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-8225 MEDIUM POC This Month

Denial of service in Open5GS up to version 2.7.7 allows remote unauthenticated attackers to crash the Policy Control Function (PCF) service by sending crafted requests to the delete endpoint in the SM policy control handler (pcf_npcf_smpolicycontrol_handle_delete). The vulnerability has a publicly available proof of concept and impacts the availability of 5G network policy enforcement, though the vendor has not yet released a patch despite early notification.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-8241 MEDIUM POC This Month

Improper authorization in Industrial Application Software IAS Canias ERP 8.03 allows unauthenticated remote attackers to obtain sensitive information via the iasGetServerInfoEvent function in the RMI Interface. The vulnerability has a publicly available exploit and CVSS score of 5.3 (medium severity) with confidentiality impact but no integrity or availability impact. The vendor did not respond to early disclosure.

Authentication Bypass Canias Erp
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2021-47953 MEDIUM POC This Month

OpenCart 3.0.3.7 contains a cross-site request forgery vulnerability that allows attackers to change user passwords by sending crafted requests to the account/password endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Opencart
NVD Exploit-DB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2022-50955 MEDIUM POC This Month

WordPress Plugin Curtain 1.0.2 contains a cross-site request forgery vulnerability that allows attackers to activate or deactivate site maintenance mode by crafting malicious requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP CSRF
NVD Exploit-DB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2022-50943 MEDIUM POC This Month

Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2022-50959 MEDIUM POC This Month

WordPress Contact Form Builder 1.6.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting the form_id parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2022-50958 MEDIUM POC This Month

WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the post_id parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2022-50957 MEDIUM POC This Month

Drupal avatar_uploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Avatar Uploader
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2021-47931 MEDIUM POC This Month

Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Exponent Cms
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2021-47924 MEDIUM POC This Month

Ultimate Product Catalog 5.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the price parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP RCE
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2022-50945 MEDIUM POC This Month

WordPress 3dady real-time web stats plugin 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by exploiting unsanitized input. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress XSS
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2022-50969 MEDIUM POC This Month

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the backend/mailingLog/manage module. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ubidauction
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2022-50968 MEDIUM POC This Month

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/manage module. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ubidauction
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2022-50967 MEDIUM POC This Month

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the tickets/manage module. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ubidauction
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2022-50966 MEDIUM POC This Month

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the news/manage module. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ubidauction
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2022-50965 MEDIUM POC This Month

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the posts/manage module. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ubidauction
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2022-50964 MEDIUM POC This Month

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/loose module. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ubidauction
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2022-50963 MEDIUM POC This Month

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/active module. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ubidauction
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2022-50962 MEDIUM POC This Month

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the orders/myOrders module. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ubidauction
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2021-47947 MEDIUM POC This Month

Projectsend r1295 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input in the 'name' parameter of. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2021-47929 MEDIUM POC This Month

Filterable Portfolio Gallery 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by entering payloads in the title field. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Filterable Portfolio Gallery
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2021-47927 MEDIUM POC This Month

WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting insufficient sanitization. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2021-47925 MEDIUM POC This Month

CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in card creation and file. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Cmdbuild
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2021-47922 MEDIUM POC This Month

Slider by Soliloquy 2.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the title parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Slider By Soliloquy
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2021-47910 MEDIUM POC This Month

AccessPress Social Icons 1.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering JavaScript payloads into the 'icon. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Accesspress Social Icons
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2022-50947 MEDIUM POC This Month

WordPress Plugin Testimonial Slider and Showcase 2.2.6 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2021-47951 MEDIUM POC This Month

WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Edit Content URL field in the Access. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2021-47950 MEDIUM POC This Month

Advanced Guestbook 2.4.4 contains a persistent cross-site scripting vulnerability in the smilies administration interface that allows authenticated attackers to inject malicious scripts by. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2021-47926 MEDIUM POC This Month

Contact Form to Email 1.3.24 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating forms with script tags in the form name. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Contact Form To Email
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2021-47907 MEDIUM POC This Month

Rocket LMS 1.1 contains a persistent cross-site scripting vulnerability in the support ticket module that allows authenticated users to inject malicious script code through the title parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rocket Lms
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2022-50970 MEDIUM POC This Month

WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2022-50961 MEDIUM POC This Month

WordPress Plugin IP2Location Country Blocker 2.26.7 contains a stored cross-site scripting vulnerability that allows authenticated users to inject arbitrary JavaScript code through the Frontend. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2022-50960 MEDIUM POC This Month

WordPress International Sms For Contact Form 7 Integration version 1.2 contains a reflected cross-site scripting vulnerability in the page parameter of the admin settings interface. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2022-50949 MEDIUM POC This Month

WordPress Plugin Videos sync PDF 1.7.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting unsanitized nom, pdf, mp4,. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2022-50948 MEDIUM POC This Month

Motopress Hotel Booking Lite 4.2.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting payloads in accommodation type. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Motopress Hotel Booking Lite
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2022-50946 MEDIUM POC This Month

WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the post_title. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2021-47948 MEDIUM POC This Month

WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated attackers to inject arbitrary HTML code by exploiting the Help Text field in payment forms. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-8216 MEDIUM This Month

Improper authentication in IAS Canias ERP 8.03 allows remote unauthenticated attackers to bypass authentication via the iasServerRemoteInterface.doAction function in the Java RMI Session Management component, granting unauthorized access to ERP functionality without valid credentials. CVSS 6.9 indicates moderate severity with low confidentiality and integrity impact. No public exploit code or active exploitation has been confirmed at time of analysis.

Authentication Bypass Java
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-8243 MEDIUM This Month

Hard-coded cryptographic key in Canias ERP 8.03 JNLP Deployment Endpoint allows unauthenticated remote attackers to obtain sensitive information through manipulation of the affected component. The vulnerability affects the Java Network Launch Protocol deployment mechanism, enabling key discovery and potential decryption of encrypted communications. No vendor patch has been released despite early disclosure notification.

Information Disclosure
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-45191 MEDIUM PATCH This Month

Net::CIDR::Lite before version 0.24 accepts CIDR mask values with extraneous leading zeros (such as '/00' or '/01'), causing them to parse identically to their unpadded equivalents ('/0' or '/1'). This permits attackers to bypass IP-based access control lists by supplying alternate representations of the same network prefix, potentially granting unauthorized access to restricted resources. The vulnerability affects all Perl installations using vulnerable versions of this library and is rated with CVSS 6.5 (moderate integrity and availability impact). No active exploitation has been confirmed by CISA, but the flaw is automatable and exploitable remotely without authentication.

Authentication Bypass Suse Red Hat
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-45190 MEDIUM PATCH This Month

Net::CIDR::Lite Perl module versions before 0.24 fail to properly validate IP address and CIDR mask inputs, allowing attackers to bypass IP-based access control lists by supplying malformed addresses that are re-encoded differently by the parser. Inputs with trailing newlines or non-ASCII digit characters pass validation but resolve to unintended IP addresses, causing find() and bin_find() functions to incorrectly match or miss addresses. This affects network security controls that rely on CIDR matching for authorization decisions.

Authentication Bypass Net Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-7263 MEDIUM PATCH This Month

The DOMNode::C14N() method in PHP 8.4.x before 8.4.21 and 8.5.x before 8.5.6 incorrectly processes XML data, creating circular linked lists in the document structure that trigger infinite loops during subsequent XML processing, causing denial of service. Unauthenticated remote attackers can trigger this by submitting malformed XML to applications using affected PHP versions, though attack complexity is noted as present in the CVSS vector.

Denial Of Service PHP
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-6104 MEDIUM PATCH This Month

Out-of-bounds read in PHP's mbstring extension allows remote attackers to trigger information disclosure or denial of service via specially crafted encoding names containing NUL bytes passed to mb_convert_encoding() and related functions. Affected versions: PHP 8.4.0-8.4.20 and 8.5.0-8.5.5. The vulnerability stems from unsafe string length comparison logic that misinterprets strncasecmp() return values when NUL bytes are present, potentially exposing global memory contents or crashing the application. No public exploit code identified at time of analysis.

PHP Information Disclosure Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-8214 MEDIUM This Month

Authentication bypass in IAS Canias ERP 8.03 RMI Interface allows remote attackers to manipulate the sessionId parameter in the doAction function, circumventing authentication controls without requiring credentials or user interaction. Publicly available exploit code exists, and the vendor has not responded to disclosure efforts, leaving affected deployments without an official patch.

Authentication Bypass
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-8215 MEDIUM This Month

Remote path traversal in Industrial Application Software IAS Canias ERP 8.03 allows unauthenticated network attackers to read arbitrary files by manipulating the m_strSourceFileName argument in the iasRequestFileEvent function of the RMI Interface. The vulnerability has been publicly disclosed with proof-of-concept code available, and the vendor has not responded to early disclosure notification.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy