Lucene search
K

20229 matches found

RedhatCVE
RedhatCVE
added 2026/07/01 3:46 p.m.8 views

CVE-2026-58031

A flaw was found in Wikimedia Foundation MediaWiki. This vulnerability, categorized as an Improper Neutralization of Input During Web Page Generation Cross-site Scripting or XSS, allows a remote attacker to inject malicious scripts into web pages. When a user views an affected page, the attacker'...

5.4CVSS5.7AI score0.00133EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/01 9:32 a.m.7 views

CVE-2026-12142

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'name' Array Parameter in all versions up to, and including, 9.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS5.9AI score0.00304EPSS
Exploits0References15
CVE
CVE
added 2026/07/01 7:53 a.m.19 views

CVE-2026-13733

The CVE-2026-13733 entry affects the WordPress Download Manager plugin (versions up to 3.3.60). A Stored Cross-Site Scripting flaw exists in the no_data_msg shortcode attribute due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor-level a...

6.4CVSS5.9AI score0.00206EPSS
Exploits0References8
NVD
NVD
added 2026/07/01 5:16 a.m.8 views

CVE-2026-2387

The Event Organiser plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.12.9. This is due to the 'eoevents' shortcode accepting attacker-controlled 'noevents' content and rendering it in event list templates without output escaping. This makes...

6.4CVSS0.00156EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 4:32 a.m.7 views

EUVD-2026-40902

The Custom Payment Gateways for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'algwccpginputfields' parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS5.9AI score0.00247EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/01 3:43 a.m.9 views

EUVD-2026-40889

The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'conversation' parameter in all versions up to, and including, 8.4.9 due to insufficient input sanitization and output escaping. This makes it possible f...

7.2CVSS5.9AI score0.00524EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2026-40834

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

6AI score0.00145EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2026-40770

Insufficient validation of untrusted input in HTML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

6AI score0.00182EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.11 views

EUVD-2026-40689

Inappropriate implementation in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

6AI score0.00171EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40688

Inappropriate implementation in XML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

6AI score0.00171EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2026-40634

Inappropriate implementation in ScriptInjections in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00201EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40522

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

6AI score0.0022EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40498

Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

6AI score0.00184EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-14001

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted...

6.1CVSS6.2AI score0.00171EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-13836

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTM...

6.1CVSS6.3AI score0.0022EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-13812

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to...

4.7CVSS6.3AI score0.00184EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:17 p.m.4 views

DEBIAN-CVE-2026-14147

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

6.1CVSS6AI score0.00145EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 11:17 p.m.2 views

DEBIAN-CVE-2026-14145

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

6.1CVSS6AI score0.00154EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 11:17 p.m.6 views

CVE-2026-14083

Insufficient validation of untrusted input in HTML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

6.1CVSS0.00182EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:17 p.m.5 views

CVE-2026-14068

Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

6.1CVSS0.00182EPSS
Exploits0References2
Rows per page
Query Builder