Lucene search
K

2784 matches found

CVE
CVE
added 11 hours ago11 views

CVE-2026-14482

The CVE-2026-14482 entry covers the WordPress plugin “多说社会化评论框” (

8.8CVSS6AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added 6 days ago9 views

CVE-2026-57764

Contributor Cross Site Scripting XSS in Surbma | Yoast SEO Breadcrumb Shortcode = 1.2 versions...

6.5CVSS5.8AI score0.00139EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/23 12:41 p.m.7 views

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: openssl-fips-provider: openssl-fips-provider-3.0.7-1.2.hum1 aarch64, x8664 openssl-fips-provider-so-3.0.7-1.2.hum1 aarch64, x8664 openssl-fips-provider-3.0.7-1.2.hum1.src src...

7.5CVSS7.3AI score0.00981EPSS
Exploits0References3
OSV
OSV
added 2026/06/21 8:3 a.m.16 views

ROOT-APP-MAVEN-CVE-2026-34479 CVE-2026-34479 in io.root.org.apache.logging.log4j:log4j-1.2-api - Patched by Root

Root has patched CVE-2026-34479 in the io.root.org.apache.logging.log4j:log4j-1.2-api package for Root:Maven. Multiple fixed versions available...

7.5CVSS5.8AI score0.00535EPSS
Exploits1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in libsdl1.2, libsdl2

In SDL Simple DirectMedia Layer, from versions 1.2.15 onward, as well as in versions 2.x through 2.0.9, there is a heap-based buffer over-read issue in the Map1toN function within the video/SDLpixels.c file...

8.8CVSS6.9AI score0.02959EPSS
Exploits1References2
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-40751

Unauthenticated PHP Object Injection in Ashtanga = 1.2 versions...

8.1CVSS0.0032EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-39578

Unauthenticated PHP Object Injection in Valiance = 1.2 versions...

5.5CVSS0.0027EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.22 views

CVE-2026-40751 WordPress Ashtanga theme <= 1.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Ashtanga = 1.2 versions...

8.1CVSS0.0032EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:57 p.m.16 views

CVE-2026-40751

CVE-2026-40751 affects WordPress Theme Ashtanga versions

8.1CVSS5.3AI score0.0032EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.24 views

CVE-2026-39578 WordPress Valiance theme <= 1.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Valiance = 1.2 versions...

5.5CVSS0.0027EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:57 p.m.15 views

CVE-2026-39578

CVE-2026-39578 refers to an unauthenticated PHP Object Injection in WordPress Theme Valiance versions

5.5CVSS5.3AI score0.0027EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:16 a.m.11 views

CVE-2026-8883

The Global Body Mass Index Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gbmicalc' shortcode in versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes in the...

6.4CVSS0.00188EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/09 3:41 a.m.32 views

CVE-2026-8883 Global Body Mass Index Calculator <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Global Body Mass Index Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gbmicalc' shortcode in versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes in the...

6.4CVSS0.00188EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.12 views

WordPress plugin Global Body Mass Index Calculator 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.4AI score0.00188EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.10 views

CVE-2026-7659

The Advanced Social Media Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the social shortcode in all versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.7AI score0.00242EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.8 views

CVE-2026-1677

Zephyr sockets created with IPPROTOTLS13 can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS e.g. via mbedtlssslconfmintlsversion. The ClientHello advertises both versions and the peer can...

5.3CVSS5.4AI score0.00197EPSS
Exploits1References1
NVD
NVD
added 2026/06/04 2:16 p.m.14 views

CVE-2019-25726

All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send requests to the admin interface with UNION-based SQL injection payloads in the id...

8.8CVSS0.0027EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/28 10:50 p.m.12 views

CVE-2026-6816 TFA Basic Plugins - Access Bypass

An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2...

5.1CVSS5.8AI score0.00321EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/28 5:30 a.m.37 views

CVE-2026-9644 LiveSmart Video Chat <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The LiveSmart Video Chat Live Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'livesmartwidget' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00156EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/28 5:30 a.m.14 views

CVE-2026-9644 LiveSmart Video Chat <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The LiveSmart Video Chat Live Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'livesmartwidget' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS6AI score0.00156EPSS
Exploits0References2
Rows per page
Query Builder