Lucene search
+L

307 matches found

NVD
NVD
added 6 days ago6 views

CVE-2026-57768

Incorrect Privilege Assignment vulnerability in favethemes Houzez Login Register houzez-login-register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through = 3.3.3...

8.2CVSS0.00228EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-57768 WordPress Houzez Login Register plugin <= 3.3.3 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in favethemes Houzez Login Register houzez-login-register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through = 3.3.3...

8.2CVSS0.00228EPSS
Exploits0References1
CVE
CVE
added 6 days ago15 views

CVE-2026-57768

CVE-2026-57768 impacts the WordPress plugin Houzez Login Register (versions

8.2CVSS6.1AI score0.00228EPSS
Exploits0References1
NVD
NVD
added 2026/07/11 5:16 a.m.9 views

CVE-2026-7559

The Affilia – Affiliate Program & Referral Tracking for WordPress plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.3.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00304EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.9 views

Unity Linux 20.1060e / 20.1070e Security Update: maven-shared-utils (UTSA-2026-016689)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016689 advisory. In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection...

9.8CVSS5.8AI score0.04298EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.14 views

PT-2026-41315

Name of the Vulnerable Software and Affected Versions LibJWT versions 3.0.0 through 3.3.2 Description LibJWT accepts an RSA JSON Web Key JWK lacking an alg parameter as the verification key for HS256, HS384, or HS512 tokens. When using the OpenSSL backend, this results in HMAC verification...

9.1CVSS5.8AI score0.00209EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/05/11 3:49 p.m.20 views

Important: Red Hat Security Advisory: Red Hat AI Inference Server 3.3.3 (CUDA)

Red Hat AI Inference Server 3.3.3 CUDA is now available. Red Hat® AI Inference Server...

9.8CVSS7.3AI score0.0218EPSS
Exploits4References16
RedHat Linux
RedHat Linux
added 2026/05/11 2:14 p.m.19 views

Important: Red Hat Security Advisory: Red Hat AI Inference Server 3.3.3 (ROCm)

Red Hat AI Inference Server 3.3.3 ROCm is now available. Red Hat® AI Inference Server...

9.8CVSS7.3AI score0.0218EPSS
Exploits7References24
RedHat Linux
RedHat Linux
added 2026/05/11 2:12 p.m.20 views

Important: Red Hat Security Advisory: Red Hat AI Inference Server Model Optimization Tools 3.3.3 (CUDA)

Red Hat AI Inference Server Model Optimization Tools 3.3.3 CUDA is now available. Red Hat® AI Inference Server Model Optimization Tools...

9.8CVSS7.3AI score0.0218EPSS
Exploits5References22
CBLMariner
CBLMariner
added 2026/04/23 8:30 p.m.6 views

CVE-2026-1669 affecting package keras for versions less than 3.3.3-7

CVE-2026-1669 affecting package keras for versions less than 3.3.3-7. A patched version of the package is available...

7.5CVSS5.3AI score0.00298EPSS
Exploits0
NVD
NVD
added 2026/04/23 4:16 p.m.7 views

CVE-2026-41238

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are vulnerable to a prototype pollution-based XSS bypass. When an application uses DOMPurify.sanitize with the default configuration no CUSTOMELEMENTHANDLING option, a prior prototype...

6.9CVSS0.00225EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/23 10:3 a.m.6 views

Security Bulletin: Carbon chart DOMPurify XSS Vulnerabilities (CVE-2025-15599, CVE-2026-0540)

Summary Two cross-site scripting XSS vulnerabilities CVE-2025-15599 and CVE-2026-0540 were identified in the DOMPurify library versions 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8. These vulnerabilities allow attackers to bypass attribute sanitization by exploiting missing rawtext element...

6.1CVSS5.7AI score0.0034EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-41238

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are vulnerable to a prototype pollution-based XSS...

6.9CVSS5.1AI score0.00225EPSS
Exploits0References4
OSV
OSV
added 2026/04/16 12:46 a.m.13 views

GHSA-39Q2-94RC-95CP DOMPurify's ADD_TAGS function form bypasses FORBID_TAGS due to short-circuit evaluation

Summary In src/purify.ts:1117-1123, ADDTAGS as a function via EXTRAELEMENTHANDLING.tagCheck bypasses FORBIDTAGS due to short-circuit evaluation. The condition: !tagChecktagName && !ALLOWEDTAGStagName || FORBIDTAGStagName When tagChecktagName returns true, the entire condition is false and the...

5.3CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/04/01 9:34 a.m.22 views

CLEANSTART-2026-SY28275 Security fixes for CVE-2025-0913, CVE-2025-4673, CVE-2025-47907, CVE-2026-24051, CVE-2026-25679, CVE-2026-26958, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-2464-8j7c-4cjm, ghsa-9h8m-3fm2-qjrq, ghsa-fw7p-63qq-7hpr, ghsa-p77j-4mvh-x3m3 applied in versions: 3.3.2-r0, 3.3.3-r3, 3.3.3-r4, 3.4.2-r0

Multiple security vulnerabilities affect the kyverno-policy-reporter-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS6.9AI score0.01557EPSS
Exploits1References23
NVD
NVD
added 2026/02/20 4:22 p.m.7 views

CVE-2024-50452

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Stored XSS.This issue affects Nexter Blocks: from n/a through = 3.3.3...

6.5CVSS0.00215EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/20 3:46 p.m.28 views

CVE-2024-50452 WordPress Nexter Blocks plugin <= 3.3.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Stored XSS.This issue affects Nexter Blocks: from n/a through = 3.3.3...

6.5CVSS0.00215EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.7 views

PT-2026-21027

Name of the Vulnerable Software and Affected Versions POSIMYTH Nexter Blocks the-plus-addons-for-block-editor versions through 3.3.3 Description The software contains a flaw related to improper input handling during web page creation, which allows for Stored Cross-site Scripting XSS. This means...

5.3AI score0.00215EPSS
Exploits0References3
OSV
OSV
added 2026/02/12 12:0 a.m.3 views

OPENSUSE-SU-2026:10187-1 haproxy-3.3.3+git0.465d8e2fc-1.1 on GA media

These are all security issues fixed in the haproxy-3.3.3+git0.465d8e2fc-1.1 package on the GA media of openSUSE Tumbleweed...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.6 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005312)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005312 advisory. REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The...

7.5CVSS8.4AI score0.01192EPSS
Exploits0References4
Rows per page
Query Builder