Lucene search
+L

70 matches found

RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.15 views

CVE-2026-8893

The Express Payment For Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the stripe-express shortcode in versions up to, and including, 1.28.0. This is due to insufficient input sanitization and output escaping on the shortcode attribute value,...

6.4CVSS5.7AI score0.00188EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/06 12:31 a.m.11 views

EUVD-2026-34924

The Express Payment For Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the stripe-express shortcode in versions up to, and including, 1.28.0. This is due to insufficient input sanitization and output escaping on the shortcode attribute value,...

6.4CVSS5.7AI score0.00188EPSS
Exploits0References5
NVD
NVD
added 2026/06/06 12:16 a.m.10 views

CVE-2026-8893

The Express Payment For Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the stripe-express shortcode in versions up to, and including, 1.28.0. This is due to insufficient input sanitization and output escaping on the shortcode attribute value,...

6.4CVSS0.00188EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/05 11:28 p.m.9 views

CVE-2026-8893 Express Payment For Stripe <= 1.28.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Express Payment For Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the stripe-express shortcode in versions up to, and including, 1.28.0. This is due to insufficient input sanitization and output escaping on the shortcode attribute value,...

6.4CVSS5.7AI score0.00188EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/06/05 10:34 a.m.13 views

WordPress Express Payment For Stripe plugin <= 1.28.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Stripe Express versions = 1.28.0...

6.4CVSS5.4AI score0.00188EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.17 views

PT-2026-47071

Name of the Vulnerable Software and Affected Versions Express Payment For Stripe versions prior to 1.28.1 Description The plugin is subject to Stored Cross-Site Scripting, a flaw where malicious scripts are permanently stored on the target server. The issue occurs within the register shortcode...

6.4CVSS5.7AI score0.00188EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/22 4:38 p.m.7 views

CVE-2026-9255

Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin. We recommend you to upgrade to kiro-cli version...

8.4CVSS6.1AI score0.00119EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/28 7:16 a.m.6 views

CVE-2026-7233

A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fzsubsetcffforgids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly...

6.1CVSS5.4AI score0.00238EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/04/28 6:0 a.m.5 views

CVE-2026-7233

A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fzsubsetcffforgids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly...

6.1CVSS4.2AI score0.00238EPSS
Exploits1
Fedora
Fedora
added 2026/04/25 1:56 a.m.7 views

[SECURITY] Fedora 44 Update: micropython-1.28.0-1.fc44

Implementation of Python 3 with very low memory footprint...

7.8CVSS5AI score0.00395EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2026/04/25 12:0 a.m.13 views

Fedora 44 : micropython (2026-52a9a687f0)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-52a9a687f0 advisory. Update to 1.28.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

7.8CVSS5.3AI score0.00395EPSS
Exploits4References10
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.5 views

Fedora 43 : micropython (2026-29f4f47ade)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-29f4f47ade advisory. Update to 1.28.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

7.8CVSS6.2AI score0.00395EPSS
Exploits4References10
OSV
OSV
added 2026/04/13 2:17 p.m.5 views

BIT-NIFI-2024-45477 Apache NiFi: Improper Neutralization of Input in Parameter Description

Apache NiFi 1.10.0 through 1.27.0 support a description field for Parameters in a Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary JavaScript code, which the client browser will...

4.6CVSS5.6AI score0.00646EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/11 12:0 a.m.8 views

Fedora 45 : micropython (2026-d619d8d077)

The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d619d8d077 advisory. Automatic update for micropython-1.28.0-1.fc45. Changelog Mon Apr 6 2026 Lumr Balhar - 1.28.0-1 - Update to 1.28.0 - Security fix for CVE-2026-1998 ...

7.8CVSS6.2AI score0.00395EPSS
Exploits4References10
EUVD
EUVD
added 2026/03/21 6:30 a.m.5 views

EUVD-2026-13997

The Post Affiliate Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.28.0. This makes it possible for authenticated attackers, with Administrator-level access, to make web requests to initiate arbitrary outbound requests from the...

6.5CVSS5.9AI score0.00259EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.10 views

WordPress plugin Post Affiliate Pro 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS6AI score0.00259EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/11 7:8 a.m.9 views

CVE-2025-62166

FreshRSS is a free, self-hostable RSS aggregator. Prior 1.28.0, a bug in the auth logic related to master authentication tokens, this restriction is bypassed. Usually only the default user's feed should be viewable if anonymous viewing is enabled, and feeds of other users should be private. This...

7.5CVSS5.8AI score0.0038EPSS
Exploits1References1
NVD
NVD
added 2026/03/09 8:16 p.m.7 views

CVE-2025-62166

FreshRSS is a free, self-hostable RSS aggregator. Prior 1.28.0, a bug in the auth logic related to master authentication tokens, this restriction is bypassed. Usually only the default user's feed should be viewable if anonymous viewing is enabled, and feeds of other users should be private. This...

7.5CVSS0.0038EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/09 7:35 p.m.7 views

EUVD-2025-208443

FreshRSS is a free, self-hostable RSS aggregator. Prior 1.28.0, a bug in the auth logic related to master authentication tokens, this restriction is bypassed. Usually only the default user's feed should be viewable if anonymous viewing is enabled, and feeds of other users should be private. This...

7.5CVSS5.8AI score0.0038EPSS
Exploits1References4
CVE
CVE
added 2026/03/09 7:35 p.m.16 views

CVE-2025-62166

FreshRSS (before 1.28.0) contains an authentication logic bug relating to master authentication tokens that bypasses feed visibility restrictions. This creates an IDOR-style weakness where, if anonymous viewing is enabled, default user feeds could be viewable while feeds of other users should rem...

7.5CVSS5.8AI score0.0038EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder