Lucene search
K

594 matches found

EUVD
EUVD
added 2026/04/04 9:30 a.m.6 views

EUVD-2026-18977

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sucarousel shortcode in all versions up to, and including, 7.4.8. This is due to insufficient input sanitization and output escaping in the 'suslidelink' attachment meta field...

6.4CVSS6.1AI score0.00346EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.5 views

PT-2026-29995

A vulnerability was identified in Wahoo Fitness SYSTM App up to 7.2.1 on Android. Impacted is an unknown function of the file com/WahooFitness/SYSTM/BuildConfig.java of the component com.WahooFitness.SYSTM. Such manipulation of the argument SEGMENT WRITE KEY leads to use of hard-coded cryptograph...

4.8CVSS5.6AI score0.00156EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/02 4:56 p.m.5 views

CVE-2025-13535

The King Addons for Elementor plugin for WordPress is vulnerable to multiple Contributor+ DOM-Based Stored Cross-Site Scripting vulnerabilities in all versions up to, and including, 51.1.38. This is due to insufficient input sanitization and output escaping across multiple widgets and features. T...

6.4CVSS6AI score0.00241EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/31 8:15 a.m.7 views

CVE-2026-5186

A weakness has been identified in Nothings stb up to 2.30. This impacts the function stbiloadgifmain of the file stbimage.h of the component Multi-frame GIF File Handler. This manipulation causes double free. The attack requires local access. The exploit has been made available to the public and...

5.3CVSS5.7AI score0.00113EPSS
Exploits0References2
OSV
OSV
added 2026/03/30 5:17 p.m.13 views

GHSA-JHF3-XXHW-2WPP go-git: Maliciously crafted idx file can cause asymmetric memory consumption

Impact A vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a Denial of Service DoS condition. Exploitation requires write access to the local repository's .git directory, it...

5CVSS5.8AI score0.00147EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.5 views

CVE-2026-1323

The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active exploit requires write access to the directory configured at...

5.2CVSS5.9AI score0.00215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.6 views

CVE-2026-0609

The Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image alt text in all versions up to, and including, 4.9.0 due to insufficient input sanitization and output escaping in the 'logo-slider' shortcode...

6.4CVSS6AI score0.00156EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/22 12:32 p.m.6 views

EUVD-2026-14299

A security flaw has been discovered in Flos Freeware Notepad2 4.2.25. This affects an unknown function in the library PROPSYS.dll. Performing a manipulation results in uncontrolled search path. The attack is only possible with local access. The attack is considered to have high complexity. The...

7.3CVSS5.4AI score0.00125EPSS
Exploits0References5
NVD
NVD
added 2026/03/21 4:17 a.m.5 views

CVE-2026-3354

The Wikilookup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Popup Width' setting in all versions up to, and including, 1.1.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00189EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:27 a.m.1 views

CVE-2026-2837

The Ricerca – advanced search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's settings in all versions up to, and including, 1.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

4.4CVSS5.9AI score0.00154EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:26 a.m.3 views

CVE-2026-1886

The Go Night Pro | WordPress Dark Mode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'go-night-pro-shortcode' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on the user-supplied 'margin'...

6.4CVSS6AI score0.00243EPSS
Exploits0References6
CVE
CVE
added 2026/03/21 3:26 a.m.9 views

CVE-2026-4067

CVE-2026-4067: The Ad Short WordPress plugin (≤ v2.0.1) is vulnerable to Stored XSS via the ad shortcode’s client attribute due to insufficient input sanitization and missing escaping when constructing the data-ad-client attribute. The ad_func() handler reads the client attribute with shortcode_a...

6.4CVSS6AI score0.00188EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/20 11:17 p.m.2 views

CVE-2026-32666

WebCTRL systems that communicate over BACnet inherit the protocol's lack of network layer authentication. WebCTRL does not implement additional validation of BACnet traffic so an attacker with network access could spoof BACnet packets directed at either the WebCTRL server or associated...

7.5CVSS5.8AI score0.00328EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/17 6:30 p.m.3 views

EUVD-2026-12600

The GL-iNet Comet GL-RM1 KVM does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UART pins...

7CVSS5.8AI score0.00332EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.6 views

EulerOS Virtualization 2.12.0 : binutils (EulerOS-SA-2026-1475)

According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copysecti...

7.8CVSS4.7AI score0.00261EPSS
Exploits3References5
Vulnrichment
Vulnrichment
added 2026/03/11 8:2 a.m.4 views

CVE-2024-14026 QTS, QuTS hero

A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in th...

5.4CVSS6AI score0.00624EPSS
Exploits0References1
NVD
NVD
added 2026/03/08 5:16 a.m.7 views

CVE-2026-3707

A vulnerability was identified in MrNanko webp4j up to 1.3.x. The affected element is the function DecodeGifFromMemory of the file src/main/c/gifdecoder.c. Such manipulation of the argument canvasheight leads to integer overflow. Local access is required to approach this attack. The exploit is...

5.3CVSS0.00112EPSS
Exploits0References8
CVE
CVE
added 2026/03/08 5:2 a.m.10 views

CVE-2026-3707

MrNanko webp4j (up to 1.3.x) is affected by CVE-2026-3707. The vulnerability is in DecodeGifFromMemory (src/main/c/gif_decoder.c): manipulation of the canvas_height argument can trigger an integer overflow. Local access is required to exploit. Public exploit is available. Patch identified as 8977...

5.3CVSS5.9AI score0.00112EPSS
Exploits0References8
NVD
NVD
added 2026/03/05 10:16 p.m.11 views

CVE-2026-3606

A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vulnerability is the function adddatasegment of the file src/ettercap/utils/etterfilter/efoutput.c of the component etterfilter. The manipulation leads to out-of-bounds read. Local access is required to approach this...

5.5CVSS0.00161EPSS
Exploits1References6
OSV
OSV
added 2026/03/05 10:2 p.m.5 views

CVE-2026-3606 Ettercap etterfilter ef_output.c add_data_segment out-of-bounds

A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vulnerability is the function adddatasegment of the file src/ettercap/utils/etterfilter/efoutput.c of the component etterfilter. The manipulation leads to out-of-bounds read. Local access is required to approach this...

4.8CVSS5.1AI score0.00161EPSS
Exploits1References8
Rows per page
Query Builder