Lucene search
K

453 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.10 views

CVE-2026-1379

The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.19.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.4CVSS5.6AI score0.0029EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.14 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the router not calling filterallowedaccessgrants during path creation or updates...

5.4CVSS5.9AI score0.0019EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/12 12:32 p.m.33 views

EUVD-2026-29443

The FastBots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS6AI score0.00195EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/12 9:29 a.m.7 views

CVE-2026-6800

The FastBots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS6AI score0.00195EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/09 8:27 a.m.17 views

EUVD-2026-28905

There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission...

6.8CVSS5.8AI score0.00282EPSS
Exploits0References1
NVD
NVD
added 2026/05/02 6:16 a.m.6 views

CVE-2026-6447

The Call for Price for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00252EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.6 views

PT-2026-34268

Name of the Vulnerable Software and Affected Versions HTTP Headers plugin for WordPress versions prior to 1.19.3 Description Insufficient input sanitization and output escaping in admin settings allow authenticated attackers with administrator-level permissions and above to perform Stored...

4.4CVSS6AI score0.0029EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.12 views

Tanium Server 安全漏洞

Tanium Server is a security management platform provided by the American company Tanium. There is a security vulnerability in Tanium Server, which allows authenticated Tanium users with the role of Administrator or Write Downloader authentication permissions to retrieve credentials used for remot...

2.7CVSS5.8AI score0.00183EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/21 6:43 a.m.29 views

CVE-2026-6712 Website LLMs.txt <= 8.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting

The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

4.4CVSS0.00157EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.9 views

WordPress plugin Tutor LMS 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

6.5CVSS5.9AI score0.00497EPSS
Exploits0References2
NVD
NVD
added 2026/03/26 7:17 p.m.3 views

CVE-2026-3121

A flaw was found in Keycloak. An administrator with manage-clients permission can exploit a misconfiguration where this permission is equivalent to manage-permissions. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within...

7.2CVSS0.00471EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.5 views

PT-2026-26585

Name of the Vulnerable Software and Affected Versions CM Custom Reports – Flexible reporting to track what matters most plugin for WordPress versions through 1.2.7 Description The plugin is susceptible to Stored Cross-Site Scripting through admin settings due to inadequate input sanitization and...

4.4CVSS5.9AI score0.00244EPSS
Exploits0References7
CVE
CVE
added 2026/03/04 1:21 a.m.20 views

CVE-2026-2289

CVE-2026-2289 (Taskbuilder WordPress plugin) is a stored cross-site scripting vulnerability in Taskbuilder versions up to 5.0.3. The issue arises from insufficient input sanitization and output escaping in admin settings, allowing an authenticated attacker with administrator-level permissions to ...

4.4CVSS5.9AI score0.00254EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/02/19 4:36 a.m.27 views

CVE-2026-1055 TalkJS <= 0.1.15 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'welcomeMessage' Parameter

The TalkJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.1.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS0.00203EPSS
Exploits0References6
NVD
NVD
added 2026/02/18 5:21 p.m.15 views

CVE-2026-2230

The Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 10.14.14 via the handleajaxsave function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS0.0019EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.7 views

PT-2026-20474

The Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 10.14.14 via the handle ajax save function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-leve...

4.3CVSS5.5AI score0.0019EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.8 views

PT-2026-20217

Name of the Vulnerable Software and Affected Versions WP 404 Auto Redirect to Similar Post plugin for WordPress versions prior to 1.0.6 Description The WP 404 Auto Redirect to Similar Post plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient inpu...

4.4CVSS5.7AI score0.00192EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/16 12:0 a.m.6 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 10.11.9 and earlier, including 10.11.x, have security vulnerabilities. These vulnerabilities stem from the lack of enforceable invitation permissions during the update...

3.8CVSS5.8AI score0.00157EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/28 11:23 a.m.5 views

CVE-2026-1399

The WP Google Ad Manager Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS5.9AI score0.0019EPSS
Exploits0References4
NVD
NVD
added 2026/01/26 8:16 p.m.7 views

CVE-2025-9520

An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to manipulate requests and potentially hijack the Owner account...

8.3CVSS0.00394EPSS
Exploits0References2
Rows per page
Query Builder