Lucene search
K

4959 matches found

Cvelist
Cvelist
added 2026/04/18 3:37 a.m.31 views

CVE-2026-4801 Page Builder Gutenberg Blocks <= 3.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via External iCal Feed Data

The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via external iCal feed data in all versions up to, and including, 3.1.16 due to insufficient output escaping of event titles, descriptions, and locations fetched from external iCal feeds...

6.4CVSS0.00406EPSS
Exploits0References13
Vulnrichment
Vulnrichment
added 2026/04/18 3:37 a.m.4 views

CVE-2026-4801 Page Builder Gutenberg Blocks <= 3.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via External iCal Feed Data

The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via external iCal feed data in all versions up to, and including, 3.1.16 due to insufficient output escaping of event titles, descriptions, and locations fetched from external iCal feeds...

6.4CVSS5.9AI score0.00406EPSS
Exploits0References13
CVE
CVE
added 2026/04/18 3:37 a.m.19 views

CVE-2026-4801

The CVE-2026-4801 affects the WordPress plugin Page Builder Gutenberg Blocks – CoBlocks . It is a stored cross‑site scripting (XSS) vulnerability in the Events block that processes data from external iCal feeds. Root cause: insufficient output escaping of event titles, descriptions, and locations...

6.4CVSS5.9AI score0.00406EPSS
Exploits0References13
OSV
OSV
added 2026/04/18 12:41 a.m.4 views

GHSA-XVJ8-PH7X-65GF Zebra: Cached Mempool Verification Bypasses Consensus Rules for Ahead-of-Tip Blocks

CVE-2026-40880: Cached Mempool Verification Bypasses Consensus Rules for Ahead-of-Tip Blocks Summary A logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By carefully submitting a transaction that is valid for height H+1 but invalid fo...

7.2CVSS5.8AI score0.00261EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/18 12:0 a.m.5 views

PT-2026-33600

The Content Blocks Custom Post Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content block shortcode in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping on user supplied values consumed from user-create...

6.4CVSS5.9AI score0.00194EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/18 12:0 a.m.6 views

WordPress plugin Content Blocks (Custom Post Widget) 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.9AI score0.00194EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/04/17 9:21 p.m.9 views

WordPress Content Blocks (Custom Post Widget) plugin <= 3.3.9 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Content Blocks Custom Post Widget versions = 3.3.9...

6.4CVSS5.8AI score0.00194EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 2:48 p.m.6 views

WordPress Page Builder Gutenberg Blocks – CoBlocks plugin <= 3.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Fernando Mecozzi in WordPress Plugin CoBlocks versions = 3.1.16...

6.4CVSS5.8AI score0.00406EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.9 views

zrok 安全漏洞

Zrok is a secure internet sharing tool developed by OpenZiti. Versions of Zrok prior to 2.0.1 contained security vulnerabilities; these vulnerabilities stemmed from a lack of upper limit checks on the number of cookie blocks, which could lead to denial-of-service attacks...

7.5CVSS5.8AI score0.00453EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/16 11:0 p.m.4 views

EUVD-2026-23330

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered with securityLevel set to "loose", and the resulting SVG is injected into the DOM via innerHTML. This allows attacker-controlled javascript: URLs in Mermaid code blocks to...

9CVSS6.4AI score0.00306EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/16 9:19 p.m.23 views

CVE-2026-35469 SpdyStream: DOS on CRI

spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count ...

8.7CVSS0.00656EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/16 9:19 p.m.3 views

CVE-2026-35469 SpdyStream: DOS on CRI

spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count ...

8.7CVSS5.7AI score0.00656EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/04/16 1:57 p.m.11 views

WordPress B Blocks plugin <= 2.0.31 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Abu Hurayra in WordPress Plugin B Blocks versions = 2.0.31...

5.8AI score0.00278EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/16 7:39 a.m.4 views

CVE-2026-0718 Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX <= 5.0.5 - Missing Authorization to Limited Post Meta Modification

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ultpshareCountcallback function in all versions up to, and including, 5.0.5. This makes it possible for...

5.3CVSS5.8AI score0.00283EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/16 7:39 a.m.34 views

CVE-2026-0718 Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX <= 5.0.5 - Missing Authorization to Limited Post Meta Modification

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ultpshareCountcallback function in all versions up to, and including, 5.0.5. This makes it possible for...

5.3CVSS0.00283EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/16 7:39 a.m.5 views

CVE-2026-0718

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ultpshareCountcallback function in all versions up to, and including, 5.0.5. This makes it possible for...

5.3CVSS5.8AI score0.00283EPSS
Exploits0References3
CVE
CVE
added 2026/04/16 7:39 a.m.15 views

CVE-2026-0718

The CVE-2026-0718 entry concerns the WordPress plugin Post Grid Gutenberg Blocks for News, Magazines, Blog Websites — PostX . It is affected by a missing capability check in the function ultp_shareCount_callback() , allowing unauthenticated modification of the share_count post meta for any post, ...

5.3CVSS5.8AI score0.00283EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/04/16 3:23 a.m.4 views

WordPress Post Grid Gutenberg Blocks for News, Magazines, Blog Websites - PostX plugin <= 5.0.5 - Missing Authorization to Limited Post Meta Modification vulnerability

WordPress Post Grid Gutenberg Blocks for News, Magazines, Blog Websites - PostX plugin = 5.0.5 - Missing Authorization to Limited Post Meta Modification vulnerability discovered by Mohammad Amin Hajian mamadrce in WordPress Plugin PostX versions = 5.0.5...

5.3CVSS5.8AI score0.00283EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.3 views

PT-2026-33282

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ultp shareCount callback function in all versions up to, and including, 5.0.5. This makes it possible for...

5.3CVSS5.8AI score0.00283EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.5 views

PT-2026-33367

Name of the Vulnerable Software and Affected Versions spdystream versions prior to 0.5.1 Description The SPDY/3 frame parser fails to validate attacker-controlled counts and lengths before allocating memory. This occurs in three allocation paths: the SETTINGS frame entry count, the header count i...

9.8CVSS5.8AI score0.00656EPSS
Exploits0References446
Rows per page
Query Builder