Lucene search
K

229 matches found

Vulnrichment
Vulnrichment
added 2026/02/06 8:58 p.m.5 views

CVE-2026-25581 SCEditor affected by DOM XSS via emoticon URL/HTML injection

SCEditor is a lightweight WYSIWYG BBCode and XHTML editor. Prior to 3.2.1, if an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration option...

5.4CVSS5.4AI score0.00216EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/06 8:58 p.m.36 views

CVE-2026-25581 SCEditor affected by DOM XSS via emoticon URL/HTML injection

SCEditor is a lightweight WYSIWYG BBCode and XHTML editor. Prior to 3.2.1, if an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration option...

5.4CVSS0.00216EPSS
Exploits1References2
OSV
OSV
added 2026/02/06 8:58 p.m.6 views

CVE-2026-25581 SCEditor affected by DOM XSS via emoticon URL/HTML injection

SCEditor is a lightweight WYSIWYG BBCode and XHTML editor. Prior to 3.2.1, if an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration option...

5.4CVSS5.4AI score0.00216EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/06 8:58 p.m.7 views

CVE-2026-25581

SCEditor is a lightweight WYSIWYG BBCode and XHTML editor. Prior to 3.2.1, if an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration option...

5.4CVSS5.4AI score0.00216EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/06 6:34 p.m.7 views

SCEditor has DOM XSS via emoticon URL/HTML injection

If an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration options. Proof of concept: js sceditor.createtextarea, emoticons: dropdown: ':':...

5.4CVSS5.3AI score0.00216EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

MiracleLinux 4 : augeas-1.0.0-5.AXS4.1 (AXSA:2014-034:01)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2014-034:01 advisory. A library for programmatically editing configuration files. Augeas parses configuration files into a tree structure, which it exposes through its...

4.6CVSS5.6AI score0.00446EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/01/12 1:55 p.m.22 views

CVE-2025-41004 Multiple vulnerabilities in Imaster products Open configuration options

Imaster's Patient Records Management System is vulnerable to SQL Injection in the endpoint ‘/projects/hospital/admin/complaints.php’ through the ‘id’ parameter...

8.7CVSS0.00274EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:30 a.m.8 views

CVE-2019-16522

The eu-cookie-law plugin through 3.0.6 for WordPress aka EU Cookie Law GDPR is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. An...

4.8CVSS5.9AI score0.01033EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2025/12/17 12:24 a.m.5 views

SUSE CVE-2025-68258

In the Linux kernel, the following vulnerability has been resolved: comedi: multiq3: sanitize config options in multiq3attach Syzbot identified an issue 1 in multiq3attach that induces a task timeout due to open or COMEDIDEVCONFIG ioctl operations, specifically, in the case of multiq3 driver. Thi...

5.5CVSS6.4AI score0.0018EPSS
Exploits0References21
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.3 views

PT-2025-49211

The Takeads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.13. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access an...

4.3CVSS5.8AI score0.00184EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-7199

Malware in sbrugna...

4.8CVSS5.2AI score0.01033EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-5815

Malware in sbrugna...

7.8CVSS7.7AI score0.00332EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2013-3791

Malware in sbrugna...

6.9CVSS6.3AI score0.01651EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.19 views

EUVD-2021-2003

Malware in sbrugna...

5.3CVSS5.7AI score0.01178EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-0727

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.00336EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-2684

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.00857EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-0192

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00751EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-1719

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.0076EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.13 views

EUVD-2023-24398

Malicious code in bioql PyPI...

8.8CVSS7.3AI score0.00892EPSS
Exploits0References1
Snyk
Snyk
added 2025/09/17 3:30 p.m.2 views

Missing Authorization

Overview org.jenkins-ci.main:jenkins-core is an open source automation server. Affected versions of this package are vulnerable to Missing Authorization in the profile menu. An authenticated user can access limited configuration information by listing available options in this menu without having...

5.3CVSS6.2AI score0.00448EPSS
Exploits0References2
Rows per page
Query Builder