Lucene search
K

1063 matches found

Nuclei
Nuclei
added 11 hours ago13 views

WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated HTML Content Injection

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection. id: CVE-2019-17233 info: name: WordPress Ultimate FAQs = 1.8.24 – Unauthenticated HTML Content Injection author: daffainfo severity: medium description: | Functions/EWDUFAQImport.ph...

6.1CVSS6.8AI score0.01843EPSS
Exploits1References2
CVE
CVE
added 4 days ago9 views

CVE-2026-57476

CVE-2026-57476 describes a vulnerability in Deloitte AI Assist for Customer where unauthenticated API endpoints allowed an attacker knowing specific parameters to read from or inject content into the retrieval-augmented generation (RAG) corpus. The issue was mitigated on 2026-03-25 by restricting...

6.3CVSS6.1AI score0.00238EPSS
Exploits0References4
CVE
CVE
added 2026/07/06 9:10 p.m.12 views

CVE-2026-41899

CVE-2026-41899 affects Coolify prior to 4.0.0-beta.474. The POST /api/feedback endpoint is unauthenticated, lacks rate limiting and input validation, allowing arbitrary content to reach a Discord webhook and enabling spam, content injection, and webhook abuse. Remediation: upgrade to Coolify 4.0....

6.5CVSS6AI score0.003EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/05 1:45 a.m.43 views

CVE-2026-14691 SourceCodester Multi-Vendor Online Grocery Management System Setting SystemSettings.php update_settings_info code injection

A security vulnerability has been detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This impacts the function updatesettingsinfo of the file classes/SystemSettings.php of the component Setting Handler. Such manipulation of the argument content leads to code injection...

6.5CVSS0.00237EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/02 8:33 a.m.36 views

CVE-2026-12472 Kirki <= 6.0.11 - Missing Authorization to Unauthenticated Arbitrary Email Content Injection (Mail Relay / Phishing) via 'emailBody' and 'emailSubject' Parameters

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.11. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS0.00283EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-57963

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This...

6.5CVSS6.1AI score0.00181EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:58 a.m.8 views

EUVD-2026-40862

An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1...

6.5CVSS5.9AI score0.00181EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.4 views

Mozilla Thunderbird < 140.12.1

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.12.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-64 advisory. - An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content,...

6.5CVSS6.2AI score0.00203EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 3:32 p.m.6 views

EUVD-2025-210355

Unauthenticated Content Injection in Auros Core = 5.3.1 versions...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 3:16 p.m.8 views

CVE-2025-64637

Unauthenticated Content Injection in Auros Core = 5.3.1 versions...

5.3CVSS0.0024EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.13 views

CVE-2025-64637

CVE-2025-64637 concerns the WordPress plugin Auros Core (versions

5.3CVSS5.8AI score0.0024EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.33 views

CVE-2025-64637 WordPress Auros Core plugin <= 5.3.1 - Content Injection vulnerability

Unauthenticated Content Injection in Auros Core = 5.3.1 versions...

5.3CVSS0.0024EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/26 1:55 p.m.7 views

WordPress Auros Core plugin <= 5.3.1 - Content Injection vulnerability

Content Injection vulnerability discovered by Bonds in WordPress Plugin Auros Core versions = 5.3.1...

5.3CVSS5.8AI score0.0024EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52713

Name of the Vulnerable Software and Affected Versions Auros Core versions prior to 5.3.2 Description An unauthenticated content injection flaw allows an attacker to inject arbitrary content into the system without requiring valid credentials. Recommendations Update Auros Core to version 5.3.2 or...

5.3CVSS5.9AI score0.0024EPSS
Exploits0References5
NVD
NVD
added 2026/06/25 3:16 p.m.10 views

CVE-2026-57533

Malicious HTML content could be injected into the page pretix shows when redirection to an untrusted page occurs. Since this page has a Content-Security-Policy, this can mainly be used for phishing purposes...

2.1CVSS0.00248EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 2:29 p.m.33 views

CVE-2026-57535

Content injected to PDF rendering contexts could, in many places, include HTML content including tags. If the src attribute of these images pointed to an URL, the PDF rendering engine would download the image from that place and display it, thereby leaking information about the rendering server a...

2.1CVSS0.00308EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 2:11 p.m.31 views

CVE-2026-57534 Stored XSS in pretix-pages

Malicious HTML content could be injected into the content of a page in the pretix-pages plugin...

2.1CVSS0.0033EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 2:11 p.m.5 views

CVE-2026-57534

Malicious HTML content could be injected into the content of a page in the pretix-pages plugin...

2.1CVSS5.8AI score0.0033EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 2:11 p.m.7 views

EUVD-2026-39416

Malicious HTML content could be injected into the content of a page in the pretix-pages plugin...

2.1CVSS5.8AI score0.0033EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 2:11 p.m.14 views

CVE-2026-57534

Summary: CVE-2026-57534 affects the pretix-pages plugin, where malicious HTML content can be injected into a page’s content, causing a stored XSS condition. The root cause is described as unsafe handling of page content within the plugin; exploitation details are not provided beyond the stored-XS...

2.1CVSS5.8AI score0.0033EPSS
Exploits0References1
Rows per page
Query Builder