Lucene search
K

1187064 matches found

CVE
CVE
added 2 hours ago7 views

CVE-2026-15652

The CVE-2026-15652 affects the WordPress plugin Easy Accordion – AI-Powered FAQ & Accordion Blocks. It allows Stored Cross-Site Scripting via the 'align' Block Attribute in all versions up to 3.1.6 due to insufficient input sanitization and output escaping. Exploitation requires authenticated acc...

6.4CVSS6.2AI score
Exploits0References5
CVE
CVE
added 2 hours ago7 views

CVE-2026-12409

Technical details about CVE-2026-12409 are not publicly available in the provided documents. No connected sources with affected products, versions, impact, or fixes are present. Monitor for updates from official feeds.

4.3CVSS6.1AI score
Exploits0References6
CVE
CVE
added 2 hours ago6 views

CVE-2026-14987

CVE-2026-14987 affects GiveWP (WordPress) up to version 4.16.3. The issue is a stored XSS via the twitter_message field in the Sequoia Template Settings, caused by insufficient input sanitization and output escaping. An authenticated attacker with give worker-level access (or higher) can inject a...

6.4CVSS6.2AI score
Exploits0References8
CVE
CVE
added 2 hours ago6 views

CVE-2026-13005

The CVE concerns the MxChat – AI Chatbot & Content Generation for WordPress plugin for WordPress. Affected: all versions up to 3.2.10. Vulnerability: Stored Cross-Site Scripting via the intro_message admin setting due to insufficient input sanitization and output escaping. Privileged context: aut...

4.4CVSS6.2AI score
Exploits0References6
CVE
CVE
added yesterday15 views

CVE-2026-54458

CVE-2026-54458 (AVideo YPTSocket XSS) affects WWBN’s AVideo with the YPTSocket plugin (versions prior to 29.0). The vulnerability is an unauthenticated stored DOM XSS: getWebSocket.json.php issues a signed WebSocket token; MessageSQLiteV2::onOpen reads webSocketSelfURI and page_title from the Web...

9.6CVSS6.3AI score
Exploits0References2
CVE
CVE
added yesterday19 views

CVE-2026-50183

CVE-2026-50183 refers to a stored XSS in WWBN/AVideo via the YouTubeAPI plugin (versions 29.0 and below). The vulnerability occurs because the plugin renders YouTube data API field snippet.title into the homepage gallery without HTML encoding, allowing an attacker who controls a YouTube video mat...

4.7CVSS6AI score0.00031EPSS
Exploits0References2
CVE
CVE
added yesterday17 views

CVE-2026-50182

Summary (CVE-2026-50182) WWBN AVideo (API + YouTubeAPI + Layout plugins) is affected. Versions prior to 29.0 contain an unauthenticated Reflected XSS via the $_GET['search'] parameter used in the YouTubeAPI gallery pagination. The payload is injected into the hrefs of the previous/next page links...

6.1CVSS6.3AI score0.00094EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added yesterday29 views

Security Bulletin: IBM QRadar SIEM is vulnerable to information diclosures and cross-site scripting

Summary Several potential Cross-Site Scripting and Information Disclosure issues addressed in IBM QRadar SIEM 7.5.0 UP15 Vulnerability Details CVEID:CVE-2025-13995 DESCRIPTION: IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one tenant to access hostna...

6.2CVSS6.1AI score0.0018EPSS
Exploits0Affected Software1
CVE
CVE
added yesterday7 views

CVE-2026-49867

DataEase (open source data visualization tool) contains an authenticated stored XSS in template static resources prior to version 2.10.23. The flaw occurs when authenticated users submit TemplateManageRequest.staticResource via POST /de2api/templateManage/save or via DataVisualizationServer.decom...

6.3CVSS6.1AI score0.00032EPSS
Exploits0References3
CVE
CVE
added yesterday7 views

CVE-2026-54443

The CVE affects Dashy’s RSS Widget (src/components/Widgets/RssFeed.vue). From versions 1.9.4 through 3.2.0, RSS item link values are not sanitized before rendering titles and Read More links as anchor href attributes, allowing an attacker-controlled feed to provide a javascript: URI that executes...

5.9CVSS6.1AI score
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-20296

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.7, 10.3.2512.16, 10.2.2510.18, and 10.1.2507.24, an attacker could trick a user that holds a role with the listdeploymentserver capability into running arbitrary...

8.3CVSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-62948

OpenWrt odhcpd/LuCI vulnerability CVE-2026-62948: Before 25.12.5, the DHCPv6 client FQDN option 39 hostname is written into /tmp/odhcpd.leases without escaping, allowing newline injection of forged lease lines. LuCI displays these lines in the Active DHCPv6 Leases page via rpcd-mod-luci getDHCPLe...

9.6CVSS6.1AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-20296

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.7, 10.3.2512.16, 10.2.2510.18, and 10.1.2507.24, an attacker could trick a user that holds a role with the listdeploymentserver capability into running arbitrary...

8.3CVSS6.2AI score
Exploits0References2Affected Software2
CVE
CVE
added yesterday10 views

CVE-2026-20296

The provided records identify CVE-2026-20296 as a CSRF-based bypass in Splunk Deployment Server within Splunk Enterprise and Splunk Cloud Platform. Affected versions are Splunk Enterprise below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform below 10.5.2605.0, 10.4.2604.7, 10.3.2512...

8.3CVSS6.2AI score
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-62378

RustFS Console is a web management console for the RustFS distributed file system. From 0.1.7 until 0.1.10, the RustFS Console components/object/preview-modal.tsx and components/object/pdf-viewer.tsx extension-based PDF preview path can render HTML content uploaded as .pdf, allowing stored...

9CVSS
Exploits0References3
NVD
NVD
added yesterday4 views

CVE-2026-1562

Pega Platform versions 8.1.0 through 25.1.2 are affected by an Stored Cross-site scripting XSS vulnerability in a user interface component. Requires a high privileged user with a developer role...

4.6CVSS
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-62378

RustFS Console is affected in versions 0.1.7–0.1.10. The vulnerability lies in the components/object/preview-modal.tsx and components/object/pdf-viewer.tsx extension-based PDF preview path, which can render HTML content uploaded as .pdf, enabling a stored XSS in the management console. This can l...

9CVSS6AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-1563

Pega Platform versions 8.1.0 through 25.1.2 are affected by an Reflected Cross-site scripting XSS vulnerability in a user interface component. Requires a high privileged user with a developer role...

4.8CVSS6.1AI score
Exploits0References2Affected Software1
Cvelist
Cvelist
added yesterday13 views

CVE-2026-1563 Pega Platform versions 8.1.0 through 25.1.2 are affected by an Reflected Cross-site scripting (XSS) vulnerability in a user interface component. Requires a high privileged user with a developer role.

Pega Platform versions 8.1.0 through 25.1.2 are affected by an Reflected Cross-site scripting XSS vulnerability in a user interface component. Requires a high privileged user with a developer role...

4.8CVSS
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-44727

Pega Platform versions 8.1.0 through 25.1.2 are affected by an Reflected Cross-site scripting XSS vulnerability in a user interface component. Requires a high privileged user with a developer role...

4.8CVSS6.1AI score
Exploits0References1
Rows per page
Query Builder