Lucene search
K

1111336 matches found

RedhatCVE
RedhatCVE
added 1 hour ago4 views

CVE-2026-8900

The Simple SEO Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS5.7AI score0.00032EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 1 hour ago4 views

CVE-2026-8893

The Express Payment For Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the stripe-express shortcode in versions up to, and including, 1.28.0. This is due to insufficient input sanitization and output escaping on the shortcode attribute value,...

6.4CVSS5.7AI score0.0003EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 1 hour ago4 views

CVE-2026-46396

HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting XSS vulnerability exists in versions prior to 26.0.0 due to improper sanitization of elements. The application allows javascript: URIs in the src attribute, which are executed when a malicious page ...

9.3CVSS5.6AI score0.00047EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added yesterday7 views

CVE-2026-11337

A vulnerability was found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected by this vulnerability is an unknown functionality of the file /dashboardpage/forms/fetch.php. The manipulation of the argument...

5.3CVSS4AI score0.00036EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added yesterday8 views

CVE-2026-50232

Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM. Attackers can craft files with XSS payloads in metadata tags that execute in the web interface when user...

7.2CVSS5.3AI score0.00029EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added yesterday7 views

CVE-2026-50231

Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in the log viewer that allows attackers to inject malicious scripts by exploiting unescaped template variables. Attackers can inject XSS payloads through search, lines, and path query parameters or by...

7.2CVSS5.6AI score0.00043EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-50230

Lyrion Music Server 9.2.0 contains an unauthenticated reflected cross-site scripting vulnerability in the server.log endpoint that allows attackers to inject arbitrary HTML and JavaScript code through the search parameter. Attackers can craft malicious URLs with JavaScript payloads in the search...

6.1CVSS5.6AI score0.00036EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added yesterday8 views

CVE-2026-50235

Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attackers can inject malicious scripts through unfiltered search parameters to execute arbitrary JavaScri...

6.1CVSS5.6AI score0.00029EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-46511

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored XSS alongside dynamic token exposure in the /system/api/connectionSettings endpoint allows an authenticated attacker to perform a complete cross-tenant account takeover...

8.7CVSS5.5AI score0.00071EPSS
Exploits0References1
NVD
NVD
added yesterday7 views

CVE-2026-11436

A vulnerability was detected in Mage AI up to 0.9.79. This impacts the function useMutation of the file mageai/frontend/components/Sessions/SignForm/index.tsx of the component Sign-in Flow. Performing a manipulation of the argument query.redirecturl results in cross site scripting. Remote...

5.3CVSS
Exploits0References5
CVE
CVE
added yesterday10 views

CVE-2026-11436

Mage AI up to version 0.9.79 is affected in the Sign-in Flow. The vulnerability is in the useMutation function within mage_ai/frontend/components/Sessions/SignForm/index.tsx, where manipulating the query.redirect_url argument triggers cross site scripting. Remote exploitation is possible, and the...

5.3CVSS4.1AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-11436

A vulnerability was detected in Mage AI up to 0.9.79. This impacts the function useMutation of the file mageai/frontend/components/Sessions/SignForm/index.tsx of the component Sign-in Flow. Performing a manipulation of the argument query.redirecturl results in cross site scripting. Remote...

5.3CVSS4AI score
Exploits0References5
Cvelist
Cvelist
added yesterday6 views

CVE-2026-11436 Mage AI Sign-in Flow index.tsx useMutation cross site scripting

A vulnerability was detected in Mage AI up to 0.9.79. This impacts the function useMutation of the file mageai/frontend/components/Sessions/SignForm/index.tsx of the component Sign-in Flow. Performing a manipulation of the argument query.redirecturl results in cross site scripting. Remote...

5.3CVSS
Exploits0References5
EUVD
EUVD
added yesterday5 views

EUVD-2026-34971

A vulnerability was detected in Mage AI up to 0.9.79. This impacts the function useMutation of the file mageai/frontend/components/Sessions/SignForm/index.tsx of the component Sign-in Flow. Performing a manipulation of the argument query.redirecturl results in cross site scripting. Remote...

5.3CVSS4AI score
Exploits0References5
NVD
NVD
added yesterday6 views

CVE-2026-11434

A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could...

4.8CVSS
Exploits0References5
Debian
Debian
added yesterday5 views

[SECURITY] [DSA 6324-1] request-tracker5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6324-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 06, 2026 https://www.debian.org/security/faq -...

8.8CVSS5.5AI score0.0007EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-11434

A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could...

4.8CVSS3.8AI score
Exploits0References5
EUVD
EUVD
added yesterday7 views

EUVD-2026-34969

A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could...

4.8CVSS3.9AI score
Exploits0References5
CVE
CVE
added yesterday19 views

CVE-2026-11434

CVE-2026-11434 affects FluentCMS 0.0.5, specifically the Blocks Plugin via an unknown function in the /admin/blocks file. The issue allows a cross site scripting (XSS) flaw due to manipulation of that function, with remote initiation possible. Public exploits exist according to the record, and th...

4.8CVSS3.8AI score
Exploits0References5
Cvelist
Cvelist
added yesterday9 views

CVE-2026-11434 FluentCMS Blocks Plugin blocks cross site scripting

A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could...

4.8CVSS
Exploits0References5
Rows per page
Query Builder