Lucene search
K

9800 matches found

SUSE CVE
SUSE CVE
added 2026/06/02 1:40 a.m.10 views

SUSE CVE-2026-42502

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00178EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.19 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : PHP vulnerabilities (USN-8336-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8336-1 advisory. Aleksey Solovev and Nikita Sveshnikov discovered that PHP improperly handled NUL bytes when preparing SQL queries in the...

9.8CVSS6.2AI score0.0076EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.14 views

PT-2026-46565

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in the Document Object Model DOM, a programming interface for web documents, allows a remote attacker to bypass the same origin policy through the use of...

9.6CVSS5.8AI score0.00493EPSS
Exploits1References437
AlmaLinux
AlmaLinux
added 2026/06/02 12:0 a.m.10 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component CVE-2026-8391 firefox: Sandbox escape in the Profile Backup component...

9.8CVSS5.9AI score0.00605EPSS
Exploits0References40
OSV
OSV
added 2026/06/02 12:0 a.m.11 views

ALSA-2026:22643 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component CVE-2026-8391 firefox: Sandbox escape in the Profile Backup component...

9.8CVSS5.9AI score0.00605EPSS
Exploits0References40
NVD
NVD
added 2026/06/01 5:17 p.m.16 views

CVE-2026-42678

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Liquid Web / StellarWP GiveWP allows DOM-Based XSS. This issue affects GiveWP: from n/a through 4.14.5...

7.1CVSS0.00203EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/01 3:41 p.m.18 views

firefox: thunderbird: Use-after-free in the DOM: Bindings (WebIDL) component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the DOM: Bindings WebIDL component...

7.3CVSS5.7AI score0.00413EPSS
Exploits0References6
NVD
NVD
added 2026/06/01 3:16 p.m.11 views

CVE-2026-42683

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows DOM-Based XSS. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.8...

7.1CVSS0.00142EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 3:14 p.m.12 views

CVE-2026-42678 WordPress GiveWP plugin <= 4.14.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Liquid Web / StellarWP GiveWP allows DOM-Based XSS. This issue affects GiveWP: from n/a through 4.14.5...

7.1CVSS5.8AI score0.00203EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 3:14 p.m.18 views

CVE-2026-42678

CVE-2026-42678 affects the WordPress GiveWP plugin up to version 4.14.5. The vulnerability is a DOM-Based Cross-Site Scripting (XSS) flaw caused by improper neutralization of input during web page generation. Metrics indicate CVSS v3.1: base score 7.1 (HIGH) with NETWORK attack vector, LOW confid...

7.1CVSS5.8AI score0.00203EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/01 2:44 p.m.26 views

CVE-2026-42683 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows DOM-Based XSS. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.8...

7.1CVSS0.00142EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 2:44 p.m.10 views

CVE-2026-42683

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows DOM-Based XSS. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.8...

7.1CVSS5.8AI score0.00142EPSS
Exploits0References2
CVE
CVE
added 2026/06/01 2:43 p.m.25 views

CVE-2026-48839

CVE-2026-48839 affects the WordPress WP Statistics plugin

7.1CVSS5.8AI score0.00212EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 2:43 p.m.13 views

EUVD-2026-33652

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VeronaLabs WP Statistics allows DOM-Based XSS. This issue affects WP Statistics: from n/a through 14.16.6...

7.1CVSS5.8AI score0.00212EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 2:43 p.m.14 views

CVE-2026-48839 WordPress WP Statistics plugin <= 14.16.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VeronaLabs WP Statistics allows DOM-Based XSS. This issue affects WP Statistics: from n/a through 14.16.6...

7.1CVSS5.8AI score0.00212EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.18 views

PT-2026-45465

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Liquid Web / StellarWP GiveWP allows DOM-Based XSS. This issue affects GiveWP: from n/a through 4.14.5...

7.1CVSS5.8AI score0.00203EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.17 views

PT-2026-45438

Name of the Vulnerable Software and Affected Versions VeronaLabs WP Statistics versions prior to 14.16.6 Description Improper neutralization of input during web page generation allows for DOM-Based Cross-Site Scripting XSS, a flaw where the application contains client-side JavaScript that process...

7.1CVSS5.8AI score0.00212EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.7 views

WordPress plugin GiveWP 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5AI score0.00203EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.7 views

WordPress plugin WP Statistics 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5.1AI score0.00212EPSS
Exploits0References1
OSV
OSV
added 2026/05/30 6:3 p.m.36 views

RLSA-2026:21378 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component CVE-2026-8391 firefo...

7.5CVSS5.9AI score0.00605EPSS
Exploits0References19
Rows per page
Query Builder