Lucene search
K

212 matches found

CVE
CVE
added 6 days ago14 views

CVE-2026-13295

The CVE-2026-13295 entry concerns the Page Builder by SiteOrigin WordPress plugin. A stored XSS vulnerability affects all versions up to 2.34.3, caused by insufficient input sanitization and output escaping of the panels_data parameter. Authenticated users with Contributor-level access and above ...

6.4CVSS6AI score0.00241EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-53056

Name of the Vulnerable Software and Affected Versions Page Builder by SiteOrigin versions prior to 2.34.4 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with Contributor-level access or higher can inject arbitrary...

6.4CVSS5.9AI score0.00241EPSS
Exploits0References15
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fixed a kernel panic that occurs when the host sends an invalid H2C PDU length. If the host sends an H2CData command with an invalid DATAL value, the kernel may crash in the nvmettcpbuildpduiovec function. The...

5.5CVSS5.7AI score0.00228EPSS
Exploits0References2
NVD
NVD
added 2026/06/18 6:16 a.m.9 views

CVE-2026-10736

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to generic SQL Injection via the 'data' parameter in all versions up to, and including, 3.9.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00363EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/06/18 5:34 a.m.25 views

CVE-2026-10736 Tutor LMS <= 3.9.11 - Authenticated (Administrator+) SQL Injection via 'data' Parameter

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to generic SQL Injection via the 'data' parameter in all versions up to, and including, 3.9.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00363EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/18 5:34 a.m.10 views

EUVD-2026-37846

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to generic SQL Injection via the 'data' parameter in all versions up to, and including, 3.9.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS5.8AI score0.00363EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/06/18 5:34 a.m.6 views

CVE-2026-10736

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to generic SQL Injection via the 'data' parameter in all versions up to, and including, 3.9.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS5.8AI score0.00363EPSS
Exploits0References11
CVE
CVE
added 2026/06/18 5:34 a.m.19 views

CVE-2026-10736

CVE-2026-10736 affects the WordPress plugin Tutor LMS (eLearning and online course solution). All versions up to and including 3.9.11 are vulnerable to a generic SQL Injection via the 'data' parameter due to insufficient escaping and inadequate preparation of the SQL query. This can let an authen...

4.9CVSS5.9AI score0.00363EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/06/12 8:30 p.m.33 views

CVE-2026-12129 CodeAstro Human Resource Management System Dashboard add_tod cross site scripting

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/addtod of the component Dashboard Interface. The manipulation of the argument tododata leads to cross site scripting. The attack may be...

5.1CVSS0.00203EPSS
Exploits0References6
NVD
NVD
added 2026/05/15 1:16 p.m.30 views

CVE-2026-41553

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated attacker can inject the malicious JavaScript code to the parameter whose value is processed by Node.js and subsequently executed...

10CVSS0.00648EPSS
Exploits0References2
CVE
CVE
added 2026/05/15 12:31 p.m.27 views

CVE-2026-41553

CVE-2026-41553 affects the PDF Export Module used in DHTMLX Gantt and Scheduler. The vulnerability arises from lack of sanitization in the data parameter, allowing an unauthenticated attacker to inject malicious JavaScript that is processed by Node.js and executed, leading to potential server com...

10CVSS6AI score0.00648EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/15 12:31 p.m.51 views

CVE-2026-41553 Remote Code Execution in PDF Export Module

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated attacker can inject the malicious JavaScript code to the parameter whose value is processed by Node.js and subsequently executed...

10CVSS0.00648EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/15 12:31 p.m.10 views

CVE-2026-41553

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated attacker can inject the malicious JavaScript code to the parameter whose value is processed by Node.js and subsequently executed...

10CVSS6AI score0.00648EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/15 12:31 p.m.18 views

CVE-2026-41553 Remote Code Execution in PDF Export Module

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated attacker can inject the malicious JavaScript code to the parameter whose value is processed by Node.js and subsequently executed...

10CVSS6AI score0.00648EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.18 views

PT-2026-41296

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated attacker can inject the malicious JavaScript code to the parameter whose value is processed by Node.js and subsequently executed...

10CVSS6AI score0.00648EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

DHTMLX Gantt 操作系统命令注入漏洞

DHTMLX Gantt is a JavaScript Gantt chart component developed by DHTMLX Corporation. It supports project planning, task scheduling, and timeline visualization. Prior to version 0.7.6, DHTMLX Gantt had an operating system command injection vulnerability. This vulnerability stemmed from a lack of da...

10CVSS5.9AI score0.00648EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.11 views

Mix PHP SQL注入漏洞

Mix PHP is Mix PHP open source a PHP command-line mode development framework , support for multi-server ecological seamless switching . A SQL injection vulnerability exists in Mix PHP versions 2.x through 2.2.17 and earlier, which stems from improper manipulation of the data array parameter of th...

6.5CVSS5.8AI score0.00201EPSS
Exploits0References1
CVE
CVE
added 2026/04/04 8:25 a.m.23 views

CVE-2026-5425

The CVE-2026-5425 entry concerns the WordPress Widgets for Social Photo Feed plugin. A stored XSS vulnerability exists in all versions up to 1.7.9, caused by insufficient input sanitization and output escaping in the feed_data parameter keys. Impact: unauthenticated attackers can inject arbitrary...

7.2CVSS6.1AI score0.00233EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/04 8:25 a.m.25 views

CVE-2026-5425 Widgets for Social Photo Feed <= 1.7.9 - Unauthenticated Stored Cross-Site Scripting via feed_data

The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'feeddata' parameter keys in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

7.2CVSS0.00233EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/04 12:0 a.m.11 views

WordPress plugin Widgets for Social Photo Feed 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.2CVSS5.6AI score0.00233EPSS
Exploits0References3
Rows per page
Query Builder