Lucene search
K

2606 matches found

Patchstack
Patchstack
added 2026/05/11 7:7 p.m.8 views

WordPress SP Blog Designer plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin SP Blog Designer versions = 1.0.0...

6.4CVSS5.8AI score0.00187EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/07 1:33 p.m.9 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and Dashboard operands are vulnerable to loss of confidentiality (CVE-2026-39892, CVE-2026-34073) and arbitrary code execution (CVE-2026-40087)

Summary IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to loss of confidentiality CVE-2026-39892, CVE-2026-34073. Dashboard operands that use the App Connect Enterprise Agent are vulnerable to arbitrary code execution...

9.8CVSS6.3AI score0.00652EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/06 9:43 p.m.7 views

a-mailx (=0.1.0), a2 (>=0.1.0 <=0.3.17) +630 more potentially affected by CVE-2026-42557 via jupyterlab (>=0.31.1 <=4.5.6)

jupyterlab PYPI version =0.31.1, =0.1.0, =0.1.0b0, =0.1.0b0, =0.1.0b0, =0.1.0, =0.5.5, =2.0.0, =0.1.1, =0.1.0, =3.0.0, =4.33.0, =5.0.0 and more Source cves: CVE-2026-42557 Source advisory: OSV:GHSA-MQCG-5X36-VFCG...

9.6CVSS5.7AI score0.00386EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/06 1:3 p.m.8 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of integrity, arbitrary code execution, denial of service and SSRF

Summary IBM App Connect Enterprise Certified Container Designer operands that use mapping assistance and Dashboard operands that use the App Connect Enterprise Agent are vulnerable to loss of integrity CVE-2026-28684, arbitrary code execution CVE-2026-28277, denial of service CVE-2026-40347 and...

7.2CVSS6.3AI score0.05219EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/06 1:2 p.m.14 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality, denial of service and cross-site scripting

Summary IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality CVE-2026-41238, CVE-2026-41239, CVE-2026-41240, GHSA-39q2-94rc-95cp, denial of service CVE-2026-33151, CVE-2026-32288 and cross-site scripting CVE-2026-27142. This bulletin...

8.7CVSS5.8AI score0.00514EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.10 views

CVE-2026-36765

An XML external entity XXE vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/01 9:30 a.m.7 views

WordPress Post List Designer – Category Post, Recent Post, Post List plugin <= 3.3.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Posts List Designer by Category – List Category Posts Or Recent Posts versions = 3.3.7...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/30 6:16 p.m.5 views

CVE-2026-36765

An XML external entity XXE vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload...

8.8CVSS0.00334EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/30 12:0 a.m.5 views

EUVD-2026-26400

An XML external entity XXE vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload...

6AI score0.00334EPSS
Exploits0References2
CVE
CVE
added 2026/04/30 12:0 a.m.11 views

CVE-2026-36765

An XXE vulnerability affects SpringBlade v4.8.0 at the /designer/loadReport endpoint. The issue allows authenticated attackers to execute arbitrary code by injecting a crafted payload. The common details across sources identify the root cause as an XML external entity processing flaw, enabling co...

8.8CVSS6AI score0.00334EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.8 views

SpringBlade 代码问题漏洞

SpringBlade is a microservices development platform developed by Blade China. Version 4.8.0 of SpringBlade contains a code vulnerability. This vulnerability stems from XML external entity injection in the /designer/loadReport endpoint, which may allow authenticated attackers to execute arbitrary...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/30 12:0 a.m.4 views

CVE-2026-36765

An XML external entity XXE vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload...

6AI score0.00334EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/30 12:0 a.m.29 views

CVE-2026-36765

An XML external entity XXE vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload...

0.00334EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.13 views

PT-2026-36153

An XML external entity XXE vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload...

6AI score0.00334EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/30 12:0 a.m.3 views

CVE-2026-36765

An XML external entity XXE vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload...

6.2AI score0.00334EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/27 8:8 p.m.35 views

CVE-2026-7191 Arbitrary Code Execution via Sandbox Bypass in the open source solution QnABot on AWS

Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Conten...

8.6CVSS0.00433EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/27 8:8 p.m.6 views

EUVD-2026-25921

Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Conten...

8.6CVSS6.1AI score0.00433EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/27 8:8 p.m.5 views

CVE-2026-7191 Arbitrary Code Execution via Sandbox Bypass in the open source solution QnABot on AWS

Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Conten...

8.6CVSS6.1AI score0.00433EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/16 6:31 a.m.5 views

EUVD-2023-58146

In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...

4.3CVSS5.8AI score0.00317EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/16 5:29 a.m.3 views

CVE-2026-3599

The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter keys within 'productdata' of the /wp-json/InkXEProductDesignerLite/add-item-to-cart REST API endpoint in all versions up to, and including, 2.1.2. This is due to insufficient escaping on t...

7.5CVSS5.9AI score0.00489EPSS
Exploits0References8
Rows per page
Query Builder