Lucene search
K

3645 matches found

NVD
NVD
added 2026/06/09 9:16 a.m.17 views

CVE-2026-34033

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. User-supplied content was included in notification emails without proper escaping, allowing authenticated users to inject arbitrary HTML int...

5.4CVSS0.0035EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 7:35 a.m.24 views

CVE-2026-34033

CVE-2026-34033 affects Apache Answer up to version 2.0.0. The issue is an HTML content injection (basic XSS) where user-supplied content included in notification emails was not properly escaped, allowing authenticated users to inject arbitrary HTML into emails sent to other users. The CVSS vector...

5.4CVSS5.5AI score0.0035EPSS
Exploits0References2Affected Software1
Packet Storm News
Packet Storm News
added 2026/06/09 12:0 a.m.8 views

Evaluating and Combating the Impact of Concept Drift on the Performance of Machine Learning-Based Phishing Detection Systems

The expansion of the digital domain has resulted in a substantial increase in digital communication, with email emerging as one of the most prominent channels. The proliferation of email communication is apparent in both professional and personal contexts, thereby creating numerous vulnerabilitie...

5.5AI score
Exploits0
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.12 views

Apache Answer 安全漏洞

Apache Answer is a community platform of the Apache Foundation in the United States. Versions of Apache Answer 2.0.0 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper handling of script-related HTML tags in web pages. The content provided by users was n...

5.4CVSS5.5AI score0.0035EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/08 7:47 p.m.8 views

WordPress MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin <= 2.0.4 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Faizan Shaik in WordPress Plugin MailerPress versions = 2.0.4...

6.4CVSS5.4AI score0.00234EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.9 views

WordPress plugin Event Monster – Event Management, Events Calendar, Tickets 数据伪造问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.3CVSS5.3AI score0.00165EPSS
Exploits0References6
CVE
CVE
added 2026/06/05 11:28 p.m.31 views

CVE-2026-8608

The CVE affects the WordPress plugin “Event Monster” (Event Monster – Event Management, Events Calendar, Tickets) up to version 2.1.0. The root cause is Insufficient Verification of Data Authenticity in the capture_payment() AJAX handler (wp_ajax_nopriv_em_capture_payment), which trusts client-su...

5.3CVSS5.6AI score0.00165EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.7 views

CVE-2026-10729

An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting XSS in emails clients that render HTML emails. This issue affects Canarytokens: fr...

2.1CVSS5.5AI score0.00204EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.10 views

CVE-2026-7563

The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 5.3.10. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it...

4.3CVSS5.6AI score0.00265EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.7 views

CVE-2026-4888

The Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 3.4.7. This makes it possible for authenticated...

4.3CVSS5.6AI score0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.8 views

CVE-2026-40229

Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unescaped in public forum threads where they participate, in the admin ticket view, and in HTML...

5.4CVSS5.3AI score0.00177EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.8 views

CVE-2026-40908

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the file git.json.php at the web root executes git log -1 and returns the full output as JSON to any unauthenticated user. This exposes the exact deployed commit hash enabling version fingerprinting against known CVEs,...

5.3CVSS5.4AI score0.0025EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.11 views

CVE-2026-35460

Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, transactional email templates in Papra interpolate user.name directly into HTML without escaping or sanitization. An attacker who registers with a display name containing HTML tags will have those tags injected...

5.4CVSS5.5AI score0.00192EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.7 views

CVE-2026-6411

This vulnerability, in the MAXHUB Pivot client application versions prior to v1.36.2, may allow an attacker to obtain encrypted tenant email addresses and related metadata from any tenant. Due to the presence of a hardcoded AES key within the application, the encrypted data can be decrypted,...

7.3CVSS5.4AI score0.00159EPSS
Exploits0References1
HackRead
HackRead
added 2026/06/05 5:16 p.m.14 views

Atlas Menu Data Breach Exposes 64,000 GTA V and CS2 Cheat Service Users

Atlas Menu Data Breach exposes 64,000 GTA V and CS2 cheat service users, leaking emails, IPs, support tickets and hashed passwords...

5.4AI score
Exploits0
OSV
OSV
added 2026/06/05 3:21 p.m.6 views

GHSA-5549-C5Q7-FJ65 Vantage6: No limit on emails sent for password/MFA reset

Impact Users can reset their MFA token via API routes that send them an email. Currently the number of emails that is sent is not limited. This gives attackers the option to flood someones mailbox with a lot of emails, and would have adverse effects on the SMTP server which may be seen as spam...

2.1CVSS5.5AI score0.00278EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/05 3:21 p.m.13 views

Vantage6: No limit on emails sent for password/MFA reset

Impact Users can reset their MFA token via API routes that send them an email. Currently the number of emails that is sent is not limited. This gives attackers the option to flood someones mailbox with a lot of emails, and would have adverse effects on the SMTP server which may be seen as spam...

2.1CVSS5.5AI score0.00278EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.16 views

PT-2026-47070

Name of the Vulnerable Software and Affected Versions The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress versions prior to 2.1.1 Description The software is affected by Insufficient Verification of Data Authenticity. The capture payment AJAX handler, registered vi...

5.3CVSS5.6AI score0.00165EPSS
Exploits0References10
NVD
NVD
added 2026/06/04 3:16 p.m.14 views

CVE-2026-10864

A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option and influence which fields were returned by the New Users and New Organisations widgets. In some cases, requesting a field set that became empty after validation or redaction could cause th...

5.3CVSS0.00176EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 3:16 a.m.9 views

CVE-2026-10597

OMICARD EDM developed by ITPison has a Insecure Direct Object Reference vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to obtain user's email address...

6.9CVSS0.00244EPSS
Exploits0References2
Rows per page
Query Builder