Lucene search
K

4428 matches found

Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.13 views

PT-2026-39486

WordPress Plugin IP2Location Country Blocker 2.26.7 contains a stored cross-site scripting vulnerability that allows authenticated users to inject arbitrary JavaScript code through the Frontend Settings interface. Attackers can inject malicious scripts in the URL field of the Display page setting...

6.4CVSS5.9AI score0.00191EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.9 views

WordPress plugin IP2Location Country Blocker 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.6AI score0.00191EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/09 10:38 a.m.85 views

CoreExploit-Final

CoreExploit 🔐 Ethical Penetration Testing Learning Platfor...

5.8AI score
Exploits0
Debian
Debian
added 2026/05/08 6:54 p.m.10 views

[SECURITY] [DSA 6257-1] postorius security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6257-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 08, 2026 https://www.debian.org/security/faq -...

7.2CVSS5.6AI score0.00237EPSS
Exploits0
EUVD
EUVD
added 2026/05/08 9:31 a.m.10 views

EUVD-2026-28538

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Deserialization of Untrusted Data in versions up to, and including, 4.3.1 This is due to insufficient input validation and type checking on the wpuffiles...

8.8CVSS6.1AI score0.00951EPSS
Exploits0References20
ATTACKERKB
ATTACKERKB
added 2026/05/08 9:26 a.m.7 views

CVE-2026-7475

The Sky Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sky-custom-scripts custom post type in all versions up to, and including, 3.3.2. This is due to the custom post type being registered with capabilitytype = 'post' and showinrest = true, combined with...

6.4CVSS6AI score0.00244EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/05/08 9:26 a.m.10 views

CVE-2026-7475 Sky Addons <= 3.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Script

The Sky Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sky-custom-scripts custom post type in all versions up to, and including, 3.3.2. This is due to the custom post type being registered with capabilitytype = 'post' and showinrest = true, combined with...

6.4CVSS6AI score0.00244EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/05/08 9:23 a.m.8 views

WordPress User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin <= 4.3.1 - Authenticated (Subscriber+) PHP Object Injection vulnerability

Authenticated Subscriber+ PHP Object Injection vulnerability discovered by d.v4ns3c in WordPress Plugin WP User Frontend versions = 4.3.1...

8.8CVSS5.8AI score0.00951EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/08 9:16 a.m.21 views

CVE-2026-5127

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Deserialization of Untrusted Data in versions up to, and including, 4.3.1 This is due to insufficient input validation and type checking on the wpuffiles...

8.8CVSS0.00951EPSS
Exploits0References19
ATTACKERKB
ATTACKERKB
added 2026/05/08 8:26 a.m.9 views

CVE-2026-5127

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Deserialization of Untrusted Data in versions up to, and including, 4.3.1 This is due to insufficient input validation and type checking on the wpuffiles...

8.8CVSS6.1AI score0.00951EPSS
Exploits0References20
CVE
CVE
added 2026/05/08 8:26 a.m.21 views

CVE-2026-5127

The CVE-2026-5127 entry concerns the WordPress plugin “User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration.” Affected versions up to 4.3.1 are vulnerable to Deserialization of Untrusted Data via the wpuf_files parameter during form submission, combi...

8.8CVSS6.1AI score0.00951EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.13 views

PT-2026-38904

Name of the Vulnerable Software and Affected Versions Sky Addons versions prior to 3.3.3 Description The Sky Addons plugin for WordPress allows authenticated attackers with Author-level access or higher to inject arbitrary web scripts. This occurs because the sky-custom-scripts custom post type i...

6.4CVSS5.9AI score0.00244EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.17 views

PT-2026-38892

Name of the Vulnerable Software and Affected Versions User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration versions prior to 4.3.2 Description Insufficient input validation and type checking on the wpuf files parameter during form submission, combine...

8.8CVSS6.2AI score0.00951EPSS
Exploits0References23
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.11 views

WordPress plugin User Frontend 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

8.8CVSS6AI score0.00951EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/07 3:46 p.m.16 views

Important: Red Hat Security Advisory: General availability of the satellite/iop-host-inventory-frontend-rhel9 container image

A new satellite/iop-host-inventory-frontend-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running...

9.8CVSS6.6AI score0.01735EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/07 3:45 p.m.14 views

Important: Red Hat Security Advisory: General availability of the satellite/iop-advisor-frontend-rhel9 container image

A new satellite/iop-advisor-frontend-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services...

9.8CVSS6.5AI score0.01735EPSS
Exploits0References7
OSV
OSV
added 2026/05/07 3:55 a.m.4 views

MAL-2026-3363 Malicious code in mrdaa-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 757aca74d8d75ecde7421f2c632969a5b34c11a279d9d28b75755c2ca0825ceb The package mrdaa-frontend was found to contain malicious code. Source: ghsa-malware 0b6c586cd7adad52516658de8bbb3eb18f166350414f223fd73fe34a240d6948...

5.8AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/07 2:16 a.m.10 views

SUSE CVE-2026-43249

In the Linux kernel, the following vulnerability has been resolved: 9p/xen: protect xen9pfsfrontfree against concurrent calls The xenwatch thread can race with other back-end change notifications and call xen9pfsfrontfree twice, hitting the observed general protection fault due to a double-free...

6.3CVSS5.8AI score0.00241EPSS
Exploits0References9
OSV
OSV
added 2026/05/06 10:11 p.m.4 views

GHSA-Q98M-7W8C-W388 Kyverno policy-reporter-ui has XSS via Stored Property Values in PropertyCard Component

Summary Vue 3's v-html directive is the framework-documented mechanism for injecting raw HTML, and it intentionally disables the auto-escaping that interpolation provides. The PropertyCard.vue component uses v-html for the else branch of the URL check, meaning any non-URL string value flows...

6.1CVSS6AI score0.00183EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/06 11:28 a.m.36 views

CVE-2026-43249 9p/xen: protect xen_9pfs_front_free against concurrent calls

In the Linux kernel, the following vulnerability has been resolved: 9p/xen: protect xen9pfsfrontfree against concurrent calls The xenwatch thread can race with other back-end change notifications and call xen9pfsfrontfree twice, hitting the observed general protection fault due to a double-free...

8.8CVSS0.00241EPSS
Exploits0References4
Rows per page
Query Builder