Lucene search
K

4433 matches found

Vulnrichment
Vulnrichment
added 2026/03/06 11:22 p.m.5 views

CVE-2026-1644 WP Frontend Profile <= 1.3.8 - Cross-Site Request Forgery to Unauthorized User Account Approval or Rejection

The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'updateaction' function. This makes it possible for unauthenticated attackers to approve or reject user account...

4.3CVSS5.8AI score0.0016EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/06 11:22 p.m.5 views

CVE-2026-1644

The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'updateaction' function. This makes it possible for unauthenticated attackers to approve or reject user account...

4.3CVSS5.8AI score0.0016EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/06 11:22 p.m.34 views

CVE-2026-1644 WP Frontend Profile <= 1.3.8 - Cross-Site Request Forgery to Unauthorized User Account Approval or Rejection

The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'updateaction' function. This makes it possible for unauthenticated attackers to approve or reject user account...

4.3CVSS0.0016EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/06 7:54 a.m.6 views

CVE-2026-28126

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sizam RH Frontend Publishing Pro rh-frontend allows Reflected XSS.This issue affects RH Frontend Publishing Pro: from n/a through 4.3.4...

7.1CVSS5.9AI score0.00146EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/06 7:14 a.m.4 views

Malicious Package

Overview mozilla-addons-frontend is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS5.4AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.8 views

PT-2026-23760

The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'update action' function. This makes it possible for unauthenticated attackers to approve or reject user account...

4.3CVSS5.8AI score0.0016EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/05 6:30 a.m.5 views

EUVD-2026-9778

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sizam RH Frontend Publishing Pro rh-frontend allows Reflected XSS.This issue affects RH Frontend Publishing Pro: from n/a through = 4.3.2...

7.1CVSS5.9AI score0.00146EPSS
Exploits0References2
NVD
NVD
added 2026/03/05 6:16 a.m.6 views

CVE-2026-28126

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sizam RH Frontend Publishing Pro rh-frontend allows Reflected XSS.This issue affects RH Frontend Publishing Pro: from n/a through 4.3.4...

7.1CVSS0.00146EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/05 5:54 a.m.4 views

CVE-2026-28126

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sizam RH Frontend Publishing Pro allows Reflected XSS.This issue affects RH Frontend Publishing Pro: from n/a before 4.3.4...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/05 5:54 a.m.2 views

CVE-2026-28126 WordPress RH Frontend Publishing Pro plugin < 4.3.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sizam RH Frontend Publishing Pro allows Reflected XSS.This issue affects RH Frontend Publishing Pro: from n/a before 4.3.4...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
CVE
CVE
added 2026/03/05 5:54 a.m.17 views

CVE-2026-28126

CVE-2026-28126 is a Reflected XSS in the RH Frontend Publishing Pro plugin (rh-frontend) for WordPress. Description and Red Hat/WordPress sources indicate improper neutralization of input during web page generation, enabling reflected XSS for RH Frontend Publishing Pro versions up to affected bui...

7.1CVSS5.9AI score0.00146EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/05 5:54 a.m.35 views

CVE-2026-28126 WordPress RH Frontend Publishing Pro plugin < 4.3.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sizam RH Frontend Publishing Pro rh-frontend allows Reflected XSS.This issue affects RH Frontend Publishing Pro: from n/a through 4.3.4...

7.1CVSS0.00146EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.6 views

WordPress plugin rh-frontend 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.1CVSS5.7AI score0.00146EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.4 views

PT-2026-23398

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sizam RH Frontend Publishing Pro rh-frontend allows Reflected XSS.This issue affects RH Frontend Publishing Pro: from n/a through = 4.3.2...

5.9AI score0.00146EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/03 6:31 p.m.6 views

@atlassian/aui (>=9.3.22 <=10.0.0-M02), @charcoal-ui/icons (>=3.16.0 <=3.21.0) +115 more potentially affected by CVE-2025-15599 via dompurify (>=2.5.4 <=2.5.8)

dompurify NPM version =2.5.4, =9.3.22, =3.16.0, =3.0.0, =3.0.0, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240719153432, =0.0.0-fec-156-react19-20250116105607, =0.0.0-fec-156-react19-20250116105607,...

6.1CVSS5.4AI score0.00245EPSS
Exploits0
Snyk
Snyk
added 2026/03/02 6:36 p.m.3 views

Cross-site Scripting (XSS)

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Cross-site Scripting XSS via the v-html due to the lack of sanitization. An attacker with Editor role can execute arbitrary scripts in the context of a user's browser by storing malicious content in rich text cells...

5.4CVSS5.9AI score0.00179EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/02 6:35 p.m.3 views

Cross-site Scripting (XSS)

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Cross-site Scripting XSS via the CommentsService component, which uses v-html without proper sanitization. An attacker can execute arbitrary JavaScript code in the context of a user's browser by submitting crafted inp...

5.4CVSS5.9AI score0.00179EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/02 6:34 p.m.3 views

Cross-site Scripting (XSS)

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Comment.insert function that that lacks sanitization for stored HTML. An attacker can execute arbitrary JavaScript code in the context of the user's browser by submitting crafted input...

5.4CVSS5.9AI score0.00143EPSS
Exploits0References2
CVE
CVE
added 2026/03/02 4:28 p.m.16 views

CVE-2026-28286

ZimaOS 1.5.2-beta3 is affected: the UI blocks file/folder creation in internal paths, but the API bypasses this validation, allowing arbitrary file/directory creation in sensitive dirs (e.g., /etc, /usr) via crafted requests. Root cause is improper API path validation, enabling path traversal-lik...

9.9CVSS6AI score0.0041EPSS
Exploits2References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/28 7:45 p.m.7 views

CVE-2026-3327

Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews v1.0.31...

4.8CVSS6.1AI score0.00322EPSS
Exploits0References1
Rows per page
Query Builder