Lucene search
K

52 matches found

NVD
NVD
added 8 hours ago5 views

CVE-2026-12133

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Group Deletion in versions up to, and including, 5.7.8. This is due to a missing capability check in the joomsportseasongroupdel AJAX handler, which only...

4.3CVSS
Exploits0References10
EUVD
EUVD
added 10 hours ago4 views

EUVD-2026-40887

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Group Deletion in versions up to, and including, 5.7.8. This is due to a missing capability check in the joomsportseasongroupdel AJAX handler, which only...

4.3CVSS5.9AI score
Exploits0References10
CVE
CVE
added 10 hours ago5 views

CVE-2026-12133

Summary: The JoomSport – for Sports: Team & League, Football & more plugin for WordPress (up to version 5.7.8) is vulnerable to Missing Authorization to Arbitrary Group Deletion via the joomsport_season_groupdel() AJAX handler. The issue arises from a missing capability check; the handler only ve...

4.3CVSS5.9AI score
Exploits0References10
NVD
NVD
added 2026/05/19 2:16 p.m.16 views

CVE-2025-40902

A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing...

5.9CVSS0.00194EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/19 1:21 p.m.7 views

CVE-2025-40902

A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing...

5.9CVSS5.8AI score0.00194EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/19 1:21 p.m.7 views

EUVD-2025-209893

A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing...

5.9CVSS5.8AI score0.00194EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/19 1:21 p.m.33 views

CVE-2025-40902 HTML injection in Users in Guardian/CMC before 26.1.0

A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing...

5.9CVSS0.00194EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 1:21 p.m.22 views

CVE-2025-40902

CVE-2025-40902 describes a Stored HTML Injection in the Guardian/CMC Users feature prior to 26.1.0. An authenticated admin can create a user whose username contains HTML tags; when a victim deletes a group containing that user, the injected HTML may render in the browser, enabling phishing and po...

5.9CVSS5.8AI score0.00194EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2026/05/19 1:21 p.m.12 views

CVE-2025-40902 HTML injection in Users in Guardian/CMC before 26.1.0

A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing...

5.9CVSS5.8AI score0.00194EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.14 views

PT-2026-41889

A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing...

5.9CVSS5.8AI score0.00194EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.9 views

Nozomi Networks CMC和Nozomi Networks Guardian 跨站脚本漏洞

Nozomi Networks CMC and Nozomi Networks Guardian are both products of Nozomi Networks, a company based in the United States. Nozomi Networks CMC is a network management platform. Nozomi Networks Guardian is a security software. Both Nozomi Networks CMC and Nozomi Networks Guardian have cross-site...

5.9CVSS5.7AI score0.00194EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:32 a.m.10 views

CVE-2019-16172

LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. The attack uses a survey group in which the title contains JavaScript that is mishandled upon group deletion...

5.4CVSS5.7AI score0.04611EPSS
Exploits7References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2004-0713

Malware in sbrugna...

5.1CVSS6.4AI score0.02312EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-10993

Malware in sbrugna...

6.5CVSS6.6AI score0.00651EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-3994

Malware in sbrugna...

6.5CVSS6.4AI score0.00811EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-9410

Malicious code in bioql PyPI...

6.8CVSS6.5AI score0.00975EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-22514

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00301EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2022-2307

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A lack of cascading deletes in GitLab CE/EE affecting all versions starting from 13.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions...

3.8CVSS5AI score0.00458EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/26 3:2 a.m.2 views

CVE-2025-9444 1000projects Online Project Report Submission and Evaluation System delete_group_student.php sql injection

A vulnerability has been found in 1000projects Online Project Report Submission and Evaluation System 1.0. This issue affects some unknown processing of the file /admin/controller/deletegroupstudent.php. The manipulation of the argument batchid leads to sql injection. The attack can be initiated...

7.5CVSS7.6AI score0.00387EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-22264

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 13.8 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions...

6.8CVSS6.4AI score0.00975EPSS
Exploits0References2
Rows per page
Query Builder