Lucene search
K

545 matches found

Nuclei
Nuclei
added yesterday10 views

WordPress Image Hover Ultimate - Unauthenticated Settings Update

Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate versions = 9.6.1 WordPress plugin. id: CVE-2021-36888 info: name: WordPress Image Hover Ultimate - Unauthenticated Settings Update author: riteshs4hu severity:...

9.8CVSS7.2AI score0.0674EPSS
Exploits1References2
EUVD
EUVD
added last week7 views

EUVD-2026-41523

The Zakra theme for WordPress is vulnerable to Stored Cross-Site Scripting via post meta values in all versions up to, and including, 4.2.0. This is due to the theme registering three post meta fields zakramenuitemcolor, zakramenuitemhovercolor, and zakramenuitemactivecolor with 'showinrest' = tr...

6.4CVSS6.1AI score0.00187EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 7:49 p.m.12 views

EUVD-2026-33279

Mautic has Stored Cross-Site Scripting XSS in Projects Component...

7.6CVSS5.8AI score0.00164EPSS
Exploits0References2
NVD
NVD
added 2026/06/29 2:16 p.m.10 views

CVE-2026-12856

A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDo...

8.8CVSS0.00292EPSS
Exploits0References5
CVE
CVE
added 2026/06/29 12:33 p.m.19 views

CVE-2026-12856

The CVE-2026-12856 entry concerns the vscode-java extension for Visual Studio Code. The vulnerability arises because the extension trusts all Markdown content in JavaDoc hovers, enabling a malicious Java file to include hidden commands. When a user clicks a specially crafted link in a JavaDoc hov...

8.8CVSS6.1AI score0.00292EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/29 12:33 p.m.8 views

CVE-2026-12856

A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDo...

8.8CVSS6.1AI score0.00292EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/29 12:33 p.m.7 views

EUVD-2026-40084

A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDo...

8.8CVSS6.1AI score0.00292EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/29 12:33 p.m.13 views

CVE-2026-12856 Vscode-java: vscode: command injection vulnerability in the javadoc hover provider of the vscode-java extension

A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDo...

8.8CVSS6.1AI score0.00292EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/29 12:33 p.m.42 views

CVE-2026-12856 Vscode-java: vscode: command injection vulnerability in the javadoc hover provider of the vscode-java extension

A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDo...

8.8CVSS0.00292EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/29 12:33 p.m.6 views

CVE-2026-12856

A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDo...

8.8CVSS6.1AI score0.00292EPSS
Exploits0References4
NVD
NVD
added 2026/06/23 9:17 p.m.6 views

CVE-2026-47383

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated commenter could store HTML in row comments that executed as script when other users hovered over the comment in the expanded form view. The comment write paths persisted the raw comment body with no...

7.4CVSS0.00288EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 8:15 p.m.5 views

CVE-2026-47383

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated commenter could store HTML in row comments that executed as script when other users hovered over the comment in the expanded form view. The comment write paths persisted the raw comment body with no...

7.4CVSS5.9AI score0.00288EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/23 8:15 p.m.33 views

CVE-2026-47383 NocoDB: Stored Cross-Site Scripting via Row Comments

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated commenter could store HTML in row comments that executed as script when other users hovered over the comment in the expanded form view. The comment write paths persisted the raw comment body with no...

7.4CVSS0.00288EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-50178

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. the client-side Angular Language Service VS Code...

8.8CVSS5.9AI score0.00275EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 4:16 p.m.9 views

CVE-2026-50178

The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. the client-side Angular Language Service VS Code extension configures the tooltip Markdown renderer with the isTrusted: true option located in client/src/client.ts. This setting instructs VS...

8.8CVSS0.00275EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 3:20 p.m.30 views

CVE-2026-50178 Angular: Remote Code Execution via JSDoc Hover Command Injection in VS Code Angular Language Service Extension

The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. the client-side Angular Language Service VS Code extension configures the tooltip Markdown renderer with the isTrusted: true option located in client/src/client.ts. This setting instructs VS...

8.7CVSS0.00275EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 3:20 p.m.24 views

CVE-2026-50178

The CVE-2026-50178 entry describes a remote code execution risk in the Angular Language Service VS Code Extension. The issue stems from the client-side tooltip renderer using isTrusted: true, which allows potentially malicious content to be treated as trusted Markdown. The background Angular Lang...

8.8CVSS5.9AI score0.00275EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/22 3:20 p.m.10 views

EUVD-2026-38264

The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. the client-side Angular Language Service VS Code extension configures the tooltip Markdown renderer with the isTrusted: true option located in client/src/client.ts. This setting instructs VS...

8.7CVSS5.9AI score0.00275EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:20 p.m.3 views

CVE-2026-50178

The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. the client-side Angular Language Service VS Code extension configures the tooltip Markdown renderer with the isTrusted: true option located in client/src/client.ts. This setting instructs VS...

8.7CVSS5.9AI score0.00275EPSS
Exploits0References2Affected Software2
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.10 views

CVE-2026-10738

The jQuery Hover Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Footnote Qualifier '...' Syntax in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00253EPSS
Exploits0References1
Rows per page
Query Builder