Lucene search
K

7 matches found

EUVD
EUVD
added 2026/06/25 3:23 p.m.17 views

EUVD-2026-39439

K2 ≤ 2.26 renders the k2users.image column directly into HTML src attributes via two distinct templates, in both cases without HTML escaping...

6.1CVSS5.8AI score0.00149EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 10:16 p.m.8 views

CVE-2026-48167

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the ImageColumn and ImageEntry components render raw database values without escaping HTML. Where the data passed to these components isn't validated, an attacker could plant...

6.4CVSS0.00148EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.16 views

PT-2026-51388

Name of the Vulnerable Software and Affected Versions Filament versions prior to 4.11.5 Filament versions prior to 5.6.5 Description The ImageColumn and ImageEntry components render raw database values without escaping HTML. If the data passed to these components is not validated, an attacker can...

6.4CVSS5.9AI score0.00148EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/21 12:32 a.m.6 views

EUVD-2026-23981

The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.5.0.4. This is due to insufficient input sanitization and output escaping in the prepareCellOutput method of the...

4.7CVSS5.9AI score0.00272EPSS
Exploits0References3
NVD
NVD
added 2026/04/20 11:16 p.m.6 views

CVE-2026-5721

The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.5.0.4. This is due to insufficient input sanitization and output escaping in the prepareCellOutput method of the...

4.7CVSS0.00272EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/20 10:25 p.m.25 views

CVE-2026-5721 wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 6.5.0.4 - Unauthenticated Stored Cross-Site Scripting via CSV/Excel Data Import

The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.5.0.4. This is due to insufficient input sanitization and output escaping in the prepareCellOutput method of the...

4.7CVSS0.00272EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/20 10:25 p.m.3 views

CVE-2026-5721

The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.5.0.4. This is due to insufficient input sanitization and output escaping in the prepareCellOutput method of the...

4.7CVSS5.9AI score0.00272EPSS
Exploits0References3
Rows per page
Query Builder