Lucene search
K

1075 matches found

NVD
NVD
added 6 days ago11 views

CVE-2026-50766

A stored cross-site scripting XSS vulnerability in the OPAC item detail page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with edititems permission to inject arbitrary web scripts via the item public notes field items.itemnotes...

5.4CVSS0.002EPSS
Exploits1References2
Cvelist
Cvelist
added 6 days ago22 views

CVE-2026-50766

A stored cross-site scripting XSS vulnerability in the OPAC item detail page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with edititems permission to inject arbitrary web scripts via the item public notes field items.itemnotes...

0.002EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 6 days ago5 views

CVE-2026-50766

A stored cross-site scripting XSS vulnerability in the OPAC item detail page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with edititems permission to inject arbitrary web scripts via the item public notes field items.itemnotes...

5.8AI score0.002EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 6 days ago4 views

CVE-2026-50766

A stored cross-site scripting XSS vulnerability in the OPAC item detail page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with edititems permission to inject arbitrary web scripts via the item public notes field items.itemnotes...

5.4CVSS5.8AI score0.002EPSS
Exploits1References3
CVE
CVE
added 6 days ago4 views

CVE-2026-50766

CVE-2026-50766 is a stored XSS vulnerability in the Koha Library Management System (OPAC item detail page) up to version 25.11. An authenticated user with the ability to edit items can inject arbitrary web scripts via the item public notes field (items.itemnotes). The connected documents confirm ...

5.4CVSS5.8AI score0.002EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/06/24 5:33 a.m.10 views

CVE-2026-8688

The CVE pertains to the WordPress plugin Advance Nav Menu Manager (

4.3CVSS5.8AI score0.00227EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.35 views

CVE-2026-8688 Advance Nav Menu Manager <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Nav Menu Item Modification via anmm_save_menu_data AJAX Action

The Advance Nav Menu Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.00227EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51684

Name of the Vulnerable Software and Affected Versions Advance Nav Menu Manager versions prior to 1.4 Description The Advance Nav Menu Manager plugin for WordPress contains an authorization bypass. The issue occurs because the plugin fails to properly verify if a user is authorized to perform...

4.3CVSS5.6AI score0.00227EPSS
Exploits0References12
EUVD
EUVD
added 2026/06/22 3:18 p.m.6 views

EUVD-2026-38260

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow. A user with permission to create or modify records, such as Items, can store HTML/JavaScript in the record name...

4.8CVSS5.7AI score0.00261EPSS
Exploits0References2
CVE
CVE
added 2026/06/20 6:27 p.m.17 views

CVE-2026-56347

CVE-2026-56347 affects the AVideo TopMenu plugin up to version 26.0. The issue is a stored cross-site scripting vulnerability in menu item rendering caused by missing output encoding of icon classes, URLs, and text labels. Attackers can inject malicious JavaScript through unescaped menu item fiel...

6.1CVSS5.7AI score0.00167EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed the lockdep splat issue and potential deadlock that occurs after running delayed items. When running delayed items, we hold the mutex of the delayed node. Then, we attempt to modify a subvolume btree to insert, updat...

5.5AI score0.00168EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: configfs-tsm-report: Fixed the NULL dereference of tsmops. Unlike sysfs, the lifetime of configfs objects is controlled by userspace. There is no mechanism for the kernel to find and delete all created config-items. Instead, t...

5.5CVSS6.3AI score0.00146EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Zabbix

The cause of the vulnerability is improper validation of the “Name” field in the form input on the Graph page in the Items section...

5.5CVSS5.6AI score0.00659EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/19 6:0 a.m.11 views

EUVD-2026-37994

The WP Hotel Booking WordPress plugin before 2.3.1 does not enforce capability checks in several of its AJAX handlers, allowing authenticated users with Subscriber-level access to read other users' booking line items, enumerate active coupons, and read pricing data...

5.8AI score0.00201EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-50848

Name of the Vulnerable Software and Affected Versions WP Hotel Booking versions prior to 2.3.1 Description Several AJAX handlers do not enforce capability checks, which allows authenticated users with Subscriber-level access to read booking line items of other users, enumerate active coupons, and...

6.5CVSS5.9AI score0.00201EPSS
Exploits0References7
NVD
NVD
added 2026/06/18 5:16 p.m.14 views

CVE-2025-32424

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, ScreenshotWebPageBlock will store the captured screenshots in a temporary directory. StepThroughItemsBlock can be used to iterate ScreenshotWebPageBlock...

8.7CVSS0.00276EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/18 4:12 p.m.17 views

CVE-2025-32422 AutoGPT has a DoS vulnerability in FileStoreBlock with StepThroughItemsBlock

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, StepThroughItemsBlock can iterate all the contents in a list and send them to FileStoreBlock for downloading one by one. Although FileStoreBlock has access...

8.7CVSS0.00276EPSS
Exploits0References1
CVE
CVE
added 2026/06/18 4:12 p.m.13 views

CVE-2025-32422

AutoGPT contains a DoS vulnerability in StepThroughItemsBlock leading to disk exhaustion via unbounded downloads to FileStoreBlock. Before version 0.6.63, StepThroughItemsBlock can iterate over an arbitrary list and trigger downloads to FileStoreBlock without limiting loop count, while FileStoreB...

8.7CVSS5.3AI score0.00276EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.11 views

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2026-23032)

In the Linux kernel, the following vulnerability has been resolved: nullblk: fix kmemleak by releasing references to fault configfs items When CONFIGBLKDEVNULLBLKFAULTINJECTION is enabled, the null-blk driver sets up fault injection support by creating the timeoutinject, requeueinject, and...

5.7AI score0.00206EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 2:18 p.m.10 views

CVE-2026-9591

Cross-site request forgery CSRF in NewsItemApiController in SimplCommerce prior to commit 6233d73e allows an unauthenticated remote attacker to create or modify news items as an administrator via a crafted form submitted to /api/news-items, due to missing anti-CSRF protection...

6.9CVSS0.00197EPSS
Exploits0References2
Rows per page
Query Builder