Lucene search
K

37 matches found

CVE
CVE
added 2026/07/01 8:44 p.m.20 views

CVE-2026-55661

CVE-2026-55661 affects TinaCMS rich-text rendering (Slate JSON) where the url field on Slate link/image nodes was not sanitized, allowing stored XSS via dangerous URL schemes such as javascript: or data:text/html. Affected versions include tinacms/mdx <2.1.7 and tinacms =2.1.7 and tinacms >...

4.8CVSS5.6AI score0.00239EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/30 4:30 a.m.6 views

CVE-2026-12560

The Editorial Rating – Product Review & Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'Link URL' Field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS5.9AI score0.0024EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/30 4:30 a.m.8 views

EUVD-2026-40251

The Editorial Rating – Product Review & Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'Link URL' Field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS5.9AI score0.0024EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/12 1:28 a.m.13 views

EUVD-2026-36372

The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linkurl' parameter of the prestoplayeroverlay shortcode in versions up to, and including, 4.2.0 This is due to insufficient input sanitization and output escaping in the getOverlays function, which copies...

6.4CVSS5.7AI score0.00239EPSS
Exploits0References10
OSV
OSV
added 2026/05/14 8:23 p.m.5 views

GHSA-FCJQ-435V-JX94 pyLoad is vulnerable to stored XSS in Downloads view via unsanitized link URL in packages.js template literal

Summary The packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates a stored link URL into a template literal inside single-quoted HTML and then writes the result to the DOM via $div.htmlhtml. No escaping runs between the API value and innerHTML. An...

8.7CVSS5.9AI score0.00199EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/14 8:23 p.m.10 views

pyLoad is vulnerable to stored XSS in Downloads view via unsanitized link URL in packages.js template literal

Summary The packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates a stored link URL into a template literal inside single-quoted HTML and then writes the result to the DOM via $div.htmlhtml. No escaping runs between the API value and innerHTML. An...

8.7CVSS5.9AI score0.00199EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2010-3607

Malware in sbrugna...

4.3CVSS6.3AI score0.09402EPSS
Exploits0References21
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-30402

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00239EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/09/24 7:29 a.m.7 views

CVE-2025-10787

A vulnerability was found in MuYuCMS up to 2.7. Impacted is an unknown function of the file /index/index.html of the component Add Fiend Link Handler. Performing manipulation of the argument Link URL results in server-side request forgery. The attack may be initiated remotely. The exploit has bee...

6.5CVSS6.6AI score0.00239EPSS
Exploits0References1
NVD
NVD
added 2025/09/22 7:15 a.m.5 views

CVE-2025-10787

A vulnerability was found in MuYuCMS up to 2.7. Impacted is an unknown function of the file /index/index.html of the component Add Fiend Link Handler. Performing manipulation of the argument Link URL results in server-side request forgery. The attack may be initiated remotely. The exploit has bee...

6.5CVSS0.00239EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/22 7:2 a.m.4 views

CVE-2025-10787 MuYuCMS Add Fiend Link index.html server-side request forgery

A vulnerability was found in MuYuCMS up to 2.7. Impacted is an unknown function of the file /index/index.html of the component Add Fiend Link Handler. Performing manipulation of the argument Link URL results in server-side request forgery. The attack may be initiated remotely. The exploit has bee...

6.5CVSS6.5AI score0.00239EPSS
Exploits0References4
NVD
NVD
added 2025/08/27 3:15 a.m.4 views

CVE-2025-7732

The Lazy Load for Videos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lazy‑loading handlers in all versions up to, and including, 2.18.7 due to insufficient input sanitization and output escaping. The plugin’s JavaScript registration handlers read the client‑supplied...

6.4CVSS0.00225EPSS
Exploits0References5
NVD
NVD
added 2025/08/16 4:16 a.m.6 views

CVE-2025-7439

Anber Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $anberitem'buttonlink''url'’ parameter in all versions up to, and including, 1.0.1 to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00185EPSS
Exploits0References2
OSV
OSV
added 2025/07/18 8:15 p.m.2 views

UBUNTU-CVE-2025-54310

qBittorrent before 5.1.2 does not prevent access to a local file that is referenced in a link URL. This affects rsswidget.cpp and searchjobwidget.cpp...

5.3CVSS5.8AI score0.00398EPSS
Exploits0References5
OSV
OSV
added 2025/07/04 8:15 a.m.5 views

CVE-2024-11937

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's linkURL in the Mobile Menu element in all versions up to, and including, 4.10.69 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

5.4CVSS5.9AI score0.00165EPSS
Exploits0References2
OSV
OSV
added 2024/10/21 7:15 p.m.1 views

UBUNTU-CVE-2024-50011

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-rpl-match: add missing empty item There is no linksnum in struct sndsocacpimach , and we test !link-numadr as a condition to end the loop in hdasdwmachineselect. So an empty item in struct...

5.5CVSS5.7AI score0.00189EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2024/09/28 2:51 a.m.5 views

SUSE CVE-2024-46862

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-mtl-match: add missing empty item There is no linksnum in struct sndsocacpimach , and we test !link-numadr as a condition to end the loop in hdasdwmachineselect. So an empty item in struct...

5.5CVSS6.5AI score0.00177EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/09/28 2:50 a.m.4 views

SUSE CVE-2024-46863

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item There is no linksnum in struct sndsocacpimach , and we test !link-numadr as a condition to end the loop in hdasdwmachineselect. So an empty item in struct...

5.5CVSS7.7AI score0.00179EPSS
Exploits0References3
OSV
OSV
added 2024/09/27 1:15 p.m.9 views

AZL-49887 CVE-2024-46863 affecting package kernel for versions less than 5.15.167.1-1

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item There is no linksnum in struct sndsocacpimach , and we test !link-numadr as a condition to end the loop in hdasdwmachineselect. So an empty item in struct...

5.5CVSS5.6AI score0.00179EPSS
Exploits0References1
OSV
OSV
added 2024/09/27 1:15 p.m.1 views

DEBIAN-CVE-2024-46862

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-mtl-match: add missing empty item There is no linksnum in struct sndsocacpimach , and we test !link-numadr as a condition to end the loop in hdasdwmachineselect. So an empty item in struct...

5.5CVSS4.7AI score0.00177EPSS
Exploits0References1
Rows per page
Query Builder