Lucene search
K

105 matches found

NVD
NVD
added 2 days ago6 views

CVE-2026-12994

The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.7.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attacker...

5.3CVSS0.00361EPSS
Exploits0References12
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-43156

The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.7.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attacker...

5.3CVSS6.2AI score0.00361EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/07/01 4:32 a.m.40 views

CVE-2026-12127 WPForms <= 1.10.2 - Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection via Reply-To Display Name

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences 'CRLF Injection' in all versions up to, and including, 1.10.2 This is due to getreplytoaddress processing the Reply-To...

5.3CVSS0.00343EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:32 a.m.10 views

CVE-2026-12127

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences 'CRLF Injection' in all versions up to, and including, 1.10.2 This is due to getreplytoaddress processing the Reply-To...

5.3CVSS5.9AI score0.00343EPSS
Exploits0References12
EUVD
EUVD
added 2026/07/01 4:32 a.m.9 views

EUVD-2026-40907

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences 'CRLF Injection' in all versions up to, and including, 1.10.2 This is due to getreplytoaddress processing the Reply-To...

5.3CVSS5.9AI score0.00343EPSS
Exploits0References11
CVE
CVE
added 2026/07/01 4:32 a.m.15 views

CVE-2026-12127

WPForms – Easy Form Builder for WordPress (WordPress plugin WPForms Lite) versions up to 1.10.2 are vulnerable to CRLF header injection in outgoing notification emails. The root cause is improper neutralization of CRLF sequences: get_reply_to_address() expands the Reply-To display name with conte...

5.3CVSS5.9AI score0.00343EPSS
Exploits0References11
Snyk
Snyk
added 2026/06/09 10:23 a.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the notification emails. An attacker can inject arbitrary HTML content into emails sent to other users by submitting specially crafted input. Details Cross-site scripting or XSS is a code vulnerability that...

5.4CVSS5.1AI score0.00372EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 9:16 a.m.18 views

CVE-2026-34033

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. User-supplied content was included in notification emails without proper escaping, allowing authenticated users to inject arbitrary HTML int...

5.4CVSS0.00372EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 7:35 a.m.30 views

CVE-2026-34033

CVE-2026-34033 affects Apache Answer up to version 2.0.0. The issue is an HTML content injection (basic XSS) where user-supplied content included in notification emails was not properly escaped, allowing authenticated users to inject arbitrary HTML into emails sent to other users. The CVSS vector...

5.4CVSS5.5AI score0.00372EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.14 views

Apache Answer 安全漏洞

Apache Answer is a community platform of the Apache Foundation in the United States. Versions of Apache Answer 2.0.0 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper handling of script-related HTML tags in web pages. The content provided by users was n...

5.4CVSS5.5AI score0.00372EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.9 views

CVE-2026-10729

An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting XSS in emails clients that render HTML emails. This issue affects Canarytokens: fr...

2.1CVSS5.5AI score0.00204EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.11 views

CVE-2026-7563

The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 5.3.10. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it...

4.3CVSS5.6AI score0.00265EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/03 1:2 p.m.9 views

CVE-2026-10729 HTML injection in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens

An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting XSS in emails clients that render HTML emails. This issue affects Canarytokens: fr...

2.1CVSS5.8AI score0.00204EPSS
Exploits0References1
CVE
CVE
added 2026/06/03 1:2 p.m.25 views

CVE-2026-10729

The CVE-2026-10729 entry covers an HTML injection vulnerability in Thinkst Applied Research Canarytokens specifically in the notification email delivery. Affected component: Canarytokens notification emails that render HTML. Root cause described: HTML injection can enable Interface Manipulation a...

2.1CVSS5.8AI score0.00204EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/03 1:2 p.m.39 views

CVE-2026-10729 HTML injection in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens

An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting XSS in emails clients that render HTML emails. This issue affects Canarytokens: fr...

2.1CVSS0.00204EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.10 views

Canarytokens 安全漏洞

Canarytokens is a network activity tracking system open-source by Thinkst Applied Research. There is a security vulnerability in Canarytokens, which stems from HTML injection in notification emails. This vulnerability may lead to interface manipulation and cross-site scripting attacks...

2.1CVSS4.9AI score0.00204EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/11 5:32 p.m.7 views

CVE-2026-42857

Open edX Platform enables the authoring and delivery of online learning at any scale. The HTML sanitizer cleanthreadhtmlbody used for discussion notification emails fails to remove...

4.6CVSS5.8AI score0.0021EPSS
Exploits1References3
NVD
NVD
added 2026/05/05 1:16 p.m.13 views

CVE-2026-27694

Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the email notification templates insert user-controlled device, geofence, and driver names into HTML email output without proper escaping. An attacker with low privileges can store...

5.4CVSS0.00162EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 12:20 p.m.3 views

CVE-2026-27694

Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the email notification templates insert user-controlled device, geofence, and driver names into HTML email output without proper escaping. An attacker with low privileges can store...

5.4CVSS5.8AI score0.00162EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/29 3:34 p.m.4 views

CVE-2026-40229

Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unescaped in public forum threads where they participate, in the admin ticket view, and in HTML...

5.1CVSS5AI score0.00177EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder