Lucene search
K

1033 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-9738

The Print, PDF, Email by PrintFriendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'contentpositioncss' parameter in all versions up to, and including, 5.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS0.00208EPSS
Exploits0References8
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-43136

The Print, PDF, Email by PrintFriendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'contentpositioncss' parameter in all versions up to, and including, 5.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS6.2AI score0.00208EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 4 days ago11 views

PT-2026-57402

Name of the Vulnerable Software and Affected Versions Print, PDF, Email by PrintFriendly for WordPress versions prior to 5.5.11 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with administrator-level access and...

4.4CVSS6.2AI score0.00208EPSS
Exploits0References11
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-42863

The Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lgxtooltipposition' parameter in all versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. This...

6.4CVSS6.2AI score0.00193EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-13247

The Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lgxtooltipposition' parameter in all versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. This...

6.4CVSS6.2AI score0.00193EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-13247 Logo Slider <= 5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'lgx_tooltip_position' Parameter

The Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lgxtooltipposition' parameter in all versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. This...

6.4CVSS0.00193EPSS
Exploits0References5
CVE
CVE
added 5 days ago15 views

CVE-2026-13247

CVE-2026-13247 affects the WordPress plugin Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase (versions up to 5.5). The vulnerability is a stored cross-site scripting via the lgx_tooltip_position parameter caused by insufficient input sanitization and output escaping. Exploitation ...

6.4CVSS6.2AI score0.00193EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.19 views

PT-2026-56006

Name of the Vulnerable Software and Affected Versions Amazon mcp-gateway-registry versions prior to 1.0.13 Description The metrics-service retention policy management component fails to properly neutralize special elements. This allows an authenticated remote user to execute arbitrary SQL queries...

8.6CVSS6.3AI score0.00325EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2026-40548

Insufficient policy enforcement in Web Authentication Passkeys & Security Keys in Google Chrome on iOS prior to 150.0.7871.47 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00238EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 11:17 p.m.2 views

DEBIAN-CVE-2026-13876

Inappropriate implementation in Network in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to bypass content security policy via malicious network traffic. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 10:39 p.m.76 views

CVE-2026-14092

CVE-2026-14092 affects Google Chrome (Chromium-based privacy policy enforcement). It describes insufficient policy enforcement in Privacy in Chrome prior to 150.0.7871.47, enabling an attacker in a privileged network position to leak cross-origin data via malicious network traffic. The CVSS base ...

4.3CVSS5.8AI score0.00142EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.11 views

PT-2026-53064

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The ELF image activator cleared per-process ASLR Address Space Layout Randomization, a security technique that randomizes memory addresses to prevent exploitatio...

7.8CVSS5.8AI score0.00106EPSS
Exploits0References8
NVD
NVD
added 2026/06/23 6:17 p.m.19 views

CVE-2026-45135

Caddy is an extensible server platform that uses TLS by default. From 2.7.0 until 2.11.3, the FastCGI transport's splitPos in modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct fla...

8.1CVSS0.00399EPSS
Exploits1References1
NVD
NVD
added 2026/06/17 5:16 p.m.18 views

CVE-2025-71325

picklescan before 0.0.27 contains a parsing logic error in the listglobals function when handling STACKGLOBAL opcodes, failing to track arguments in the correct range and allowing malicious pickle files to bypass detection. Attackers can craft pickle files with arguments at position zero to trigg...

9.8CVSS0.00475EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 3:5 p.m.11 views

EUVD-2025-210271

picklescan before 0.0.27 contains a parsing logic error in the listglobals function when handling STACKGLOBAL opcodes, failing to track arguments in the correct range and allowing malicious pickle files to bypass detection. Attackers can craft pickle files with arguments at position zero to trigg...

9.8CVSS5.2AI score0.00475EPSS
Exploits0References3
OSV
OSV
added 2026/06/17 3:5 p.m.3 views

CVE-2025-71325 picklescan - Detection Bypass via STACK_GLOBAL Opcode Parsing Logic Flaw

picklescan before 0.0.27 contains a parsing logic error in the listglobals function when handling STACKGLOBAL opcodes, failing to track arguments in the correct range and allowing malicious pickle files to bypass detection. Attackers can craft pickle files with arguments at position zero to trigg...

9.3CVSS6AI score0.00475EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.14 views

PT-2026-49266

LibreOffice can import presentations in the legacy binary PPT format. A stack buffer overflow existed when importing a colour-replacement record. Two fixed-size colour tables were filled from the file, but the write position was not reset between the two passes over the record, so a file whose...

6.9CVSS5.7AI score0.0012EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 6:24 p.m.4 views

OPENSUSE-SU-2026:20963-1 Security update for neonmodem

This update for neonmodem fixes the following issues: Changes in neonmodem: - Update golang.org/x/net dependency to v0.55.0 due to bsc1267193 - Update golang.org/x/image dependency to v0.38.0 due to bsc1260727 - Update golang.org/x/term dependency to v0.42.0 due to bsc1260727 - Update to version...

6.5CVSS6.2AI score0.00328EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/12 12:31 a.m.10 views

EUVD-2026-36333

Use after free in Network in Google Chrome prior to 149.0.7827.115 allowed an attacker in a privileged network position to potentially exploit heap corruption via malicious network traffic. Chromium security severity: High...

8.1CVSS5.5AI score0.00225EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.11 views

CVE-2026-46539

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a logic flaw in BlockInclusionProof::isblockproven causes the function to return true without performing any cryptographic verification when getinterlinkhops...

5.9CVSS5.4AI score0.0015EPSS
Exploits0References1
Rows per page
Query Builder