Lucene search
K

6275 matches found

SUSE CVE
SUSE CVE
added 2026/01/17 12:51 a.m.4 views

SUSE CVE-2017-18898

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang...

5.3CVSS6.9AI score0.01096EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/17 12:0 a.m.7 views

PT-2026-3353

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the /cubewp-posts/v1/query-new and /cubewp-posts/v1/query REST API endpoints due to insufficient restrictions on which posts can be include...

5.3CVSS6.2AI score0.00219EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/17 12:0 a.m.6 views

PT-2026-3336

The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.6.0 via the 'sby check wp submit' AJAX action. This is due to insufficient sanitization of user-supplied data and the use of that data in a file operation. This makes it...

5.9CVSS6.1AI score0.00384EPSS
Exploits0References8
Circl
Circl
added 2026/01/16 11:2 p.m.6 views

CVE-2025-69581

creationtimestamp| type| source ---|---|--- 2026-01-16 23:02:15+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mcl7ejtlbs2b 2026-01-16 23:52:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mclc6zk6gh2k...

5.5CVSS5.8AI score0.00213EPSS
Exploits2References2
Circl
Circl
added 2026/01/16 10:0 p.m.6 views

CVE-2026-23800

creationtimestamp| type| source ---|---|--- 2026-01-16 22:00:42+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mcl3whskkc2v 2026-01-16 22:00:52+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mcl3wrinfk2v 2026-01-16 23:57:51+00:00| seen|...

10CVSS5AI score0.00469EPSS
Exploits0References4
OSV
OSV
added 2026/01/16 3:15 p.m.4 views

CVE-2026-21623

Lack of input filterung leads to a persistent XSS vulnerability in the forum post handling of the Easy Discuss component for Joomla...

5.4CVSS5.7AI score0.00177EPSS
Exploits0References1
NVD
NVD
added 2026/01/16 3:15 p.m.6 views

CVE-2026-21623

Lack of input filterung leads to a persistent XSS vulnerability in the forum post handling of the Easy Discuss component for Joomla...

9.4CVSS0.00177EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/16 3:4 p.m.6 views

CVE-2026-21623 Extension - stackideas.com - Persistent XSS in EasyDiscuss component 1.0.0-5.0.15 for Joomla

Lack of input filterung leads to a persistent XSS vulnerability in the forum post handling of the Easy Discuss component for Joomla...

9.4CVSS5.9AI score0.00177EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/16 3:4 p.m.24 views

CVE-2026-21623 Extension - stackideas.com - Persistent XSS in EasyDiscuss component 1.0.0-5.0.15 for Joomla

Lack of input filterung leads to a persistent XSS vulnerability in the forum post handling of the Easy Discuss component for Joomla...

9.4CVSS0.00177EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/16 3:4 p.m.3 views

CVE-2026-21623

Lack of input filterung leads to a persistent XSS vulnerability in the forum post handling of the Easy Discuss component for Joomla...

9.4CVSS5.3AI score0.00177EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/01/16 3:4 p.m.14 views

CVE-2026-21623

The CVE-2026-21623 entry concerns the EasyDiscuss Joomla extension. Affected software: Joomla with the EasyDiscuss component, versions 1.0.0 through 5.0.15. Root cause: lack of input filtering in the forum post handling, enabling a persistent XSS vulnerability. Impact per sources: high confidenti...

9.4CVSS5.9AI score0.00177EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/01/16 8:23 a.m.14 views

CVE-2026-0913

CVE-2026-0913 affects the WordPress plugin User Submitted Posts – Enable Users to Submit Posts from the Front End. It enables Stored Cross-Site Scripting via the usp_access shortcode due to insufficient input sanitization/output escaping on user-supplied attributes. Valid for all versions up to a...

6.4CVSS4.7AI score0.00232EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/16 8:23 a.m.29 views

CVE-2026-0913 User Submitted Posts <= 20260110 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'usp_access' Shortcode

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uspaccess' shortcode in all versions up to, and including, 20260110 due to insufficient input sanitization and output escaping on user...

6.4CVSS0.00232EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/16 8:23 a.m.4 views

CVE-2026-0913

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uspaccess' shortcode in all versions up to, and including, 20260110 due to insufficient input sanitization and output escaping on user...

6.4CVSS5.5AI score0.00232EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/16 8:23 a.m.3 views

CVE-2026-0913 User Submitted Posts <= 20260110 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'usp_access' Shortcode

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uspaccess' shortcode in all versions up to, and including, 20260110 due to insufficient input sanitization and output escaping on user...

6.4CVSS4.7AI score0.00232EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/16 7:23 a.m.4 views

CVE-2026-1003

The GetGenie plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.3.0. This is due to the plugin not properly verifying that a user is authorized to delete a specific post. This makes it possible for authenticated attackers, with Author-level access a...

4.3CVSS5.3AI score0.00213EPSS
Exploits0References4
NVD
NVD
added 2026/01/16 7:15 a.m.10 views

CVE-2026-0916

The Related Posts by Taxonomy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'relatedpostsbytax' shortcode in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS0.00232EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/16 6:43 a.m.2 views

CVE-2026-0916

The Related Posts by Taxonomy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'relatedpostsbytax' shortcode in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS5.5AI score0.00232EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/16 6:43 a.m.4 views

CVE-2026-0916 Related Posts by Taxonomy <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'related_posts_by_tax' Shortcode

The Related Posts by Taxonomy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'relatedpostsbytax' shortcode in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS4.7AI score0.00232EPSS
Exploits0References2
CVE
CVE
added 2026/01/16 6:43 a.m.20 views

CVE-2026-0916

CVE-2026-0916 - WordPress Related Posts by Taxonomy (plugin) The vulnerability is a Stored Cross-Site Scripting (XSS) in the Related Posts by Taxonomy plugin for WordPress, exploitable via the shortcode; it affects all versions up to and including 2.7.6 due to insufficient input sanitization and ...

6.4CVSS4.7AI score0.00232EPSS
Exploits0References3
Rows per page
Query Builder