Lucene search
K

6276 matches found

Circl
Circl
added 2026/01/09 10:39 p.m.23 views

CVE-2025-67070

creationtimestamp| type| source ---|---|--- 2026-01-09 22:39:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbzktodu6e2r 2026-01-09 23:01:31+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbzm2s3tka2v 2026-01-09 23:02:37+00:00| seen|...

8.2CVSS5.8AI score0.00331EPSS
Exploits0References3
Circl
Circl
added 2026/01/09 10:0 p.m.4 views

CVE-2026-0830

creationtimestamp| type| source ---|---|--- 2026-01-09 22:00:56+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbziogyzqy2m 2026-01-09 22:07:00+00:00| seen| Telegram/sbBWfdQsy2QnBSyrchCbfVHeoFEwmnGugyfSbtG1Df5cAwQ 2026-01-09 23:49:41+00:00| seen|...

8.4CVSS5.1AI score0.01279EPSS
Exploits0References4
Circl
Circl
added 2026/01/09 7:58 p.m.6 views

CVE-2025-56425

creationtimestamp| type| source ---|---|--- 2026-01-09 19:58:40+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbzbttdf6v2t 2026-01-09 19:59:10+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbzbupap4v2t...

9.1CVSS5.8AI score0.00637EPSS
Exploits1References2
Circl
Circl
added 2026/01/09 7:58 p.m.6 views

CVE-2025-67825

creationtimestamp| type| source ---|---|--- 2026-01-09 19:58:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbzbtla2jk2v 2026-01-09 19:59:01+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbzbuhkze62u...

5.5CVSS5.8AI score0.00085EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.7 views

CVE-2023-4725

The Simple Posts Ticker WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.3AI score0.00402EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.7 views

CVE-2023-4036

The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones...

4.3CVSS6.9AI score0.00453EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:34 a.m.7 views

CVE-2017-18585

The posts-in-page plugin before 1.3.0 for WordPress has icaddposts template='../ directory traversal...

8.1CVSS7.1AI score0.01976EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:32 a.m.9 views

CVE-2017-18898

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang...

5.3CVSS6.8AI score0.01096EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:32 a.m.7 views

CVE-2017-18889

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API...

4.3CVSS6.9AI score0.00664EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:11 a.m.10 views

CVE-2019-11869

The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that isadmin verifies that the request comes from an admin user it actually only verifies that the request is for an admin page. An unauthenticated attacker can inject a payload into the plugin settings, suc...

6.1CVSS6.2AI score0.05331EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:8 a.m.10 views

CVE-2019-20887

An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5.3, and 4.10.6. It does not honor flags API permissions when deciding whether a user can receive intra-team posts...

4.3CVSS6.9AI score0.00651EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:33 a.m.5 views

CVE-2024-39361

Mattermost versions 9.8.0, 9.7.x = 9.7.4, 9.6.x = 9.6.2 and 9.5.x = 9.5.5 fail to prevent users from specifying a RemoteId for their posts which allows an attacker to specify both a remoteId and the post ID, resulting in creating a post with a user-defined post ID. This can cause some broken...

5.4CVSS6.8AI score0.00277EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:32 a.m.7 views

CVE-2023-25025

Cross-Site Request Forgery CSRF vulnerability in Chetan Gole WP-CopyProtect Protect your blog posts plugin = 3.1.0 versions...

8.8CVSS7AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:30 a.m.6 views

CVE-2023-29237

Missing Authorization vulnerability in Muhammad Rehman Remove Duplicate Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Remove Duplicate Posts: from n/a through 1.3.5...

6.3CVSS8.6AI score0.00313EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:28 a.m.10 views

CVE-2023-49180

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ternstyle LLC Automatic Youtube Video Posts Plugin allows Stored XSS.This issue affects Automatic Youtube Video Posts Plugin: from n/a through 5.2.2...

5.9CVSS6.6AI score0.00386EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:27 a.m.5 views

CVE-2023-45066

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1...

7.5CVSS7.4AI score0.00531EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:26 a.m.5 views

CVE-2023-4792

The Duplicate Post Page Menu & Custom Post Type plugin for WordPress is vulnerable to unauthorized page and post duplication due to a missing capability check on the duplicateppmcpostasdraft function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers with...

4.3CVSS5AI score0.00406EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:25 a.m.7 views

CVE-2023-4779

The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's uspgallery shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. This makes it possible...

6.4CVSS5.8AI score0.00325EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:24 a.m.7 views

CVE-2023-40556

Cross-Site Request Forgery CSRF vulnerability in Greg Ross Schedule Posts Calendar plugin = 5.2 versions...

8.8CVSS7.1AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:24 a.m.9 views

CVE-2023-40560

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Greg Ross Schedule Posts Calendar plugin = 5.2 versions...

5.9CVSS5.6AI score0.00316EPSS
Exploits0References1
Rows per page
Query Builder