Lucene search
K

6279 matches found

CVE
CVE
added 2025/12/19 9:5 p.m.9 views

CVE-2023-53952

CVE-2023-53952 affects Dotclear 2.25.3, which contains a remote code execution vulnerability exploitable by authenticated attackers through the blog post creation interface. The issue arises from allowing uploads of PHP files with a .phar extension; such uploaded files can execute PHP system comm...

8.8CVSS8.3AI score0.00969EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2025/12/19 9:15 a.m.5 views

CVE-2025-11747

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the colibriblogposts shortcode in all versions up to, and including, 1.0.345 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00275EPSS
Exploits0References3
CVE
CVE
added 2025/12/19 8:23 a.m.16 views

CVE-2025-11747

CVE-2025-11747 affects the Colibri Page Builder WordPress plugin. The Wordfence report documents a stored cross-site scripting vulnerability in the colibri_blog_posts shortcode caused by insufficient input sanitization and lack of proper output escaping, affecting all versions up to and including...

6.4CVSS4.6AI score0.00275EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/19 8:23 a.m.3 views

EUVD-2025-204478

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the colibriblogposts shortcode in all versions up to, and including, 1.0.345 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS4.5AI score0.00275EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.5 views

PT-2025-52435

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the colibri blog posts shortcode in all versions up to, and including, 1.0.345 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS4.9AI score0.00275EPSS
Exploits0References4
Circl
Circl
added 2025/12/18 11:8 p.m.4 views

CVE-2025-68386

creationtimestamp| type| source ---|---|--- 2025-12-18 23:08:03+00:00| seen| https://bsky.app/profile/potato.software/post/3macc65yxl32k 2025-12-18 23:53:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3macepn7fbv2q...

4.3CVSS5.8AI score0.00164EPSS
Exploits0References2
Circl
Circl
added 2025/12/18 6:15 p.m.3 views

CVE-2025-68161

creationtimestamp| type| source ---|---|--- 2025-12-18 18:15:51+00:00| seen| https://seclists.org/oss-sec/2025/q4/285 2025-12-18 19:27:49+00:00| seen| https://mstdn.social/users/jschauma/statuses/115742216551427386 2025-12-18 19:28:16+00:00| seen|...

6.3CVSS5.9AI score0.00743EPSS
Exploits1References24
Circl
Circl
added 2025/12/18 9:26 a.m.6 views

CVE-2025-64371

creationtimestamp| type| source ---|---|--- 2025-12-18 09:26:42+00:00| seen| https://gist.github.com/Darkcrai86/ef6ee82ad15d64b1f97e57ae569cd6cf 2025-12-18 10:57:20+00:00| seen| https://gist.github.com/Darkcrai86/3aa71eeca6e6d567384ccc6041062ce6...

8.5CVSS4.8AI score0.00211EPSS
Exploits0References2
Circl
Circl
added 2025/12/18 9:4 a.m.6 views

CVE-2025-66078

creationtimestamp| type| source ---|---|--- 2025-12-18 09:04:17+00:00| seen| https://infosec.exchange/users/offseq/statuses/115739764726607735 2025-12-18 09:04:18+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3maaszifayo27 2025-12-18 09:27:54+00:00| seen|...

9.1CVSS4.8AI score0.00314EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/18 12:34 a.m.7 views

EUVD-2023-60199

Serendipity 2.4.0 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through blog entry creation. Attackers can craft entries with JavaScript payloads that will execute when other users view the compromised blog post...

5.1CVSS5.5AI score0.00205EPSS
Exploits1References4
NVD
NVD
added 2025/12/17 11:15 p.m.5 views

CVE-2023-53932

Serendipity 2.4.0 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through blog entry creation. Attackers can craft entries with JavaScript payloads that will execute when other users view the compromised blog post...

5.4CVSS0.00205EPSS
Exploits1References3
Circl
Circl
added 2025/12/17 5:3 p.m.11 views

CVE-2025-20393

creationtimestamp| type| source ---|---|--- 2025-12-17 17:03:45+00:00| seen| https://infosec.exchange/users/AAKL/statuses/115735906228666088 2025-12-17 17:17:20+00:00| seen| https://bsky.app/profile/pylos.co/post/3ma7645ozwk2t 2025-12-17 17:23:48+00:00| seen|...

10CVSS6.1AI score0.2906EPSS
Exploits2References141
OSV
OSV
added 2025/12/17 1:15 p.m.4 views

CVE-2025-13352

Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...

3CVSS6.9AI score
Exploits0References1
Snyk
Snyk
added 2025/12/17 12:44 p.m.4 views

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input due to the improper validation of plugin bot identity. An attacker can cause users to add reactions to arbitrary GitHub objects by sending crafted notification posts. Remediation Upgrade...

3CVSS6.9AI score0.00145EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/17 12:11 p.m.28 views

CVE-2025-13352 Mattermost GitHub Plugin allows unauthorized GitHub reactions via reaction forwarding hijacking

Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...

3CVSS0.00145EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/17 8:7 a.m.4 views

CVE-2025-65590

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Blog posts functionality in the Content Management area...

5.4CVSS6.3AI score0.00193EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.6 views

PT-2025-51970

Name of the Vulnerable Software and Affected Versions Serendipity version 2.4.0 Description An authenticated user can inject malicious scripts through blog entry creation. An attacker can create blog entries with JavaScript payloads that execute when other users view the compromised post. This is...

5.4CVSS5.8AI score0.00205EPSS
Exploits1References9
EUVD
EUVD
added 2025/12/16 9:30 p.m.4 views

EUVD-2025-203838

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Blog posts functionality in the Content Management area...

5.4CVSS5.7AI score0.00193EPSS
Exploits0References4
NVD
NVD
added 2025/12/16 7:15 p.m.4 views

CVE-2025-65590

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Blog posts functionality in the Content Management area...

5.4CVSS0.00193EPSS
Exploits0References3
OSV
OSV
added 2025/12/16 7:15 p.m.4 views

CVE-2025-65590

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Blog posts functionality in the Content Management area...

5.4CVSS6.2AI score
Exploits0References3
Rows per page
Query Builder