Lucene search
K

13 matches found

Cvelist
Cvelist
added 2026/06/05 6:46 p.m.40 views

CVE-2026-46496 HAX CMS: Stored XSS via '<video-player>' component allows arbitrary JavaScript execution and token theft

HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting XSS vulnerability exists in versions prior to 26.0.0 due to improper sanitization of the component. The component allows javascript: URIs in the source attribute, which are executed when the page is...

9.3CVSS0.0023EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

3.3CVSS5.8AI score0.00123EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.12 views

WWBN AVideo 代码问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained code vulnerabilities. These vulnerabilities stemmed from the Live re-stream log callback process accepting URLs controlled by attackers, which could lead to...

6.5CVSS5.9AI score0.0021EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.9 views

WWBN AVideo 跨站请求伪造漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of CSRF token validation for the objects/pluginSwitch.json.php endpoint, whic...

6.5CVSS5.7AI score0.00201EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.17 views

WWBN AVideo 跨站请求伪造漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of CSRF token verification at the administrator plugin configuration endpoint...

8.1CVSS5.7AI score0.00233EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.8 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained security vulnerabilities. These vulnerabilities stemmed from the getapivideopasswordiscorrect API endpoint, which allowed any unverified user to validate...

5.3CVSS5.8AI score0.0032EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/03/24 12:0 a.m.4 views

ConnectWise ScreenConnect < 26.1 Authentication Bypass

According to its version, the ConnectWise ScreenConnect remote access software installed on the remote host is prior to 26.1. It is, therefore, affected by an authentication bypass vulnerability: - A condition in ScreenConnect may allow an actor with access to server-level cryptographic material...

9CVSS6.1AI score0.00362EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.10 views

WWBN AVideo 代码问题漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained code vulnerabilities. These vulnerabilities stemmed from a lack of extension file list checks in the ImageGallery::saveFile method, which could lead to remot...

8.8CVSS6.4AI score0.00639EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.11 views

WWBN AVideo 跨站脚本漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the custom ParsedownSafeWithLinks class disabling the safe mode, which could lead to...

5.4CVSS5.7AI score0.00218EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/22 5:0 p.m.2 views

CVE-2026-33295 AVideo Vulnerable to Stored XSS via Unescaped Video Title in CDN downloadButtons.php

WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains a stored cross-site scripting vulnerability in the CDN plugin's download buttons component. The cleantitle field of a video record is interpolated directly into a JavaScript string literal without any...

8.2CVSS5.7AI score0.00216EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.4 views

PT-2026-6303

Name of the Vulnerable Software and Affected Versions Group-Office versions prior to 6.8.150 Group-Office versions prior to 25.0.82 Group-Office versions prior to 26.0.5 Description An authenticated user with System Administrator privileges can trigger a server-side request forgery SSRF through t...

8.2CVSS5.5AI score0.00396EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/11/04 12:0 a.m.4 views

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS prior to version 26 and Apple iPadOS prior to version 26, which arises from t...

5.5CVSS6.3AI score0.00142EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/15 12:0 a.m.4 views

Apple多款产品 安全漏洞

Apple iOS is an operating system developed for mobile devices, Apple tvOS is a smart TV operating system, and Apple watchOS is a smart watch operating system. A security vulnerability exists in several Apple products that stems from a UDP server socket that may be incorrectly bound to all...

9.8CVSS6.1AI score0.00864EPSS
Exploits0References16
Rows per page
Query Builder