Lucene search
K

2839 matches found

Patchstack
Patchstack
added 2026/05/25 7:32 a.m.18 views

WordPress CBX 5 Star Rating & Review plugin <= 1.0.7 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Julian Chibuike Nwadinobi Wackydawg - streamio in WordPress Plugin CBX 5 Star Rating & Review versions = 1.0.7...

6.1CVSS5.8AI score0.00264EPSS
Exploits0References1Affected Software1
OPENSUSE Linux
OPENSUSE Linux
added 2026/05/25 12:0 a.m.13 views

rsync-3.4.3-1.1 on GA media (moderate)

rsync-3.4.3-1.1 on GA media Announcement ID: openSUSE-SU-2026:10857-1 Rating: moderate Cross-References: CVE-2026-29518 CVE-2026-43617 CVE-2026-43618 CVE-2026-43619 CVE-2026-43620 CVE-2026-45232 CVSS scores: CVE-2026-29518 SUSE : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-29518 SUSE ...

8.1CVSS5.8AI score0.0078EPSS
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2026/05/25 12:0 a.m.12 views

Security update for gnutls (important)

openSUSE security update: security update for gnutls ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20778-1 Rating: important References: bsc1263704 bsc1263705 bsc1263706 bsc1263707 bsc1263708 bsc1263709 bsc1263710 bsc1263711 bsc1263712 bsc1263713...

8.8CVSS5.8AI score0.01335EPSS
Exploits2References13
NVD
NVD
added 2026/05/22 5:16 p.m.18 views

CVE-2026-28445

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the RatingButton component in the embed package renders the user-controlled customIcon.svg field directly via Solid's innerHTML directive without any sanitization, even though DOMPurify is already a dependency and is used elsewhere ...

8.7CVSS0.00257EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/22 4:12 p.m.6 views

CVE-2026-28445

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the RatingButton component in the embed package renders the user-controlled customIcon.svg field directly via Solid's innerHTML directive without any sanitization, even though DOMPurify is already a dependency and is used elsewhere ...

8.7CVSS6AI score0.00257EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/22 4:12 p.m.7 views

CVE-2026-28445 Typebot: Stored XSS via Rating Block Custom Icon Bypasses isUnsafe Sandbox in Builder Preview

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the RatingButton component in the embed package renders the user-controlled customIcon.svg field directly via Solid's innerHTML directive without any sanitization, even though DOMPurify is already a dependency and is used elsewhere ...

8.7CVSS6AI score0.00257EPSS
Exploits0References3
CVE
CVE
added 2026/05/22 4:12 p.m.29 views

CVE-2026-28445

CVE-2026-28445 affects Typebot up to version 3.15.2, where the RatingButton embed component renders user-controlled customIcon.svg via Solid innerHTML without sanitization, despite DOMPurify being present elsewhere. Because rating blocks aren’t flagged as unsafe by the import sanitizer and the bu...

8.7CVSS6AI score0.00257EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/22 3:39 a.m.11 views

CVE-2026-6864 CBX 5 Star Rating & Review <= 1.0.7 - Reflected Cross-Site Scripting via 'page' Parameter

The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6AI score0.00264EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/22 3:39 a.m.10 views

CVE-2026-6864

The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6AI score0.00264EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/22 3:39 a.m.12 views

EUVD-2026-31409

The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6AI score0.00264EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/22 12:31 a.m.15 views

EUVD-2026-31349

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/getrating' endpoint confirms existence and returns rating score for any message by ID. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with...

6.3CVSS5.8AI score0.00195EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

WordPress plugin CBX 5 Star Rating & Review 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.1CVSS5.8AI score0.00264EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.10 views

Typebot 安全漏洞

Typebot is an open-source chat bot builder developed by Baptiste Arnaud. Versions of Typebot 3.15.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the RatingButton component in the embed package using Solid’sinnerHTML directive to render the customIcon.svg fiel...

8.7CVSS6AI score0.00257EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.11 views

PT-2026-42798

Name of the Vulnerable Software and Affected Versions Typebot versions prior to 3.16.0 Description The RatingButton component in the embed package renders the user-controlled customIcon.svg field directly via Solid's innerHTML directive without sanitization. Because rating blocks are not flagged ...

8.7CVSS6AI score0.00257EPSS
Exploits0References8
NVD
NVD
added 2026/05/21 10:16 p.m.15 views

CVE-2026-8239

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/getrating' endpoint confirms existence and returns rating score for any message by ID. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with...

6.3CVSS0.00195EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/21 9:0 p.m.6 views

CVE-2026-8239 Concrete CMS 9.5.0 and below is vulnerable to IDOR in '/ccm/frontend/conversations/get_rating'

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/getrating' endpoint confirms existence and returns rating score for any message by ID. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with...

6.3CVSS5.8AI score0.00195EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/21 9:0 p.m.6 views

CVE-2026-8239

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/getrating' endpoint confirms existence and returns rating score for any message by ID. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with...

6.3CVSS5.8AI score0.00195EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/21 9:0 p.m.30 views

CVE-2026-8239 Concrete CMS 9.5.0 and below is vulnerable to IDOR in '/ccm/frontend/conversations/get_rating'

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/getrating' endpoint confirms existence and returns rating score for any message by ID. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with...

6.3CVSS0.00195EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 9:0 p.m.23 views

CVE-2026-8239

Concrete CMS

6.3CVSS5.8AI score0.00195EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.13 views

PT-2026-42561

Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description An Insecure Direct Object Reference IDOR exists where the '/ccm/frontend/conversations/get rating' endpoint confirms the existence of and returns the rating score for any message by ID. IDOR is ...

6.3CVSS5.8AI score0.00195EPSS
Exploits0References3
Rows per page
Query Builder