Lucene search
K

37648 matches found

Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-6740 Nexter Blocks <= 4.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'commentIcon' Block Attribute

The Nexter Blocks – Gutenberg Blocks, Page Builder & AI Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'commentIcon' parameter in all versions up to, and including, 4.7.4 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS0.00156EPSS
Exploits0References2
NVD
NVD
added 5 days ago12 views

CVE-2026-6818

The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'specialrequests' parameter in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS0.00236EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42168

The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'heateormastodonshare' parameter in all versions up to, and including, 7.14.5 due to insufficient input sanitization and output escaping. This...

6.1CVSS6.1AI score0.00204EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-56408

Name of the Vulnerable Software and Affected Versions VikBooking Hotel Booking Engine & PMS versions prior to 1.8.9 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to perform Stored Cross-Site Scripting XSS, a technique where malicious scripts are...

7.2CVSS6.2AI score0.00229EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 5 days ago12 views

PT-2026-56310

Name of the Vulnerable Software and Affected Versions Widget Logic Visual versions prior to 1.53 Description Authenticated attackers with subscriber-level access and above can achieve remote code execution on the server. The issue occurs during the widget-logic-update-conditional-tags AJAX action...

8.8CVSS6.6AI score0.00516EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-56589

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 15.7 through 18.11.6 GitLab CE/EE versions 19.0 through 19.0.3 GitLab CE/EE versions 19.1 through 19.1.1 Description An issue exists where improper sanitization of user-supplied input could allow an authenticated user to...

7.3CVSS6.3AI score0.00243EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-56662

Name of the Vulnerable Software and Affected Versions Drupal Siteimprove Analytics versions 0.0.0 through 2.0.1 Description Improper neutralization of input during web page generation allows Cross-Site Scripting XSS. The module fails to sufficiently sanitize the Siteimprove Analytics identificati...

6.1AI score0.00186EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago17 views

PT-2026-56664

Name of the Vulnerable Software and Affected Versions Drupal UI Patterns SDC in Drupal UI versions 2.0.0 through 2.0.17 Description An issue exists where the module does not sufficiently sanitize markup passed to components in certain scenarios, leading to Stored Cross-site Scripting XSS...

6.1AI score0.00254EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-56615

Name of the Vulnerable Software and Affected Versions GitLab EE versions 13.11 through 18.11.6 GitLab EE versions 19.0 through 19.0.3 GitLab EE versions 19.1 through 19.1.1 Description An issue exists where improper sanitization of user-supplied input could allow an authenticated user with...

8.7CVSS6AI score0.00282EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-55647

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, dashboard text components render stored component content with Vue v-html without server-side HTML sanitization, allowing an authenticated user who can edit dashboard component data to inject HTML with executable...

5.1CVSS6AI score0.00269EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 6 days ago5 views

PT-2026-56257

Name of the Vulnerable Software and Affected Versions LocalAI affected versions not specified Description An unauthenticated server-side request forgery SSRF exists in the 'POST /models/apply' endpoint. This occurs because the endpoint passes unsanitized gallery URL fields to the...

9.2CVSS6.1AI score0.0036EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added last week7 views

kernel: fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath

A flaw was found in the Linux kernel's CIFS Common Internet File System client. When the cifssanitizeprepath function processes specially crafted input, such as an empty string or a string containing only delimiters, it can attempt to read data beyond its allocated memory buffer. This out-of-boun...

8.8CVSS6.7AI score0.00352EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added last week6 views

CVE-2026-50557

A flaw was found in Angular's @angular/compiler and @angular/core packages. Namespaced script elements were not properly identified by the template preparser, and security context schema mappings did not consistently handle attributes within namespaced elements. An attacker who can inject templat...

6.1CVSS5.7AI score0.00206EPSS
Exploits0References6
OSV
OSV
added 2026/07/04 6:38 a.m.7 views

MGASA-2026-0234 Updated yt-dlp packages fix security vulnerabilities

CVE-2026-50019 If curl is used as an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. CVE-2026-50023 A vulnerability exists in yt-dlp that allows a remote attacker to write...

9.6CVSS6.5AI score0.00555EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.12 views

PT-2026-55745

Name of the Vulnerable Software and Affected Versions yt-dlp versions prior to 2026.07.04 Description Improper sanitization of output when using the --write-link option allows for downstream command injection. This occurs because shortcut file data is not properly validated and sanitized before...

7.5CVSS6AI score0.00554EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/07/03 7:53 a.m.6 views

CVE-2026-4804

The Zakra theme for WordPress is vulnerable to Stored Cross-Site Scripting via post meta values in all versions up to, and including, 4.2.0. This is due to the theme registering three post meta fields zakramenuitemcolor, zakramenuitemhovercolor, and zakramenuitemactivecolor with 'showinrest' = tr...

6.4CVSS6.1AI score0.00187EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/07/02 9:31 p.m.7 views

CVE-2026-54265

A flaw was found in Angular's @angular/compiler package. When a native DOM property requiring sanitization is bound using two-way binding syntax, the template compiler fails to apply the appropriate sanitizer. An attacker who controls the bound value can bypass Angular's built-in sanitization,...

6.1CVSS5.5AI score0.00195EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/02 7:25 p.m.15 views

EUVD-2026-33256

Mautic has SQL Injection in API Contact Filtering...

7.1CVSS5.8AI score0.00224EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 2:13 p.m.3 views

PYSEC-2026-766 Zope XSS Vulnerability

Cross-site scripting XSS vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform...

6.1CVSS6.1AI score0.01351EPSS
Exploits0References13
OSV
OSV
added 2026/07/02 2:13 p.m.3 views

PYSEC-2026-688 JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form>

Impact Untrusted notebook can execute code on load. This is a remote code execution, but requires user action to open a notebook. Patches Patched in the following versions: 3.1.4, 3.0.17, 2.3.2, 2.2.10, 1.2.21. References OWASP Page on Restricting Form Submissions For more information If you have...

7.4CVSS6.3AI score0.02638EPSS
Exploits1References7
Rows per page
Query Builder