Lucene search
K

1489 matches found

Vulnrichment
Vulnrichment
added 2026/05/19 1:22 p.m.14 views

CVE-2025-40903 HTML injection in Schedule Restore Archive in Guardian/CMC before 26.1.0

A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim views the affected...

5.9CVSS5.8AI score0.00194EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 1:22 p.m.23 views

CVE-2025-40903

Summary (technical details from sources): CVE-2025-40903 affects Guardian/CMC prior to version 26.1.0, in the Schedule Restore Archive function. A stored HTML injection flaw arises from improper validation of an input parameter in a restore schedule defined by an authenticated administrator. When...

5.9CVSS5.8AI score0.00194EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2026/05/19 1:22 p.m.40 views

CVE-2025-40903 HTML injection in Schedule Restore Archive in Guardian/CMC before 26.1.0

A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim views the affected...

5.9CVSS0.00194EPSS
Exploits0References1
NOZOMI
NOZOMI
added 2026/05/19 12:0 a.m.23 views

HTML injection in Schedule Restore Archive in Guardian/CMC before 26.1.0

Summary A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. Impact An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim view...

5.9CVSS5.8AI score0.00194EPSS
Exploits0Affected Software2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.14 views

PT-2026-41890

A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim views the affected...

5.9CVSS5.8AI score0.00194EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 10:24 p.m.40 views

CVE-2026-43680

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operating system commands on the underlying host. This issue is fixed in FileMaker Cloud 2.22.0.5...

0.00461EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 10:24 p.m.7 views

CVE-2026-43680

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operating system commands on the underlying host. This issue is fixed in FileMaker Cloud 2.22.0.5...

6.1AI score0.00461EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 10:24 p.m.20 views

CVE-2026-43680

CVE-2026-43680 describes a remote code execution in Claris FileMaker Cloud where an Admin Console user could bypass a front-end restriction on OS Script schedule types and run arbitrary OS commands on the host. Documented impact suggests total compromise with HIGH confidentiality, integrity, and ...

7.2CVSS6.1AI score0.00461EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/11 10:22 p.m.13 views

CVE-2026-43878

WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/Meet/iframe.php echoes the attacker-controlled user and pass query parameters unescaped into a JavaScript double-quoted string literal inside a block. An attacker who sends a victim to a crafted URL can bre...

6.1CVSS0.00225EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/11 8:35 p.m.9 views

CVE-2026-43878 WWBN AVideo: Reflected XSS in plugin/Meet/iframe.php via Unescaped `user`/`pass` Parameters Reflected into JavaScript String Literal

WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/Meet/iframe.php echoes the attacker-controlled user and pass query parameters unescaped into a JavaScript double-quoted string literal inside a block. An attacker who sends a victim to a crafted URL can bre...

6.1CVSS6AI score0.00225EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/08 12:31 a.m.15 views

EUVD-2026-28458

Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that allows unauthenticated attackers to retrieve the application's secret cron key. Attackers can access the cron controller without authentication and retrieve the exposed secret key from the response,...

6.9CVSS5.9AI score0.00418EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/07 9:13 p.m.9 views

CVE-2026-41928

Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that allows unauthenticated attackers to retrieve the application's secret cron key. Attackers can access the cron controller without authentication and retrieve the exposed secret key from the response,...

6.9CVSS5.9AI score0.00418EPSS
Exploits0References3
CVE
CVE
added 2026/05/07 9:13 p.m.26 views

CVE-2026-41928

CVE-2026-41928 affects Vvveb before 1.0.8.2. Affected: cron controller component which exposes an information disclosure vulnerability. Root cause: unauthenticated access allows retrieval of the application’s secret cron key from the cron controller response, enabling potential misuse to trigger ...

6.9CVSS5.9AI score0.00418EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/07 10:11 a.m.15 views

WordPress Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin <= 1.6.10.6 - Unauthenticated Arbitrary Appointment View, Modification and Deletion vulnerability

Unauthenticated Arbitrary Appointment View, Modification and Deletion vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Simply Schedule Appointments versions = 1.6.10.6...

6.5CVSS5.8AI score0.00492EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/07 4:16 a.m.16 views

CVE-2026-6214

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listenforsavingexportschedule function in library/class-export.php failing to perform a capability check before saving the scheduled export configuration,...

6.5CVSS0.00438EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.24 views

PT-2026-38585

Name of the Vulnerable Software and Affected Versions Vvveb versions prior to 1.0.8.2 Description An information disclosure issue exists in the cron controller that allows unauthenticated attackers to retrieve the application's secret cron key. By accessing the cron controller without...

6.9CVSS5.9AI score0.00418EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

WordPress plugin Forminator Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.8AI score0.00438EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/06 2:23 p.m.15 views

WordPress All-in-One WP Migration Unlimited Extension plugin <= 2.83 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Backup Schedule Creation and Backup File Download vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Backup Schedule Creation and Backup File Download vulnerability discovered by Sélim Lanouar whattheslime in WordPress Plugin All-in-One WP Migration Unlimited Extension versions = 2.83...

6.5CVSS5.8AI score0.00266EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/06 12:30 p.m.6 views

EUVD-2026-27725

In the Linux kernel, the following vulnerability has been resolved: udplite: Fix null-ptr-deref in udpenqueuescheduleskb. syzbot reported null-ptr-deref of udpsksk-udpprodqueue. 0 Since the cited commit, udplibinitsock can fail, as can udpinitsock and udpv6initsock. Let's handle the error in...

5.8AI score0.00451EPSS
Exploits0References4
CVE
CVE
added 2026/05/06 11:27 a.m.14 views

CVE-2026-43164

CVE-2026-43164 affects the Linux kernel UDP-Lite implementation. The issue is a null-pointer dereference in __udp_enqueue_schedule_skb() triggered during UDP-Lite socket initialization, as reported by syzbot. Post-commit changes allow udp_lib_init_sock(), udp_init_sock(), and udpv6_init_sock() to...

7.5CVSS5.8AI score0.00451EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder