Lucene search
K

462 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/02 3:36 a.m.4 views

CVE-2026-6378

The Maxi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp-json/maxi-blocks/v1.0/style-card REST API endpoint in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping of the scstyles parameter. This makes it possible...

6.4CVSS6AI score0.00234EPSS
Exploits0References11
NVD
NVD
added 2026/04/21 7:16 a.m.4 views

CVE-2026-6703

The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticat...

4.3CVSS0.0023EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/13 3:25 p.m.9 views

Malicious code in @cash-web/no-hardcoded-font-styles (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de4c59cdf3bb5203f5c7721d9180aa09a481a9dd1a6f6aaaf9ca43db40f07287 The package @cash-web/no-hardcoded-font-styles was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/04/13 3:25 p.m.3 views

MAL-2026-2580 Malicious code in @cash-web/no-hardcoded-font-styles (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de4c59cdf3bb5203f5c7721d9180aa09a481a9dd1a6f6aaaf9ca43db40f07287 The package @cash-web/no-hardcoded-font-styles was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
Cvelist
Cvelist
added 2026/04/07 7:17 p.m.26 views

CVE-2026-39838 ProofreadPage improperly sanitizes multiline styles using Sanitizer::checkCSS

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows XSS Targeting Non-Script Elements. The issue has been remediated on the master branch, and in the release branches for MediaWiki...

6.9CVSS0.00402EPSS
Exploits0References2
CVE
CVE
added 2026/04/07 7:17 p.m.14 views

CVE-2026-39838

CVE-2026-39838 affects the Wikimedia Foundation MediaWiki ProofreadPage extension . The flaw is due to improper neutralization of input during web page generation , enabling cross-site scripting (XSS) targeting Non-Script Elements. The CVE record notes the issue is tied to the ProofreadPage’s han...

6.9CVSS5.8AI score0.00402EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/07 7:17 p.m.3 views

CVE-2026-39838 ProofreadPage improperly sanitizes multiline styles using Sanitizer::checkCSS

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows XSS Targeting Non-Script Elements. The issue has been remediated on the master branch, and in the release branches for MediaWiki...

6.9CVSS5.7AI score0.00402EPSS
Exploits0References2
NVD
NVD
added 2026/04/06 6:16 p.m.8 views

CVE-2026-35046

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, Tandoor Recipes allows authenticated users to inject arbitrary tags into recipe step instructions. The bleach.clean sanitizer explicitly whitelists the tag, causing the backend to...

5.4CVSS0.00173EPSS
Exploits1References2
CISA KEV Catalog
CISA KEV Catalog
added 2026/03/18 12:0 a.m.18 views

Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability

Synacor Zimbra Collaboration Suite ZCS contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading Style Sheets CSS @import directives in email HTML...

7.2CVSS5.6AI score0.12009EPSS
In wildExploits0
ATTACKERKB
ATTACKERKB
added 2026/03/10 5:40 p.m.2 views

CVE-2026-30977

RenderBlocking is a MediaWiki extension that allows interface administrators to specify render-blocking CSS and JavaScript. Prior to 0.1.1, there is Stored XSS in renderblocking-css with Inline Assets mode. $wgRenderBlockingInlineAssets = true and editsitecss user rights are required. This...

2CVSS5.8AI score0.00472EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/04 9:53 p.m.23 views

CVE-2025-68467 Dark Reader gives users the ability to request style sheets from local web servers

Dark Reader is an accessibility browser extension that makes web pages colors dark. The dynamic dark mode feature of the extension works by analyzing the colors of web pages found in CSS style sheet files. In order to analyze cross-origin style sheets stored on websites different from the origina...

3.4CVSS0.00108EPSS
Exploits0References1
OSV
OSV
added 2026/03/03 5:13 a.m.4 views

MAL-2026-1168 Malicious code in @global-dax-ad-platform/dax-styles (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aeeb3492b32dc3cc2ca7fc34a813cc711822c435fe3bdab4e1eb21816d75ee8f The package @global-dax-ad-platform/dax-styles was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/03 5:13 a.m.6 views

Malicious code in @global-dax-ad-platform/dax-styles (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aeeb3492b32dc3cc2ca7fc34a813cc711822c435fe3bdab4e1eb21816d75ee8f The package @global-dax-ad-platform/dax-styles was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
Snyk
Snyk
added 2026/03/03 5:13 a.m.4 views

Malicious Package

Overview @global-dax-ad-platform/dax-styles is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.9AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/11 12:0 a.m.4 views

Google Chrome < 145.0.7632.45 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 145.0.7632.45. It is, therefore, affected by multiple vulnerabilities as referenced in the 202602stable-channel-update-for-desktop10 advisory. - Use after free in Ozone. CVE-2026-2321 - Use after free in CSS...

8.8CVSS6.1AI score0.08272EPSS
Exploits0References23
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/06 2:7 a.m.8 views

Malicious code in ac-dom-styles (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e39cbc9f0e4b0b813dacd1b2dbe7211e456f56b12dc39033aaa4f20064b90e7 The package ac-dom-styles was found to contain malicious code...

5.3AI score
Exploits0
OSV
OSV
added 2026/02/06 2:7 a.m.6 views

MAL-2026-779 Malicious code in ac-dom-styles (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e39cbc9f0e4b0b813dacd1b2dbe7211e456f56b12dc39033aaa4f20064b90e7 The package ac-dom-styles was found to contain malicious code...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/30 12:0 a.m.5 views

Human-Centered Explainability in AI-Enhanced UI Security Interfaces: Designing Trustworthy Copilots for Cybersecurity Analysts

Artificial intelligence AI copilots are increasingly integrated into enterprise cybersecurity platforms to assist analysts in threat detection, triage, and remediation. However, the effectiveness of these systems depends not only on the accuracy of underlying models but also on the degree to whic...

5.4AI score
Exploits0
Fedora
Fedora
added 2026/01/29 12:56 a.m.8 views

[SECURITY] Fedora 43 Update: python-tinycss2-1.5.1-1.fc43

tinycss2 is a modern, low-level CSS parser for Python. tinycss2 is a rewrite of tinycss with a simpler API, based on the more recent CSS Syntax Level 3 specification...

7.5CVSS5.9AI score0.00501EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.4 views

CVE-2025-61676

October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerabilities was identified in October CMS backend configuration forms. A user with the Customize Backend Styles permission could inject malicious HTML/JS into the...

6.1CVSS5.9AI score0.00183EPSS
Exploits0References1
Rows per page
Query Builder