Lucene search
K

8276 matches found

RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.13 views

CVE-2026-8677

The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Widget HTML Tag Settings in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS5.6AI score0.00243EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 7:50 a.m.20 views

CVE-2026-8613

The CVE-2026-8613 entry concerns the WordPress plugin aThemes Addons for Elementor (

6.4CVSS5.7AI score0.002EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/10 7:50 a.m.39 views

CVE-2026-8613 aThemes Addons for Elementor <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag' Widget Setting

The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'titletag' Widget Setting in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.002EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48470

A stored cross-site scripting vulnerability existed in MISP BSimVis tag rendering code. Several client-side rendering paths interpolated tag names, collection names, entity identifiers, cluster names, and tag metadata directly into HTML, HTML attributes, inline JavaScript event handlers, and CSS...

6.9CVSS5.5AI score0.00277EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/06/10 12:0 a.m.5 views

CLDAP Analyzer with ASN.1 BER Encoding and Basic TLV Response Parser

This Python script implements a CLDAP Connectionless LDAP analyzer that builds and sends LDAP CLDAP discovery requests and parses responses using ASN.1 BER encoding and a basic TLV parser. It constructs a structured LDAP search request including DnsDomain, User, and NtVer filters, sends it over U...

5.5AI score
Exploits0
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

Metrics::Any::Adapter::SignalFx 注入漏洞

Metrics::Any::Adapter::SignalFx is a Perl metric collection adapter module developed by PEVANS’ personal developers. Versions of Metrics::Any::Adapter::SignalFx prior to version 0.04 contained an injection vulnerability. This vulnerability occurred because the labels function did not check for li...

6.5CVSS5.3AI score0.00264EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.17 views

PT-2026-48521

Name of the Vulnerable Software and Affected Versions Metrics::Any::Adapter::SignalFx versions prior to 0.04 Description The software does not protect against metric injections. The statsd protocol and its extensions, such as dogstatsd, allow multiple metrics separated by newlines to be sent with...

6.5CVSS5.8AI score0.00264EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.12 views

PT-2026-48392

The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'title tag' Widget Setting in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.002EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.17 views

PT-2026-48399

An HTML injection vulnerability in the "fetch links" email sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting XSS in emails clients that render HTML emails. This issue affects Canarytokens: from Docker tag sha-c0f3cf142 before sha-08c3f93d, from G...

5.1CVSS5.5AI score0.00258EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 10:49 p.m.31 views

CVE-2026-46433

CVE-2026-46433 affects lldpd (LLDP implementation). Prior to version 1.0.22, lldpd_decode() incorrectly shifts frame payload when removing 802.1Q VLAN tags, using a length calculation that causes a 4-byte heap OOB read if the frame size equals the interface MTU. This vulnerability is fixed in ver...

6.5CVSS5.5AI score0.00225EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/06/09 6:33 p.m.11 views

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value when processing cipher and tag-length fields of CMS AuthEnvelopedData containers. An attacker can bypass message integrity via replay attack. A non AEAD cipher is permitted in...

9.1CVSS5.3AI score0.00237EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:30 p.m.11 views

EUVD-2026-35478

Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...

5.4AI score0.00237EPSS
Exploits0References7
NVD
NVD
added 2026/06/09 5:17 p.m.9 views

CVE-2026-42567

Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time to test in . This issue has been patched in version 5.55.7...

7.5CVSS0.00421EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 5:17 p.m.27 views

CVE-2026-34182

Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...

9.1CVSS0.00237EPSS
Exploits0References6
OSV
OSV
added 2026/06/09 5:17 p.m.7 views

ALPINE-CVE-2026-34182

Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...

9.1CVSS5.4AI score0.00237EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:22 p.m.8 views

CVE-2026-42567 Svelte: ReDoS in `<svelte:element>` Tag Validation

Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time to test in . This issue has been patched in version 5.55.7...

5.9CVSS5.4AI score0.00421EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 4:22 p.m.21 views

CVE-2026-42567

CVE-2026-42567 affects Svelte runtimes from 5.51.5 up to 5.55.6, where an internal regex used during svelte:element tag validation can cause exponential-time processing (ReDoS) on certain tag names. The issue is triggered during the validation of , leading to significant CPU usage and potential...

7.5CVSS5.3AI score0.00421EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/09 4:22 p.m.26 views

CVE-2026-42567 Svelte: ReDoS in `<svelte:element>` Tag Validation

Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time to test in . This issue has been patched in version 5.55.7...

5.9CVSS0.00421EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 4:3 p.m.13 views

CVE-2026-45446 Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's...

5.7AI score0.0021EPSS
Exploits0References6
CVE
CVE
added 2026/06/09 4:3 p.m.70 views

CVE-2026-45446

CVE-2026-45446 concerns OpenSSL implementations of AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452). The root cause is that the expected authentication tag is computed only when the decryption function processes non-empty data; if a caller provides AAD and then invokes DecryptFinal without any ciphe...

4.8CVSS5.7AI score0.0021EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder