Lucene search
K

880 matches found

vulnersOsv
vulnersOsv
added 2026/03/17 3:5 p.m.8 views

@ckeditor/ckeditor-cloud-services-collaboration (>=23.0.0 <=29.0.0), @ckeditor/ckeditor5-real-time-collaboration (>=29.1.0 <=33.0.0) +2 more potentially affected by CVE-2026-33151 via socket.io-parser (=3.4.1)

socket.io-parser NPM version =3.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on socket.io-parser and may be impacted: - @ckeditor/ckeditor-cloud-services-collaboration =23.0.0, =29.1.0, =29.0.0, =1.5.3, =2.1.0 Source cves: CVE-2026-33151 Source...

8.7CVSS5.8AI score0.00514EPSS
Exploits0
Packet Storm
Packet Storm
added 2026/03/10 12:0 a.m.106 views

📄 Voyager 1.8.0 Arbitrary File Upload

Voyager version 1.8.0 has an issue where an attacker with minimal privileges any role allowed to upload images in a Rich Text Box can upload a polyglot file masquerading as an image while embedding server-side executable code...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/08 7:57 a.m.8 views

CVE-2026-1820

The Media Library Alt Text Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bvmaltscdivupdatealttext' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

6.4CVSS5.9AI score0.00159EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/07 9:30 a.m.6 views

EUVD-2026-10132

The Media Library Alt Text Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bvmaltscdivupdatealttext' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

6.4CVSS5.9AI score0.00159EPSS
Exploits0References3
NVD
NVD
added 2026/03/07 8:16 a.m.5 views

CVE-2026-1820

The Media Library Alt Text Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bvmaltscdivupdatealttext' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

6.4CVSS0.00159EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/07 7:22 a.m.3 views

CVE-2026-1820

The Media Library Alt Text Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bvmaltscdivupdatealttext' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

6.4CVSS5.9AI score0.00159EPSS
Exploits0References3
CVE
CVE
added 2026/03/07 7:22 a.m.14 views

CVE-2026-1820

The CVE CVE-2026-1820 concerns the WordPress plugin Media Library Alt Text Editor, vulnerable to an authenticated Stored Cross-Site Scripting (XSS) via shortcode attributes (notably post_id and bvmalt_sc_div_update_alt_text) in versions up to 1.0.0. The issue arises from insufficient input saniti...

6.4CVSS5.9AI score0.00159EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/07 7:22 a.m.2 views

CVE-2026-1820 Media Library Alt Text Editor <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'post_id' Shortcode Attribute

The Media Library Alt Text Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bvmaltscdivupdatealttext' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

6.4CVSS5.9AI score0.00159EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/07 7:22 a.m.34 views

CVE-2026-1820 Media Library Alt Text Editor <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'post_id' Shortcode Attribute

The Media Library Alt Text Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bvmaltscdivupdatealttext' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

6.4CVSS0.00159EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/03/07 2:6 a.m.8 views

WordPress Media Library Alt Text Editor plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'post_id' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'postid' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Media Library Alt Text Editor versions = 1.0.0...

6.4CVSS5.8AI score0.00159EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.5 views

WordPress plugin Media Library Alt Text Editor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.7AI score0.00159EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2026/03/06 12:0 a.m.6 views

The vulnerability of the Vim text editor arises from the possibility of an operation going beyond the buffer boundaries into memory, allowing an attacker to compromise the integrity of the protected information.

The vulnerability of the Vim text editor is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to compromise the integrity of the protected information...

2.2CVSS6.1AI score0.00142EPSS
Exploits0References7Affected Software2
BDU FSTEC
BDU FSTEC
added 2026/03/06 12:0 a.m.1 views

The vulnerability of the Vim text editor, related to reading beyond the buffer in memory, allows attackers to compromise the accessibility of the protected information.

The vulnerability of the Vim text editor is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to compromise the accessibility of the protected information...

5.5CVSS6.2AI score0.0022EPSS
Exploits0References12Affected Software7
Tenable Nessus
Tenable Nessus
added 2026/03/02 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-28417

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled wi...

7.8CVSS6.3AI score0.01162EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/27 9:54 p.m.7 views

EUVD-2026-9085

Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the scp:// protocol handler, an attacker can execute arbitrary shell command...

4.4CVSS6.1AI score0.01162EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/12 7:33 a.m.7 views

CVE-2024-50620

Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and document manage components in CIPPlanner CIPAce before 9.17. An authorized user can upload executable files when inserting images in the rich text editor, and upload executable files when uploading...

8.8CVSS5.5AI score0.00289EPSS
Exploits0References1
OSV
OSV
added 2026/02/11 9:16 p.m.8 views

CVE-2024-50620

Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and document manage components in CIPPlanner CIPAce before 9.17. An authorized user can upload executable files when inserting images in the rich text editor, and upload executable files when uploading...

8.8CVSS5.8AI score0.00289EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.10 views

CIPPlanner CIPAce 安全漏洞

CIPPlanner CIPAce is a business process automation and application development platform provided by the American company CIPPlanner. Versions of CIPPlanner CIPAce prior to version 9.17 contained security vulnerabilities. These vulnerabilities stemmed from the rich text editor and document...

8.8CVSS6AI score0.00289EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/11 12:0 a.m.25 views

CVE-2024-50620

Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and document manage components in CIPPlanner CIPAce before 9.17. An authorized user can upload executable files when inserting images in the rich text editor, and upload executable files when uploading...

0.00289EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.12 views

PT-2026-7656

Name of the Vulnerable Software and Affected Versions CIPPlanner CIPAce versions prior to 9.17 Description The software contains flaws related to unrestricted file uploads with dangerous file types in the rich text editor and document management components. A user with authorization can upload...

8.8CVSS5.5AI score0.00289EPSS
Exploits0References5
Rows per page
Query Builder