107423 matches found
EUVD-2026-33913
D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate full NTLM autentication or SMB connection to attacker infrastructure and to conduct SSRF Server Side...
CVE-2026-3514
creationtimestamp| type| source ---|---|--- 2026-06-02 09:33:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mncc22cyky27 2026-06-04 09:01:06+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnhb6gfwns2p...
CVE-2026-9723
The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing or incorrect nonce validation on the googlePlusOneAdmin function. This makes it possible for unauthenticated attackers to modify the...
CVE-2026-8422
creationtimestamp| type| source ---|---|--- 2026-06-02 09:03:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mncaerqbej2j...
CVE-2026-34907
CVE-2026-34907 describes a Reflected Cross‑Site Scripting (XSS) vulnerability in Wirtualna Uczelnia caused by insecure handling of the locale parameter across multiple endpoints. An attacker can craft a URL with JavaScript in the locale parameter; when a victim opens the link, the injected script...
CERTFR-2026-ACT-024
creationtimestamp| type| source ---|---|--- 2026-06-02 08:18:23+00:00| seen| https://bsky.app/profile/infosecfr.skyfleet.blue/post/3mnc5u7bels2o 2026-06-08 13:44:39+00:00| seen| https://bsky.app/profile/infosecfr.skyfleet.blue/post/3mnrsv5au222s...
CVE-2026-9730
The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 1.0 due to missing/incorrect nonce validation on gmz_comment_settings_save, allowing unauthenticated attackers to modify the plugin’s comment-display setting via a forged reque...
CVE-2026-9730 Remove NoFollow Commenter URL <= 1.0 - Cross-Site Request Forgery to Settings Update
The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the gmzcommentsettingssave function. This makes it possible for unauthenticated attackers to modify...
CVE-2026-9723 Google Plus One Bottom <= 0.0.2 - Cross-Site Request Forgery to Plugin Settings Update via Settings Page
The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing or incorrect nonce validation on the googlePlusOneAdmin function. This makes it possible for unauthenticated attackers to modify the...
CVE-2026-9723 Google Plus One Bottom <= 0.0.2 - Cross-Site Request Forgery to Plugin Settings Update via Settings Page
The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing or incorrect nonce validation on the googlePlusOneAdmin function. This makes it possible for unauthenticated attackers to modify the...
EUVD-2026-33885
The ZeM STL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the zemstl shortcode in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'url', 'color', and 'bgcolor'...
CVE-2026-10550
creationtimestamp| type| source ---|---|--- 2026-06-02 05:29:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnbugo7d5i22...
CVE-2026-10559
creationtimestamp| type| source ---|---|--- 2026-06-02 04:57:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnbsn652oo2v...
CVE-2026-24752
creationtimestamp| type| source ---|---|--- 2026-06-02 01:04:26+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnbfiigx7k2q...
CVE-2026-25259
creationtimestamp| type| source ---|---|--- 2026-06-02 00:56:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnbf6nbyf72l...
CVE-2026-24753
creationtimestamp| type| source ---|---|--- 2026-06-02 00:49:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnber3hl3l2w...
PT-2026-45682
Cross-Site Scripting XSS in GeniexWebView component in Transsion AI Assistant Lifestyle application com.transsion.aiassistantlifestyle all versions on Android allows remote attacker to execute arbitrary JavaScript in the WebView context via crafted web action data URL parameter...
PT-2026-45723
Name of the Vulnerable Software and Affected Versions Wirtualna Uczelnia versions prior to wu2016.437.295020260327 105545 Description Server-Side Template Injection SSTI occurs when an unauthenticated attacker injects arbitrary template expressions into the server, which are then executed. This...
PT-2026-45737
D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate full NTLM autentication or SMB connection to attacker infrastructure and to conduct SSRF Server Side...
PT-2026-45866
Name of the Vulnerable Software and Affected Versions ahujasid blender-mcp versions prior to 5b37be25242e73dc4cf1328974d30458b9e5d67e Description An injection issue exists in the Open function within the src/blender mcp/server.py file. This occurs when the input image url argument is manipulated,...