Lucene search
K

6 matches found

Cvelist
Cvelist
added yesterday5 views

CVE-2026-57712 WordPress WPZOOM Portfolio plugin <= 1.4.29 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPZOOM WPZOOM Portfolio wpzoom-portfolio allows Reflected XSS.This issue affects WPZOOM Portfolio: from n/a through = 1.4.29...

7.1CVSS0.00251EPSS
Exploits0References1
Patchstack
Patchstack
added 4 days ago4 views

WordPress WPZOOM Portfolio plugin <= 1.4.29 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Thaer Assfour in WordPress Plugin WPZOOM Portfolio versions = 1.4.29...

7.1CVSS6.1AI score0.00251EPSS
Exploits0Affected Software1
NVD
NVD
added 6 days ago7 views

CVE-2026-56669

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to 1.4.29, Elysia uses getAll in form data normalization for multipart/form-data endpoints, causing the amount of work to grow quadratically with the number of...

7.5CVSS0.00358EPSS
Exploits0References4
CVE
CVE
added 6 days ago9 views

CVE-2026-56669

Elysia (a TypeScript framework for request validation, type inference, OpenAPI docs, and client-server communication) contains a vulnerability (CVE-2026-56669) caused by using getAll in form data normalization for multipart/form-data endpoints prior to 1.4.29. This leads to quadratic growth in wo...

7.5CVSS6AI score0.00358EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/03/23 8:53 a.m.8 views

WordPress WowOptin: Next-Gen Popup Maker plugin <= 1.4.29 - Unauthenticated Server-Side Request Forgery via 'link' Parameter in REST API vulnerability

Unauthenticated Server-Side Request Forgery via 'link' Parameter in REST API vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin WowOptin versions = 1.4.29...

7.2CVSS5.8AI score0.00299EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/03/20 10:15 a.m.11 views

CVE-2024-9099

In lunary-ai/lunary version v1.4.29, the GET /projects API endpoint exposes both public and private API keys for all projects to users with minimal permissions, such as Viewers or Prompt Editors. This vulnerability allows unauthorized users to retrieve sensitive credentials, which can be used to...

8.1CVSS6.8AI score0.0055EPSS
Exploits1References2
Rows per page
Query Builder