Lucene search
K

20 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/10 10:11 a.m.14 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is affected by multiple vulnerabilities when using when using Web Server Plug-ins.

Summary The security issue described in CVE-2026-8633, CVE-2026-8620 has been identified in WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

9.8CVSS5.3AI score0.00847EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/05 8:9 p.m.57 views

EUVD-2026-32920

TinyMCE Cross-Site Scripting XSS vulnerability using sanitization bypass through nested SVGs...

8.7CVSS5.4AI score0.00191EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/05 8:9 p.m.24 views

TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs

Impact TinyMCE 6.8.x contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. Patches This issue affects TinyMCE 6.8.x-7.0.x. The vulnerability is fix...

8.7CVSS5.8AI score0.00191EPSS
Exploits0References3Affected Software2
Vulnrichment
Vulnrichment
added 2026/05/28 3:18 p.m.9 views

CVE-2026-47760 TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs

TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. This...

8.7CVSS6AI score0.00191EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.20 views

PT-2026-44389

Name of the Vulnerable Software and Affected Versions TinyMCE versions 6.8.0 through 7.0.x Description An XSS Cross-Site Scripting issue exists due to improper SVG namespace scope handling within the sanitizer. An attacker can use a crafted payload with nested elements to bypass attribute...

8.7CVSS6AI score0.00191EPSS
Exploits0References5
NVD
NVD
added 2026/04/07 6:16 p.m.3 views

CVE-2026-39343

ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability exists in the EditEventTypes.php file, which is only accessible to administrators. The ENtyid POST parameter is not sanitized before being used in a SQL query, allowing an administrator to execute...

7.2CVSS0.00254EPSS
Exploits0References1
NVD
NVD
added 2026/04/07 6:16 p.m.6 views

CVE-2026-39334

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsIndividual.php in ChurchCRM 7.0.5. Authenticated users without any specific privileges can inject arbitrary SQL statements through the type array parameter via t...

8.8CVSS0.00253EPSS
Exploits0References1
NVD
NVD
added 2026/04/07 6:16 p.m.8 views

CVE-2026-39328

ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in ChurchCRM's person profile editing functionality. Non-administrative users who have the EditSelf permission can inject malicious JavaScript into their Facebook, LinkedIn, an...

8.9CVSS0.00203EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/07 6:5 p.m.5 views

CVE-2026-39319 ChurchCRM has a Second Order SQLI via FundRaiserEditor.php

ChurchCRM is an open-source church management system. Prior to 7.1.0, a second order SQL injection vulnerability was found in the endpoint /FundRaiserEditor.php in ChurchCRM. A user has to be authenticated but doesn't need any privileges. These users can inject arbitrary SQL statements through th...

8.8CVSS6AI score0.00244EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/07 6:2 p.m.3 views

CVE-2026-39342 ChurchCRM has a SQL injection searchwhat parameter via QueryView.php

ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via QueryView.php with the QueryID=15 is vulnerable to a SQL injection. The authenticated user requires access to Data/Reports Query Menu and access to the "Advanced Search" query. This vulnerability is...

9.4CVSS5.9AI score0.00309EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/07 6:0 p.m.8 views

EUVD-2026-19841

ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability exists in PropertyTypeEditor.php, part of the administration functionality for managing property type categories People → Person Properties / Family Properties. The vulnerability was introduced whe...

8.1CVSS5.9AI score0.00226EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/07 5:58 p.m.9 views

EUVD-2026-19839

ChurchCRM is an open-source church management system. Prior to 7.1.0, a critical authentication bypass vulnerability in ChurchCRM's API middleware ChurchCRM/Slim/Middleware/AuthMiddleware.php allows unauthenticated attackers to access all protected API endpoints by including "api/public" anywhere...

9.1CVSS5.9AI score0.01351EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/07 5:34 p.m.4 views

EUVD-2026-19825

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /PropertyAssign.php in ChurchCRM. Authenticated users with the role Manage Groups & Roles ManageGroups and Edit Records isEditRecordsEnabled can inject arbitrary SQL...

8.8CVSS6AI score0.00244EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/07 3:49 p.m.15 views

CVE-2026-35567

...

0.00047EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/02/02 3:10 p.m.4 views

CVE-2025-15395 IBM Jazz Foundation access control violation

IBM Jazz Foundation 7.0.3 through 7.0.3 iFix019 and 7.1.0 through 7.1.0 iFix005 is vulnerable to access control violations that allows the users to view or access/perform actions beyond their expected capability...

4.3CVSS5.3AI score0.00176EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.4 views

CVE-2026-22784

Lychee is a free, open-source photo-management tool. Prior to 7.1.0, an authorization vulnerability exists in Lychee's album password unlock functionality that allows users to gain possibly unauthorized access to other users' password-protected albums. When a user unlocks a password-protected...

4.3CVSS7AI score0.00233EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:26 a.m.5 views

CVE-2023-4945

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in versions up to, and including, 7.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

6.4CVSS5.1AI score0.00491EPSS
Exploits0References1
OSV
OSV
added 2025/07/15 8:15 p.m.4 views

UBUNTU-CVE-2025-53028

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle ...

8.2CVSS5.8AI score0.00233EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2025/03/19 12:0 a.m.7 views

VulnCheck KEV: CVE-2024-3806

The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the 'portoajaxposts' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in...

9.8CVSS6.2AI score0.02687EPSS
Exploits0References1
OSV
OSV
added 2020/03/31 3:15 p.m.2 views

CVE-2020-4238

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 175411...

8.8CVSS6AI score0.00518EPSS
Exploits0References2
Rows per page
Query Builder