Lucene search
K

9 matches found

CVE
CVE
added 3 days ago19 views

CVE-2026-12154

The CVE concerns the WordPress plugin Reviews Widgets for Google, Yelp & TripAdvisor (fb-reviews-widget)

6.4CVSS6AI score0.00193EPSS
Exploits0References5
OSV
OSV
added last week3 views

GHSA-3VCG-PV95-PQ54 SFTPGo has stored XSS via inline parameter on public shares and user file download

Summary The inline query parameter on the browsable-share file download and on the authenticated user file download suppressed Content-Disposition: attachment, so an HTML file stored in a share or home directory could be served as text/html and execute in SFTPGo's web origin stored XSS. Impact Lo...

3.7CVSS5.8AI score0.00028EPSS
Exploits0References2
OSV
OSV
added last week4 views

GHSA-H64P-8H4R-6GFH SFTPGo has path confinement bypass in public browsable share partial ZIP download

Summary The public web-client endpoint for partial ZIP downloads of a browsable share did not correctly confine the client-supplied files entries to the shared directory. A requester able to reach a public share could read files located outside the shared directory, as long as the target's...

5.9CVSS5.8AI score0.00057EPSS
Exploits0References2
NVD
NVD
added 2026/04/15 4:17 a.m.8 views

CVE-2026-40096

immich is a high performance self-hosted photo and video management solution. Versions prior to 2.7.3 contain an open redirect vulnerability in the shared album functionality, where the album name is inserted unsanitized into a tag in api.service.ts. A registered attacker can create a shared albu...

5.4CVSS0.00206EPSS
Exploits1References2
CVE
CVE
added 2026/04/14 11:54 p.m.38 views

CVE-2026-40096

Immich (self-hosted photo/video manager) contains an open redirect in rendering via the shared album name in API code (api.service.ts) affecting versions prior to 2.7.3. An attacker can craft a shared album name that injects a URL into a meta refresh, causing a victim opening the shared link to ...

5.4CVSS5.6AI score0.00206EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/04/14 11:54 p.m.11 views

EUVD-2026-22816

immich is a high performance self-hosted photo and video management solution. Versions prior to 2.7.3 contain an open redirect vulnerability in the shared album functionality, where the album name is inserted unsanitized into a tag in api.service.ts. A registered attacker can create a shared albu...

5.1CVSS5.6AI score0.00206EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/21 7:30 p.m.6 views

CVE-2025-68031

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in faraz sms افزونه پیامک حرفه ای فراز اس ام اس farazsms allows Reflected XSS.This issue affects افزونه پیامک حرفه ای فراز اس ام اس: from n/a through = 2.7.3...

7.1CVSS5.5AI score0.00175EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/28 12:0 a.m.1 views

CVE-2025-66382

In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time...

2.9CVSS6.4AI score0.00183EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/07 12:0 a.m.5 views

PT-2025-45436

Name of the Vulnerable Software and Affected Versions QuMagie versions prior to 2.7.3 Description A relative path traversal issue exists in QuMagie. A remote attacker may be able to read the contents of unexpected files or system data by exploiting this issue. Recommendations Update to QuMagie...

7.8CVSS6.6AI score0.00483EPSS
Exploits0References3
Rows per page
Query Builder