Lucene search
+L

149 matches found

Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.8 views

PT-2026-23147

Name of the Vulnerable Software and Affected Versions Theater for WordPress versions prior to 0.19 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Cross-site Scripting issue. This allows for Stored XSS attacks...

5.8AI score0.00211EPSS
Exploits0References3
OSV
OSV
added 2026/02/23 2:16 a.m.6 views

CVE-2026-2964

A vulnerability was identified in higuma web-audio-recorder-js 0.1/0.1.1. Impacted is the function extend in the library lib/WebAudioRecorder.js of the component Dynamic Config Handling. Such manipulation leads to improperly controlled modification of object prototype attributes. It is possible t...

9.8CVSS5.3AI score0.00367EPSS
Exploits0References3
NVD
NVD
added 2026/02/20 4:22 p.m.7 views

CVE-2025-60183

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in silence Silencesoft RSS Reader external-rss-reader allows Stored XSS.This issue affects Silencesoft RSS Reader: from n/a through = 0.6...

5.9CVSS0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/19 7:10 p.m.36 views

CVE-2026-26192 Open WebUI vulnerable to Stored XSS via iFrame in citations model

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.7.0, aanually modifying chat history allows setting the html property within document metadata. This causes the frontend to enter a code path that treats document contents as HTML...

7.3CVSS0.00194EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.10 views

WordPress plugin iXML 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.1CVSS5.8AI score0.00255EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/02/16 11:57 a.m.7 views

WordPress Link Whisper Free plugin <= 0.9.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin Link Whisper Free versions = 0.9.1...

7.1CVSS5.2AI score0.0018EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/02/14 4:35 a.m.25 views

CVE-2026-1754 personal-authors-category <= 0.3 - Reflected Cross-Site Scripting

The personal-authors-category plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS0.00204EPSS
Exploits0References3
NVD
NVD
added 2026/02/11 8:16 p.m.16 views

CVE-2024-26479

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the Command execution function...

5.3CVSS0.00534EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/11 12:0 a.m.26 views

CVE-2025-69874

nanotar through 0.2.0 has a path traversal vulnerability in parseTar and parseTarGzip that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence...

0.00841EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2026/02/07 12:24 a.m.8 views

SUSE CVE-2026-23742

Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The...

8.8CVSS5.4AI score0.00473EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/02/06 5:32 a.m.5 views

CVE-2026-1991

A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvcscanstreaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be use...

5.5CVSS3.9AI score0.0018EPSS
Exploits1
NVD
NVD
added 2026/01/30 11:16 p.m.5 views

CVE-2020-37035

e-Learning PHP Script 0.1.0 contains a SQL injection vulnerability in the search functionality that allows attackers to manipulate database queries through unvalidated user input. Attackers can inject malicious SQL code in the 'search' parameter to potentially extract, modify, or access sensitive...

8.8CVSS0.00362EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/30 3:24 a.m.11 views

CVE-2025-71011

An input validation vulnerability in the flow.Tensor.newempty/flow.Tensor.newones/flow.Tensor.newzeros component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

6.2CVSS5.9AI score0.00145EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/27 11:34 p.m.35 views

CVE-2026-24134 StudioCMS has an Authorization Bypass Through User-Controlled Key

StudioCMS is a server-side-rendered, Astro native, headless content management system. Versions prior to 0.2.0 contain a Broken Object Level Authorization BOLA vulnerability in the Content Management feature that allows users with the "Visitor" role to access draft content created by...

6.5CVSS0.00295EPSS
Exploits2References3
Snyk
Snyk
added 2026/01/27 10:13 p.m.3 views

Missing Authorization

Overview studiocms is an A Community-Driven Astro native CMS. Built from the ground up by the Astro community. Affected versions of this package are vulnerable to Missing Authorization via the edit endpoint in the content management feature. An attacker can gain unauthorized access to draft conte...

6.5CVSS5.9AI score0.00295EPSS
Exploits2References3
OSV
OSV
added 2026/01/27 9:11 p.m.8 views

CVE-2026-24741 ConvertX Vulnerable to Arbitrary File Deletion via Path Traversal in `POST /delete`

ConvertXis a self-hosted online file converter. In versions prior to 0.17.0, the POST /delete endpoint uses a user-controlled filename value to construct a filesystem path and deletes it via unlink without sufficient validation. By supplying path traversal sequences e.g., ../, an attacker can...

8.1CVSS5.9AI score0.00408EPSS
Exploits1References4
OSV
OSV
added 2026/01/26 9:28 p.m.7 views

CVE-2026-22696 dcap-qvl has Missing Verification for QE Identity

dcap-qvl implements the quote verification logic for DCAP Data Center Attestation Primitives. A vulnerability present in versions prior to 0.3.9 involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral including qeidentity,...

9.3CVSS5.9AI score0.00208EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/22 2:6 a.m.5 views

CVE-2026-23966 sm-crypto Affected by Private Key Recovery in SM2-PKE

sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto prior to version 0.3.14. By interacting with the SM2 decryption interface multiple times, an attacker can...

9.1CVSS5.5AI score0.00209EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.9 views

sm-crypto data forgery vulnerability

sm-crypto is an encryption algorithm developed by June01 as a personal developer. Versions of sm-crypto prior to 0.3.14 contained a data falsification vulnerability. This vulnerability stemmed from a malleability flaw in the SM2 signature verification logic, which could allow the generation of ne...

7.5CVSS5.8AI score0.0019EPSS
Exploits0References1
NVD
NVD
added 2026/01/21 9:16 p.m.8 views

CVE-2026-22793

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...

9.6CVSS0.00607EPSS
Exploits1References2
Rows per page
Query Builder