Lucene search
+L

239 matches found

NVD
NVD
added 2 days ago10 views

CVE-2026-15652

The Easy Accordion – AI-Powered FAQ & Accordion Blocks, Product FAQ plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'align' Block Attribute in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00197EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-44861

The Easy Accordion – AI-Powered FAQ & Accordion Blocks, Product FAQ plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'align' Block Attribute in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6.2AI score0.00197EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-15652

The Easy Accordion – AI-Powered FAQ & Accordion Blocks, Product FAQ plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'align' Block Attribute in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6.2AI score0.00197EPSS
Exploits0References6
CVE
CVE
added 2 days ago8 views

CVE-2026-15652

The CVE-2026-15652 affects the WordPress plugin Easy Accordion – AI-Powered FAQ & Accordion Blocks. It allows Stored Cross-Site Scripting via the 'align' Block Attribute in all versions up to 3.1.6 due to insufficient input sanitization and output escaping. Exploitation requires authenticated acc...

6.4CVSS6.2AI score0.00197EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-15652 Easy Accordion <= 3.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'align' Block Attribute

The Easy Accordion – AI-Powered FAQ & Accordion Blocks, Product FAQ plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'align' Block Attribute in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00197EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 3:34 p.m.12 views

Malicious code in rnx-align-deps (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4fd85779926afc494fd03f154fa151e30ee831b5aa8f260e01b29ee8f7a676d5 No a static rule matches and no behavioral findings were produced for this package version. There is no evidence of credential access, network...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/07/07 3:34 p.m.8 views

MAL-2026-6940 Malicious code in rnx-align-deps (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4fd85779926afc494fd03f154fa151e30ee831b5aa8f260e01b29ee8f7a676d5 No a static rule matches and no behavioral findings were produced for this package version. There is no evidence of credential access, network...

6.1AI score
Exploits0References2
NVD
NVD
added 2026/07/01 5:16 a.m.10 views

CVE-2026-12135

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'videoplayer' shortcode 'align' attribute in all versions up to, and including, 7.5.51.7212 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

6.4CVSS0.00205EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/01 3:43 a.m.8 views

EUVD-2026-40899

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'videoplayer' shortcode 'align' attribute in all versions up to, and including, 7.5.51.7212 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

6.4CVSS5.9AI score0.00205EPSS
Exploits0References6
CVE
CVE
added 2026/07/01 3:43 a.m.15 views

CVE-2026-12135

The CVE-2026-12135 entry concerns the FV Flowplayer Video Player plugin for WordPress. Affected versions are all releases up to 7.5.51.7212, where a Stored Cross-Site Scripting vulnerability exists in the video_player shortcode align attribute due to insufficient input sanitization and output esc...

6.4CVSS5.9AI score0.00205EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2026-46281

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: vmalloc: fix buffer overflow in vreallocnodealign Commit 4c5d3365882d mm/vmalloc: allow to s...

7.8CVSS5.5AI score0.0014EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/09 2:21 a.m.13 views

SUSE CVE-2026-46281

In the Linux kernel, the following vulnerability has been resolved: vmalloc: fix buffer overflow in vreallocnodealign Commit 4c5d3365882d "mm/vmalloc: allow to set node and align in vrealloc" added the ability to force a new allocation if the current pointer is on the wrong NUMA node, or if an...

5.5CVSS5.8AI score0.0014EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/08 8:4 p.m.13 views

CVE-2026-46281

A flaw was found in the Linux kernel. When shrinking a vmalloc allocation using the vreallocnodealign function, if the requested new size is smaller than the old size, an out-of-bounds write can occur. This memory corruption vulnerability could allow a local attacker to cause a denial of service ...

7.8CVSS5.5AI score0.0014EPSS
Exploits0References4
NVD
NVD
added 2026/06/08 5:16 p.m.11 views

CVE-2026-46281

In the Linux kernel, the following vulnerability has been resolved: vmalloc: fix buffer overflow in vreallocnodealign Commit 4c5d3365882d "mm/vmalloc: allow to set node and align in vrealloc" added the ability to force a new allocation if the current pointer is on the wrong NUMA node, or if an...

7.8CVSS0.0014EPSS
Exploits0References3
OSV
OSV
added 2026/06/08 5:16 p.m.9 views

UBUNTU-CVE-2026-46281

In the Linux kernel, the following vulnerability has been resolved: vmalloc: fix buffer overflow in vreallocnodealign Commit 4c5d3365882d "mm/vmalloc: allow to set node and align in vrealloc" added the ability to force a new allocation if the current pointer is on the wrong NUMA node, or if an...

7.8CVSS5.7AI score0.0014EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/08 3:41 p.m.14 views

EUVD-2026-35146

In the Linux kernel, the following vulnerability has been resolved: vmalloc: fix buffer overflow in vreallocnodealign Commit 4c5d3365882d "mm/vmalloc: allow to set node and align in vrealloc" added the ability to force a new allocation if the current pointer is on the wrong NUMA node, or if an...

5.8AI score0.0014EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a buffer overflow in the vreallocnode Align function, potentially leading to memory corruption...

7.8CVSS5.8AI score0.0014EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.10 views

CVE-2026-4025

The PrivateContent Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' shortcode attribute in the pc-login-form shortcode in all versions up to, and including, 1.2.0. This is due to insufficient input sanitization and output escaping on the 'align' attribute...

6.4CVSS5.7AI score0.00276EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.13 views

CVE-2026-8885

The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on the 'width' and 'align' shortcode attributes...

6.4CVSS5.7AI score0.00181EPSS
Exploits0References1
NVD
NVD
added 2026/06/02 9:16 a.m.20 views

CVE-2026-8885

The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on the 'width' and 'align' shortcode attributes...

6.4CVSS0.00181EPSS
Exploits0References3
Rows per page
Query Builder