Lucene search
K

3306 matches found

EUVD
EUVD
added 2026/05/05 7:48 p.m.6 views

EUVD-2026-27482

Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, the unauthenticated JSON API accepts an altTable parameter that is stored via the setAltTable method without validation or sanitization. This...

9.3CVSS5.9AI score0.00317EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/05 7:48 p.m.7 views

CVE-2026-40331 Masa CMS unauthenticated SQL injection via altTable parameter in JSON API

Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, the unauthenticated JSON API accepts an altTable parameter that is stored via the setAltTable method without validation or sanitization. This...

9.3CVSS5.9AI score0.00317EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

Masa CMS SQL注入漏洞

Masa CMS is a digital experience platform. Masa CMS has a SQL injection vulnerability, which stems from the unvalidated JSON API accepting the altTable parameter and storing it through the setAltTable method. This may allow unauthorized attackers to read sensitive data through arbitrary subquerie...

9.3CVSS6AI score0.00317EPSS
Exploits0References1
OSV
OSV
added 2026/05/04 1:12 p.m.11 views

JLSEC-2026-394

When curl 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving the...

9.8CVSS6.8AI score0.06823EPSS
Exploits1References16
Cvelist
Cvelist
added 2026/05/02 9:26 a.m.36 views

CVE-2026-5077 Total <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title in Blog Section Image alt Attribute

The Total theme for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in versions up to, and including, 2.2.1 due to insufficient output escaping when rendering thetitle inside HTML attribute context in the home blog section template. This makes it possible for authenticated...

5.4CVSS0.00194EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/02 9:26 a.m.4 views

CVE-2026-5077 Total <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title in Blog Section Image alt Attribute

The Total theme for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in versions up to, and including, 2.2.1 due to insufficient output escaping when rendering thetitle inside HTML attribute context in the home blog section template. This makes it possible for authenticated...

5.4CVSS6AI score0.00194EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/01 2:14 p.m.14 views

EUVD-2026-26555

In the Linux kernel, the following vulnerability has been resolved: vt: discard stale unicode buffer on alt screen exit after resize When enteraltscreen saves vcunilines into vcsavedunilines and sets vcunilines to NULL, a subsequent console resize via vcdoresize skips reallocating the unicode...

6AI score0.00127EPSS
Exploits0References3
CVE
CVE
added 2026/05/01 2:14 p.m.11 views

CVE-2026-31742

The CVE-2026-31742 issue affects the Linux kernel’s virtual terminal (vt) handling of alternate screen mode. When entering alt screen, vc_uni_lines is saved to vc_saved_uni_lines and vc_uni_lines is set to NULL. A subsequent console resize can skip reallocating the unicode buffer because vc_uni_l...

7.8CVSS6AI score0.00127EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/01 9:32 a.m.7 views

WordPress Bulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO) plugin <= 2.1.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Bulk Auto Image Alt Text Alt tag, Alt attribute optimization image SEO + Woocommerce versions = 2.1.0...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/01 9:31 a.m.9 views

WordPress Image Alt Text Manager – Bulk & Dynamic Alt Tags For image SEO Optimization + AI plugin <= 1.6.3 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Alt Manager versions = 1.6.3...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/04/24 5:29 a.m.18 views

CVE-2026-5428

The CVE concerns the Royal Elementor Addons for WordPress (Image Grid/Slider/Carousel widget) with versions ≤ 1.7.1056. The root cause is insufficient output escaping in render_post_thumbnail(), where wp_kses_post() is used for the alt attribute context instead of escaping, enabling Stored Cross-...

6.4CVSS5.9AI score0.00264EPSS
Exploits0References6
NVD
NVD
added 2026/04/24 4:16 a.m.8 views

CVE-2026-41318

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an unsafe custom rule for images that interpolates the markdown image's alt text into an HTML alt="..."...

5.4CVSS0.00195EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/24 2:57 a.m.6 views

CVE-2026-41318

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an unsafe custom rule for images that interpolates the markdown image's alt text into an HTML alt="..."...

5.4CVSS5.7AI score0.00195EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/04/24 2:57 a.m.6 views

EUVD-2026-25387

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an unsafe custom rule for images that interpolates the markdown image's alt text into an HTML alt="..."...

5.4CVSS5.7AI score0.00195EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.11 views

AnythingLLM 跨站脚本漏洞

AnythingLLM is an integrated AI application developed by Mintplex. Versions of AnythingLLM prior to 1.12.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the markdown renderer in the chart component not encoding the alt text as HTML, which could lead to storage-ty...

5.4CVSS5.6AI score0.00195EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.13 views

PT-2026-34844

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an unsafe custom rule for images that interpolates the markdown image's alt text into an HTML alt="..."...

5.4CVSS5.7AI score0.00195EPSS
Exploits1References4
OSV
OSV
added 2026/04/03 5:54 p.m.9 views

CLSA-2026-1775238894 Update of alt-php

Bump ABI 5.4.0-226...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/03 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-32884

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of...

5.9CVSS5.9AI score0.00158EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.4 views

CVE-2026-3350

The Image Alt Text Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all versions up to, and including, 1.8.2. This is due to insufficient input sanitization and output escaping when dynamically generating image alt and title attributes using a DOM...

6.4CVSS6AI score0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.6 views

CVE-2026-0609

The Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image alt text in all versions up to, and including, 4.9.0 due to insufficient input sanitization and output escaping in the 'logo-slider' shortcode...

6.4CVSS6AI score0.00156EPSS
Exploits0References1
Rows per page
Query Builder