Lucene search
+L

1251 matches found

nvd
nvd
added 2 days ago4 views

CVE-2026-48349

Animate is affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction. Scope is changed...

8.1CVSS0.00192EPSS
Exploits0References1
nvd
nvd
added 2 days ago5 views

CVE-2026-48347

Animate is affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a...

7.7CVSS0.00675EPSS
Exploits0References1
cve
cve
added 2 days ago7 views

CVE-2026-48346

Summary (CVE-2026-48346): Animate is affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. The affected scope has changed. The CVSS vector indi...

7.9CVSS6.5AI score0.00187EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2 days ago38 views

CVE-2026-48346 Animate | Untrusted Search Path (CWE-426)

Animate is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed...

7.9CVSS0.00187EPSS
Exploits0References1
cve
cve
added 2 days ago6 views

CVE-2026-48345

Technical details are not publicly available in the provided documents. Monitor for updates.

8.2CVSS6.5AI score0.00888EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2 days ago36 views

CVE-2026-48347 Animate | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

Animate is affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a...

7.7CVSS0.00675EPSS
Exploits0References1
cvelist
cvelist
added 2 days ago35 views

CVE-2026-48349 Animate | Incorrect Authorization (CWE-863)

Animate is affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction. Scope is changed...

8.1CVSS0.00192EPSS
Exploits0References1
cve
cve
added 2 days ago10 views

CVE-2026-48347

Animate is affected by an OS Command Injection (CWE-78) due to improper neutralization of special elements in an input that is used in an OS command. This can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a malici...

7.7CVSS6.5AI score0.00675EPSS
Exploits0References1Affected Software1
cve
cve
added 2 days ago6 views

CVE-2026-48349

CVE-2026-48349 (Animate) is an Incorrect Authorization vulnerability (CWE-863) that could allow arbitrary code execution in the context of the current user. Exploitation does not require user interaction, but depends on conditions beyond the attacker’s control. The CVSSv3.1 base score is 8.1 (HIG...

8.1CVSS6.5AI score0.00192EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2 days ago38 views

CVE-2026-48348 Animate | Incorrect Authorization (CWE-863)

Animate is affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must open a maliciou...

7.7CVSS0.00166EPSS
Exploits0References1
cve
cve
added 2 days ago9 views

CVE-2026-48348

Animate is affected by an Incorrect Authorization (CWE-863) vulnerability that could lead to arbitrary code execution in the context of the current user. The exploit depends on conditions beyond the attacker’s control and requires user interaction (the victim must open a malicious file). The CVE ...

7.7CVSS6.5AI score0.00166EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2 days ago39 views

CVE-2026-48350 Animate | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

Animate is affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to access sensitive files or directories outside the...

8.6CVSS0.00193EPSS
Exploits0References1
nessus
nessus
added 2 days ago5 views

Adobe Animate 23.x < 23.0.16 / 24.x < 24.0.14 Multiple Vulnerabilities (APSB26-83)

The version of Adobe Animate installed on the remote macOS or Mac OS X host is prior to 23.0.16 or 24.0.14. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb26-83 advisory. - Animate is affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path...

8.6CVSS6.5AI score0.00888EPSS
Exploits0References7
nessus
nessus
added 2 days ago5 views

Adobe Animate 23.x < 23.0.16 / 24.x < 24.0.14 Multiple Vulnerabilities (APSB26-83)

The version of Adobe Animate installed on the remote Windows host is prior to 23.0.16 or 24.0.14. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb26-83 advisory. - Animate is affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal...

8.6CVSS6.5AI score0.00888EPSS
Exploits0References7
ossf
ossf
added 2026/07/09 3:28 p.m.9 views

Malicious code in tailwind-animate-v4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd43366b04ea80c2244079c09602623af157ce00cba9ae1837005b97ffe44bdb The package presents itself as a Tailwind CSS animation plugin and reproduces the legitimate tailwindcss-animate source including its original author...

6.2AI score
Exploits0References5
ubuntu
ubuntu
added 2026/06/30 8:41 a.m.8 views

USN-8482-1: Roundcube Webmail vulnerability

It was discovered that Roundcube Webmail was prone to a Cross-Site-Scripting XSS vulnerability via the animate tag in an SVG document. An attacker could use this issue to execute arbitrary web script in the context of an affected user's session...

7.2CVSS7.5AI score0.19769EPSS
Exploits1
susecve
susecve
added 2026/05/27 10:56 a.m.13 views

SUSE CVE-2026-48848

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets CSS injection via an SVG document that has an animate element with the attributeName attribute...

7.2CVSS5.8AI score0.00388EPSS
Exploits0References3
nvd
nvd
added 2026/05/27 7:16 a.m.24 views

CVE-2026-8872

The Animate Your Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animation-set' shortcode in versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes in the...

6.4CVSS0.00193EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/05/27 5:31 a.m.8 views

CVE-2026-8872 Animate Your Content <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Animate Your Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animation-set' shortcode in versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes in the...

6.4CVSS6AI score0.00193EPSS
Exploits0References4
euvd
euvd
added 2026/05/27 5:31 a.m.13 views

EUVD-2026-32074

The Animate Your Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animation-set' shortcode in versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes in the...

6.4CVSS6AI score0.00193EPSS
Exploits0References4
Rows per page
Query Builder