Lucene search
K

152 matches found

CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

WordPress plugin Anti-Spam by CleanTalk 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.2AI score0.00296EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 2:28 a.m.7 views

CVE-2026-7556 FV Flowplayer Video Player <= 7.5.49.7212 - Unauthenticated Stored Cross-Site Scripting via Comment Text

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS5.7AI score0.00241EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/09 2:28 a.m.11 views

CVE-2026-7556

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS5.7AI score0.00241EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.16 views

PT-2026-44906

Name of the Vulnerable Software and Affected Versions Froxlor versions prior to 2.3.7 Description An issue exists where server-side FTP account handlers do not enforce the system.available shells whitelist when processing add or edit requests. This allows an authenticated customer with shell...

9.4CVSS5.9AI score0.00227EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.10 views

PySyft server-side arbitrary Python execution after code approval

PySyft Syft Datasite/Server versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions via @sy.syftfunction for remote execution on the server. While a...

9.8CVSS6.7AI score0.00631EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 3:30 p.m.23 views

Jenkins Script Security Plugin: Missing permission checks allow enumeration of pending and approved classpaths

Jenkins Script Security Plugin versions 1399.ve6a66547f6e1 and earlier do not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths. Script Security Plugin 1402.v94c9ce464861 requires...

4.3CVSS5.8AI score0.00174EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/29 3:30 p.m.5 views

GHSA-P334-GFHQ-C7W6 Jenkins Script Security Plugin: Missing permission checks allow enumeration of pending and approved classpaths

Jenkins Script Security Plugin versions 1399.ve6a66547f6e1 and earlier do not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths. Script Security Plugin 1402.v94c9ce464861 requires...

4.3CVSS5.8AI score0.00174EPSS
Exploits0References3
NVD
NVD
added 2026/04/29 2:16 p.m.71 views

CVE-2026-42519

A missing permission check in Jenkins Script Security Plugin 1399.ve6a66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths...

4.3CVSS0.00174EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/29 1:31 p.m.92 views

CVE-2026-42519

A missing permission check in Jenkins Script Security Plugin 1399.ve6a66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths...

0.00174EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.7 views

PT-2026-35913

A missing permission check in Jenkins Script Security Plugin 1399.ve6a 66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths...

4.3CVSS5.2AI score0.00174EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/10 1:24 a.m.1 views

CVE-2026-4664 Customer Reviews for WooCommerce <= 5.103.0 - Unauthenticated Authentication Bypass to Arbitrary Review Submission via 'key' Parameter

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.103.0. This is due to the createreviewpermissionscheck function comparing the user-supplied key parameter against the order's ivolesecretkey meta value using...

5.3CVSS5.7AI score0.00673EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.33 views

PT-2026-31850

Name of the Vulnerable Software and Affected Versions Customer Reviews for WooCommerce plugin for WordPress versions up to and including 5.103.0 Description The Customer Reviews for WooCommerce plugin for WordPress is susceptible to authentication bypass. This occurs because the create review...

5.3CVSS5.7AI score0.00673EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.3 views

CVE-2026-35208

lichess.org is the forever free, adless and open source chess server. Any approved streamer can inject arbitrary HTML into /streamer and the homepage “Live streams” widget by placing markup in their Twitch/YouTube stream title. CSP is present and blocks inline script execution, but the issue is...

5.4CVSS6AI score0.00299EPSS
Exploits1References1
Snyk
Snyk
added 2026/04/07 6:15 p.m.5 views

Improper Handling of Case Sensitivity

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to inconsistent normalization of environment override keys between approval binding and execution time. An attacker can inject unauthorized...

7.6CVSS6AI score0.0026EPSS
Exploits0References2
NVD
NVD
added 2026/04/06 9:16 p.m.6 views

CVE-2026-35208

lichess.org is the forever free, adless and open source chess server. Any approved streamer can inject arbitrary HTML into /streamer and the homepage “Live streams” widget by placing markup in their Twitch/YouTube stream title. CSP is present and blocks inline script execution, but the issue is...

5.4CVSS0.00299EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/06 8:6 p.m.3 views

CVE-2026-35208 lichess.org has an Unsanitized Stream Title Injection on /streamer

lichess.org is the forever free, adless and open source chess server. Any approved streamer can inject arbitrary HTML into /streamer and the homepage “Live streams” widget by placing markup in their Twitch/YouTube stream title. CSP is present and blocks inline script execution, but the issue is...

5.3CVSS6AI score0.00299EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/06 8:6 p.m.4 views

EUVD-2026-19476

lichess.org is the forever free, adless and open source chess server. Any approved streamer can inject arbitrary HTML into /streamer and the homepage “Live streams” widget by placing markup in their Twitch/YouTube stream title. CSP is present and blocks inline script execution, but the issue is...

5.3CVSS6AI score0.00299EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/06 8:6 p.m.17 views

CVE-2026-35208 lichess.org has an Unsanitized Stream Title Injection on /streamer

lichess.org is the forever free, adless and open source chess server. Any approved streamer can inject arbitrary HTML into /streamer and the homepage “Live streams” widget by placing markup in their Twitch/YouTube stream title. CSP is present and blocks inline script execution, but the issue is...

5.3CVSS0.00299EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/06 7:44 p.m.10 views

EUVD-2026-19472

SymCrypt is the core cryptographic function library currently used by Windows. From 103.5.0 to before 103.11.0, The SymCryptXmssSign function passes a 64-bit leaf count value to a helper function that accepts a 32-bit parameter. For XMSS^MT parameter sets with total tree height = 32 which include...

6.1CVSS6.1AI score0.00281EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.8 views

lila 安全漏洞

Lila is an ad-free and open-source chess server developed by Lichess. Lila has a security vulnerability that stems from allowing approved hosts to inject arbitrary HTML, which may lead to server-side HTML injection attacks...

5.4CVSS5.9AI score0.00299EPSS
Exploits1References4
Rows per page
Query Builder