Lucene search
K

17 matches found

NVD
NVD
added 2026/06/25 4:16 p.m.5 views

CVE-2026-48940

A Joomla user with K2 "create item" rights Author tier by default can submit an article whose embedVideo POST field contains a raw tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page...

3.4CVSS0.00167EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:26 p.m.6 views

CVE-2026-48940

A Joomla user with K2 "create item" rights Author tier by default can submit an article whose embedVideo POST field contains a raw...

3.4CVSS5.9AI score0.00167EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 3:26 p.m.33 views

CVE-2026-48940 Joomla Extension - getk2.org - Stored-XSS in K2 extension for Joomla < 2.26

A Joomla user with K2 "create item" rights Author tier by default can submit an article whose embedVideo POST field contains a raw tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page...

0.00167EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.8 views

WordPress plugin Avada 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

4.3CVSS5.7AI score0.001EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/09 12:0 a.m.8 views

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. There is a security vulnerability in Apache Airflow, whic...

8.8CVSS5.9AI score0.00695EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/09/10 10:18 p.m.5 views

CVE-2025-58365

The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Prior to version 9.14, the blog application in XWiki allowed remote code execution for any user who has edit right on any page. Normally, these are all logged-in users as they can edit their own user...

8.7CVSS7.9AI score0.00533EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/03/13 12:0 a.m.4 views

WordPress Plugin Auto Featured Image 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

8.8CVSS8.2AI score0.01645EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/03/02 12:0 a.m.7 views

PT-2023-20665 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 13.10 through 14.4.6 XWiki Platform versions 13.10 through 13.10.10 XWiki Platform versions 14.0 through 14.4.6 Description: The issue allows an attacker to use the rights of an existing document content author to...

9.9CVSS8.7AI score0.00787EPSS
Exploits1References9
CNNVD
CNNVD
added 2022/12/26 12:0 a.m.4 views

WordPress Plugin Contest Gallery SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.5CVSS6.6AI score0.00854EPSS
Exploits2References3
CNNVD
CNNVD
added 2022/12/26 12:0 a.m.5 views

WordPress Plugin Contest Gallery SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

7.5CVSS7.4AI score0.0092EPSS
Exploits2References3
CNNVD
CNNVD
added 2022/12/26 12:0 a.m.5 views

WordPress Plugin Contest Gallery SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.5CVSS6.6AI score0.00911EPSS
Exploits2References3
CNNVD
CNNVD
added 2022/12/26 12:0 a.m.3 views

WordPress Plugin Contest Gallery SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.5CVSS6.6AI score0.00854EPSS
Exploits2References3
CNNVD
CNNVD
added 2022/12/26 12:0 a.m.6 views

WordPress Plugin Contest Gallery SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.9CVSS5.5AI score0.00852EPSS
Exploits2References3
OSV
OSV
added 2022/03/25 7:15 p.m.4 views

CVE-2022-25612

Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities in Simple Event Planner WordPress plugin = 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &customeventorganiser, &customorganiseremail, &customorganisercontact...

5.4CVSS5.8AI score0.00549EPSS
Exploits0References2
CNVD
CNVD
added 2021/11/10 12:0 a.m.18 views

WordPress Plugin Access Control Error Vulnerability (CNVD-2021-101476)

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Plugin is a WordPress open source application plugin. access control error vulnerability in Wordpress...

4.3CVSS2AI score0.00654EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/11/08 12:0 a.m.6 views

WordPress 插件访问控制错误漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Plugin is a WordPress open source application plugin. access control error vulnerability in Wordpress...

4.3CVSS5.7AI score0.00654EPSS
Exploits2References2
OSV
OSV
added 2021/03/23 10:47 p.m.23 views

GHSA-V662-XPCC-9XF6 It's possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macro

Impact The wikimacrocontent executes the content with the rights of the wiki macro author instead of the caller of that wiki macro. This makes possible to inject scripts through it and they will be executed with the rights of the wiki macro very often a user which has Programming rights...

7.7CVSS6.3AI score0.00459EPSS
Exploits0References3
Rows per page
Query Builder