Lucene search
K

10 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/23 6:42 p.m.4 views

CVE-2026-33685

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the plugin/ADServer/reports.json.php endpoint performs no authentication or authorization checks, allowing any unauthenticated attacker to extract ad campaign analytics data including video titles, user channel...

5.3CVSS5.8AI score0.00315EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/02/14 6:42 a.m.25 views

CVE-2026-2022 Smart Forms <= 2.6.99 - Missing Authorization to Authenticated (Subscriber+) Campaign Data Exposure

The Smart Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'rednaosmartformsgetcampaigns' AJAX action in all versions up to, and including, 2.6.99. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS0.00252EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/21 7:37 p.m.5 views

CVE-2025-55126

HackerOne community member Dang Hung Vi vidang04 has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS...

6.5CVSS6.3AI score0.0018EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/20 9:30 p.m.3 views

EUVD-2025-198334

HackerOne community member Dang Hung Vi vidang04 has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS...

6.5CVSS6.2AI score0.0018EPSS
Exploits1References2
NVD
NVD
added 2025/11/20 7:16 p.m.8 views

CVE-2025-55126

HackerOne community member Dang Hung Vi vidang04 has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS...

6.5CVSS0.0018EPSS
Exploits1References1
OSV
OSV
added 2025/11/20 7:16 p.m.6 views

CVE-2025-55126

HackerOne community member Dang Hung Vi vidang04 has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS...

6.5CVSS5.8AI score0.0018EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/11/20 7:7 p.m.7 views

CVE-2025-55126

HackerOne community member Dang Hung Vi vidang04 has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS...

6.5CVSS5.8AI score0.0018EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/11/20 7:7 p.m.11 views

CVE-2025-55126

HackerOne community member Dang Hung Vi vidang04 has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS...

6.5CVSS0.0018EPSS
Exploits1References1
CVE
CVE
added 2025/11/20 7:7 p.m.13 views

CVE-2025-55126

Revive Adserver is affected by a stored XSS in the navigation/advertiser pages where campaign names are stored and later rendered without escaping. The vulnerability is exploitable by a low-privilege authenticated user who can store HTML/JS in campaign names via the admin Inventory → Banners adve...

6.5CVSS5.8AI score0.0018EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/20 12:0 a.m.6 views

PT-2025-47624

HackerOne community member Dang Hung Vi vidang04 has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS...

6.5CVSS6.2AI score0.0018EPSS
Exploits1References2
Rows per page
Query Builder