Lucene search
K

32 matches found

CVE
CVE
added 2026/02/19 7:10 p.m.14 views

CVE-2026-26192

Open WebUI (self-hosted offline) before v0.7.0 allows stored XSS via a crafted document payload by modifying chat history to set html in document metadata; the frontend treats contents as HTML and renders in an iframe during citation preview or shared chat view. Version 0.7.0 fixes the issue. No ...

7.3CVSS5.6AI score0.00194EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/02/19 7:10 p.m.28 views

CVE-2026-26192 Open WebUI vulnerable to Stored XSS via iFrame in citations model

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.7.0, aanually modifying chat history allows setting the html property within document metadata. This causes the frontend to enter a code path that treats document contents as HTML...

7.3CVSS0.00194EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/15 7:10 a.m.11 views

CVE-2026-1912

The Citations tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in the 'ctdoi' shortcode in all versions up to, and including, 0.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.7AI score0.00152EPSS
Exploits0References1
NVD
NVD
added 2026/02/14 5:16 a.m.13 views

CVE-2026-1912

The Citations tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in the 'ctdoi' shortcode in all versions up to, and including, 0.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00152EPSS
Exploits0References2
CVE
CVE
added 2026/02/14 4:35 a.m.14 views

CVE-2026-1912

CVE-2026-1912 concerns the WordPress plugin Citations tools, affected in all versions up to 0.3.2. The vulnerability is a Stored Cross-Site Scripting (Stored XSS) via the shortcodes/ctdoi code attribute, caused by insufficient input sanitization and output escaping on user-supplied attributes. Ex...

6.4CVSS5.8AI score0.00152EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/14 4:35 a.m.31 views

CVE-2026-1912 Citations tools <= 0.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'code' Shortcode Attribute

The Citations tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in the 'ctdoi' shortcode in all versions up to, and including, 0.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00152EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/14 4:35 a.m.4 views

CVE-2026-1912 Citations tools <= 0.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'code' Shortcode Attribute

The Citations tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in the 'ctdoi' shortcode in all versions up to, and including, 0.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.7AI score0.00152EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/14 12:0 a.m.10 views

WordPress plugin Citations tools 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.6AI score0.00152EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/02/13 10:4 p.m.11 views

WordPress Citations tools plugin <= 0.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'code' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'code' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Citations tools versions = 0.3.2...

6.4CVSS5.4AI score0.00152EPSS
Exploits0References1Affected Software1
Fedora
Fedora
added 2025/08/15 1:4 a.m.7 views

[SECURITY] Fedora 42 Update: pandoc-3.1.11.1-33.fc42

Pandoc is a Haskell library for converting from one markup format to another. The formats it can handle include - light markup formats many variants of Markdown, reStructuredText, AsciiDoc, Org-mode, Muse, Textile, txt2tags - HTML formats HTML 4 and 5 - Ebook formats EPUB v2 and v3, FB2 -...

3.7CVSS7.1AI score0.00632EPSS
Exploits1
Circl
Circl
added 2025/04/27 2:8 a.m.7 views

CVE-2025-46579

creationtimestamp| type| source ---|---|--- 2025-04-27 02:08:56+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13595 2025-04-27 03:35:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lnrd2ztzwq24 2025-04-27 03:48:44+00:00| seen|...

8.4CVSS4.8AI score0.00262EPSS
Exploits0References5
Schneier on Security
Schneier on Security
added 2024/07/15 5:13 p.m.12 views

Hacking Scientific Citations

Some scholars are inflating their reference counts by sneaking them into metadata: Citations of scientific work abide by a standardized referencing system: Each reference explicitly mentions at least the title, authors names, publication year, journal or conference name, and page numbers of the...

7.1AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/04/15 7:0 a.m.3 views

github.com/gomarkdown/markdown Out-of-bounds Read while parsing citations

...

7.5CVSS7AI score0.01042EPSS
Exploits1
Fedora
Fedora
added 2024/03/30 1:9 a.m.48 views

[SECURITY] Fedora 39 Update: pandoc-3.1.3-29.fc39

Pandoc is a Haskell library for converting from one markup format to another. The formats it can handle include - light markup formats many variants of Markdown, reStructuredText, AsciiDoc, Org-mode, Muse, Textile, txt2tags - HTML formats HTML 4 and 5 - Ebook formats EPUB v2 and v3, FB2 -...

6.3CVSS5.8AI score0.00349EPSS
Exploits1
Circl
Circl
added 2024/02/05 3:26 p.m.9 views

CVE-2024-23108

creationtimestamp| type| source ---|---|--- 2024-02-05 15:26:28+00:00| seen| https://t.me/ctinow/179262 2024-02-07 14:20:05+00:00| seen| https://t.me/truesecator/5386 2024-02-08 12:16:36+00:00| seen| https://t.me/itsecnews/4092 2024-02-08 16:26:19+00:00| seen| https://t.me/kasperskyb2b/1130...

10CVSS7.5AI score0.78375EPSS
Exploits2References18
Vulnrichment
Vulnrichment
added 2023/09/22 4:55 p.m.9 views

CVE-2023-42821 github.com/gomarkdown/markdown Out-of-bounds Read while parsing citations

The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion 0.0.0-20230922105210-14b16010c2ee, which corresponds with commit 14b16010c2ee7ff33a940a541d993bd043a88940, parsing malformed markdown input with parser that uses...

7.5CVSS6.5AI score0.01042EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/09/22 4:55 p.m.23 views

CVE-2023-42821 github.com/gomarkdown/markdown Out-of-bounds Read while parsing citations

The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion 0.0.0-20230922105210-14b16010c2ee, which corresponds with commit 14b16010c2ee7ff33a940a541d993bd043a88940, parsing malformed markdown input with parser that uses...

7.5CVSS7.5AI score0.01042EPSS
Exploits1References3
ThreatPost
ThreatPost
added 2021/06/24 1:14 p.m.59 views

Tulsa’s Police-Citation Data Leaked by Conti Gang

The city of Tulsa, OK is asking some of its residents to keep a close eye on their personal and financial accounts after the Conti ransomware group leaked some 18,000 city files, mostly police citations, on the dark web. The leak stemmed from a May 6 ransomware attack that caused the city to shut...

6.7AI score
Exploits0References11
Fedora
Fedora
added 2020/09/29 12:17 a.m.25 views

[SECURITY] Fedora 33 Update: pandoc-citeproc-0.17.0.1-3.fc33

The pandoc-citeproc library supports automatic generation of citations and a bibliography in pandoc documents using the Citation Style Language CSL ma cro language. More details on CSL can be found at . In addition to a library, the package includes an executable, pandoc-citepr oc, which works as...

6.5CVSS0.3AI score0.01566EPSS
Exploits0
CVE
CVE
added 2020/01/25 6:53 p.m.102 views

CVE-2013-1744

Technical details are not publicly provided in the supplied documents; monitor for updates. Current descriptions indicate a remote command execution vulnerability in IRIS citations management tool up to version 1.3, with no further specifics in the connected sources.

9.8CVSS9.6AI score0.05131EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder