Lucene search
+L

708 matches found

cvelist
cvelist
added 2026/03/20 8:25 a.m.33 views

CVE-2026-2432 CM Custom Reports <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Labels

The CM Custom Reports – Flexible reporting to track what matters most plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

4.4CVSS0.00244EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/03/20 8:25 a.m.2 views

CVE-2026-2432

The CM Custom Reports – Flexible reporting to track what matters most plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

4.4CVSS5.9AI score0.00244EPSS
Exploits0References5
cnnvd
cnnvd
added 2026/03/20 12:0 a.m.11 views

WordPress plugin CM Custom Reports 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.4CVSS5.7AI score0.00244EPSS
Exploits0References4
euvd
euvd
added 2026/03/07 3:30 a.m.7 views

EUVD-2026-10100

The CM Custom Reports plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'datefrom' and 'dateto' parameters in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS5.9AI score0.00223EPSS
Exploits0References4
nvd
nvd
added 2026/03/07 2:16 a.m.5 views

CVE-2026-2431

The CM Custom Reports plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'datefrom' and 'dateto' parameters in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS0.00223EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/03/07 12:0 a.m.7 views

WordPress plugin CM Custom Reports 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.1CVSS5.8AI score0.00223EPSS
Exploits0References4
nessus
nessus
added 2026/03/05 12:0 a.m.10 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005793)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005793 advisory. In the Linux kernel, the following vulnerability has been resolved: drivers/rapidio/riocm.c: prevent possible heap overwrite In riocmcdevioctlRIOCMCHANSEND -...

5.5CVSS6.8AI score0.0015EPSS
Exploits0References4
ossf
ossf
added 2026/03/03 6:38 a.m.8 views

Malicious code in demo-ip-package-cm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 756fbc97ea8b65830898805513bede65c955e6ae300a4d19574e984d17615b37 The package demo-ip-package-cm was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
osv
osv
added 2026/03/03 6:38 a.m.6 views

MAL-2026-1197 Malicious code in demo-ip-package-cm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 756fbc97ea8b65830898805513bede65c955e6ae300a4d19574e984d17615b37 The package demo-ip-package-cm was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
redhatcve
redhatcve
added 2026/02/20 1:27 p.m.8 views

CVE-2026-25004

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CreativeMindsSolutions CM Business Directory cm-business-directory allows Stored XSS.This issue affects CM Business Directory: from n/a through = 1.5.3...

5.9CVSS5.5AI score0.00226EPSS
Exploits0References1
redos
redos
added 2026/02/20 12:0 a.m.11 views

ROS-20260220-73-0029

A vulnerability in the EXPORTSYMBOL, destroycmid and cmworkhandler functions drivers/infiniband/core/iwcm.c of the Linux kernel is related to the use of memory after it has been freed. Exploitation of the vulnerability could allow an attacker to escalate his privileges...

7.8CVSS5.5AI score0.00154EPSS
Exploits0
vulnrichment
vulnrichment
added 2026/02/19 8:26 a.m.4 views

CVE-2026-25004 WordPress CM Business Directory plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CreativeMindsSolutions CM Business Directory cm-business-directory allows Stored XSS.This issue affects CM Business Directory: from n/a through = 1.5.3...

5.9CVSS5.9AI score0.00226EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/02/19 12:0 a.m.10 views

WordPress plugin CM Business Directory 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.9CVSS5.6AI score0.00226EPSS
Exploits0References1
ibm
ibm
added 2026/02/18 1:56 p.m.9 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2025-33142)

Summary IBM WebSphere Application Server is used by the IBM Rational ClearQuest server. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

7.5CVSS5.5AI score0.0027EPSS
Exploits0Affected Software1
redhatcve
redhatcve
added 2026/02/10 7:33 a.m.6 views

CVE-2026-2236

C@il developed by HGiga has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

8.7CVSS6.3AI score0.0041EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/02/10 7:33 a.m.7 views

CVE-2026-2235

C@il developed by HGiga has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

7.1CVSS6.3AI score0.00272EPSS
Exploits0References1
cvelist
cvelist
added 2026/02/09 7:20 a.m.35 views

CVE-2026-2236 HGiga|C&Cm@il - SQL Injection

C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

8.7CVSS0.0041EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/02/09 7:17 a.m.5 views

CVE-2026-2235 HGiga|C&Cm@il - SQL Injection

C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

7.1CVSS6.3AI score0.00272EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/02/09 7:17 a.m.3 views

CVE-2026-2235

C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

7.1CVSS6.3AI score0.00272EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/02/09 7:9 a.m.4 views

CVE-2026-2234

C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read and modify any user's mail content...

9.3CVSS5.5AI score0.00449EPSS
Exploits0References3
Rows per page
Query Builder