Lucene search
K

157 matches found

Nuclei
Nuclei
added 14 hours ago67 views

Combo Blocks < 2.2.76 - Improper Access Control

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts id:...

5.4CVSS6.1AI score0.16906EPSS
Exploits2References3
vulnersOsv
vulnersOsv
added 2026/03/26 6:0 p.m.13 views

pqc-combo (=0.1.0), pqc-fips (=0.0.3) +1 more potentially affected by unknown CVE via libcrux-ml-dsa (=0.0.4)

libcrux-ml-dsa CARGO version =0.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on libcrux-ml-dsa and may be impacted: - pqc-combo =0.1.0 - pqc-fips =0.0.3 - pqc-nostd =0.1.0 Source cves: unknown CVE Source advisory: OSV:GHSA-CP57-FQ8G-QH6V...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/26 5:58 p.m.6 views

pqc-combo (=0.1.0), pqc-fips (=0.0.3) +1 more potentially affected by unknown CVE via libcrux-ml-dsa (=0.0.4)

libcrux-ml-dsa CARGO version =0.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on libcrux-ml-dsa and may be impacted: - pqc-combo =0.1.0 - pqc-fips =0.0.3 - pqc-nostd =0.1.0 Source cves: unknown CVE Source advisory: OSV:GHSA-XRF2-5R3P-5WGJ...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/04 12:0 p.m.10 views

pqc-combo (=0.1.0), pqc-fips (=0.0.3) +1 more potentially affected by unknown CVE via libcrux-ml-dsa (=0.0.4)

libcrux-ml-dsa CARGO version =0.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on libcrux-ml-dsa and may be impacted: - pqc-combo =0.1.0 - pqc-fips =0.0.3 - pqc-nostd =0.1.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0076...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/04 12:0 p.m.15 views

libcrux-digest (>=0.0.4 <=0.0.7-rc.1), libcrux-kem (>=0.0.2 <=0.0.2-beta.3) +7 more potentially affected by unknown CVE via libcrux-sha3 (>=0.0.2-beta.3 <=0.0.8-rc.1)

libcrux-sha3 CARGO version =0.0.2-beta.3, =0.0.4, =0.0.2, =0.0.3, =0.0.2-alpha.1, =0.0.2-alpha.3 - libcrux-psq =0.0.2-beta.3 - pqc-combo =0.1.0 - pqc-fips =0.0.3 - pqc-nostd =0.1.0 - wpa-next =0.1.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0074...

5.8AI score
Exploits0
Patchstack
Patchstack
added 2026/02/02 7:56 p.m.5 views

WordPress Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks plugin <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks plugin = 2.2.80 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Post Grid and Gutenberg Blocks versions = 2.2.80...

6.4CVSS5.3AI score0.00263EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 9:11 a.m.9 views

WordPress Combo Blocks plugin <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Block Attribute vulnerability discovered by stealthcopter in WordPress Plugin Post Grid and Gutenberg Blocks versions = 2.2.80...

6.4CVSS5.2AI score0.00263EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/31 11:5 a.m.4 views

CVE-2025-69088

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vidish Combo Offers WooCommerce woo-combo-offers allows DOM-Based XSS.This issue affects Combo Offers WooCommerce: from n/a through = 4.2...

6.5CVSS6.4AI score0.00135EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/30 12:30 p.m.4 views

EUVD-2025-205709

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vidish Combo Offers WooCommerce woo-combo-offers allows DOM-Based XSS.This issue affects Combo Offers WooCommerce: from n/a through = 4.2...

5.9AI score0.00135EPSS
Exploits0References2
NVD
NVD
added 2025/12/30 11:16 a.m.6 views

CVE-2025-69088

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vidish Combo Offers WooCommerce woo-combo-offers allows DOM-Based XSS.This issue affects Combo Offers WooCommerce: from n/a through = 4.2...

6.5CVSS0.00135EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/30 10:47 a.m.2 views

CVE-2025-69088 WordPress Combo Offers WooCommerce plugin <= 4.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vidish Combo Offers WooCommerce woo-combo-offers allows DOM-Based XSS.This issue affects Combo Offers WooCommerce: from n/a through = 4.2...

6.5CVSS6AI score0.00135EPSS
Exploits0References1
CVE
CVE
added 2025/12/30 10:47 a.m.11 views

CVE-2025-69088

CVE-2025-69088 affects the Combo Offers WooCommerce plugin (

6.5CVSS6AI score0.00135EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/30 10:47 a.m.28 views

CVE-2025-69088 WordPress Combo Offers WooCommerce plugin <= 4.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vidish Combo Offers WooCommerce woo-combo-offers allows DOM-Based XSS.This issue affects Combo Offers WooCommerce: from n/a through = 4.2...

6.5CVSS0.00135EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/30 12:30 a.m.6 views

WordPress Combo Offers WooCommerce plugin <= 4.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Combo Offers WooCommerce versions = 4.2...

6.5CVSS6.1AI score0.00135EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.6 views

PT-2025-53916

Name of the Vulnerable Software and Affected Versions Vidish Combo Offers WooCommerce versions through 4.2 Description The software contains a flaw related to improper input handling during web page creation, specifically a DOM-Based Cross-site Scripting issue. This allows for the execution of...

6.4AI score0.00135EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.4 views

WordPress plugin Combo Offers WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

6.5CVSS5.7AI score0.00135EPSS
Exploits0References1
Veracode
Veracode
added 2025/11/19 3:31 a.m.10 views

Path Traversal

Liferay Portal is vulnerable to path traversal. The vulnerability is due to improper validation of query strings in the ComboServlet, which allows an attacker to access arbitrary CSS/JS files and repeatedly load them to exploit the system...

8.2CVSS7.1AI score0.00464EPSS
Exploits0References7Affected Software2
RedhatCVE
RedhatCVE
added 2025/10/24 10:38 p.m.7 views

CVE-2025-62254

The ComboServlet in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit the number or size of the files i...

7.5CVSS6.9AI score0.00508EPSS
Exploits0References1
NVD
NVD
added 2025/10/23 11:15 p.m.7 views

CVE-2025-62254

The ComboServlet in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit the number or size of the files i...

7.5CVSS0.00508EPSS
Exploits0References1
OSV
OSV
added 2025/10/23 11:15 p.m.7 views

CVE-2025-62254

The ComboServlet in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit the number or size of the files i...

7.5CVSS6.5AI score0.00508EPSS
Exploits0References1
Rows per page
Query Builder