Lucene search
K

33 matches found

Circl
Circl
added 2026/06/21 9:57 a.m.6 views

CVE-2026-12781

creationtimestamp| type| source ---|---|--- 2026-06-21 09:57:57+00:00| seen| https://bsky.app/profile/suriq.io/post/3mos4bpp2d52t 2026-06-21 12:00:26+00:00| seen| https://infosec.exchange/users/offseq/statuses/116787984752269342 2026-06-21 12:00:27+00:00| seen|...

8.5CVSS7.1AI score0.00112EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/18 2:35 p.m.25 views

CVE-2026-44691

In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files e.g. .theia/tasks.json, .vscode/tasks.json could be executed without requiring workspace trust. An attacker could craft a malicious repository that, when cloned and opened in Theia, leads to execution of arbitra...

8.4CVSS0.00231EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/18 2:35 p.m.12 views

CVE-2026-44691

In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files e.g. .theia/tasks.json, .vscode/tasks.json could be executed without requiring workspace trust. An attacker could craft a malicious repository that, when cloned and opened in Theia, leads to execution of arbitra...

8.4CVSS5.7AI score0.00231EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/06 7:45 p.m.6 views

CVE-2026-28223

Wagtail is an open source content management system built on Django. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, a stored cross-site scripting XSS vulnerability exists on confirmation messages within the wagtail.contrib.simpletranslation module. A user with access to the Wagtail admin area...

6.1CVSS5.6AI score0.00459EPSS
Exploits0References1
OSV
OSV
added 2026/03/05 6:56 p.m.4 views

CVE-2026-28223 Wagtail: Improper escaping of HTML (Cross-site Scripting) in simple_translation admin interface

Wagtail is an open source content management system built on Django. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, a stored cross-site scripting XSS vulnerability exists on confirmation messages within the wagtail.contrib.simpletranslation module. A user with access to the Wagtail admin area...

6.1CVSS5.6AI score0.00459EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.9 views

Wagtail 跨站脚本漏洞

Wagtail is an open-source content management system CMS developed by Wagtail. Versions of Wagtail prior to 6.3.8, 7.0.6, 7.2.3, and 7.3.1 had a cross-site scripting vulnerability. This vulnerability stemmed from the confirmation messages in the Wagtail.contrib.simpletranslation module, which...

6.1CVSS5.8AI score0.00459EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2026/03/03 5:59 p.m.11 views

Wagtail Vulnerable to Cross-site Scripting in simple_translation admin interface

Impact A stored Cross-site Scripting XSS vulnerability exists on confirmation messages within the wagtail.contrib.simpletranslation module. A user with access to the Wagtail admin area may create a page with a specially-crafted title which, when another user performs the "Translate" action, cause...

6.1CVSS6AI score0.00459EPSS
Exploits0References11Affected Software1
Cvelist
Cvelist
added 2025/10/13 5:29 p.m.10 views

CVE-2025-61775 Vickey's unexpired email confirmation link can be reused to send repeated confirmation emails

Vickey is a Misskey-based microblogging platform. A vulnerability exists in Vickey prior to version 2025.10.0 where unexpired email confirmation links can be reused multiple times to send repeated confirmation emails to a verified email address. Under certain conditions, a verified email address...

6.9CVSS0.00316EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/13 12:0 a.m.3 views

Vickey 安全漏洞

Vickey is a microblogging platform open-sourced by Whimsies YATeam. A security vulnerability exists in Vickey versions prior to 2025.10.0 that stems from an unexpired email confirmation link that can be reused, potentially resulting in verified email addresses receiving duplicate confirmation...

6.9CVSS6.6AI score0.00316EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-40588

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00955EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:1 a.m.7 views

CVE-2023-36644

Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all order confirmations from the online shop via the printmail plugin...

7.5CVSS7AI score0.00955EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 1:49 a.m.10 views

CVE-2010-5140

wxBitcoin and bitcoind before 0.3.13 do not properly handle bitcoins associated with Bitcoin transactions that have zero confirmations, which allows remote attackers to cause a denial of service invalid-transaction flood by sending low-valued transactions without transaction fees...

5CVSS7AI score0.02301EPSS
Exploits0References1
Circl
Circl
added 2025/03/24 10:24 a.m.12 views

CVE-2025-30208

creationtimestamp| type| source ---|---|--- 2025-03-24 10:24:13+00:00| published-proof-of-concept| https://github.com/vitejs/vite/security/advisories/GHSA-x574-m823-4x7w 2025-03-24 20:34:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ll5m6iaxgn2x 2025-03-24 20:54:47+00:00| seen|...

7.5CVSS6.6AI score0.74998EPSS
Exploits28References72
Circl
Circl
added 2025/01/06 6:26 p.m.12 views

CVE-2024-46209

creationtimestamp| type| source ---|---|--- 2025-01-06 18:26:21+00:00| seen| https://infosec.exchange/users/cve/statuses/113782815498541746 2025-01-06 19:15:41+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf3tu6u4c22f 2025-01-06 19:47:35+00:00| seen|...

5.4CVSS4.8AI score0.00403EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/11/27 12:0 a.m.5 views

PT-2024-35958 · Unknown · Sp-Php-Email-Handler

Name of the Vulnerable Software and Affected Versions: sp-php-email-handler versions prior to 1.0.0 Description: The sp-php-email-handler PHP package is vulnerable to abuse, allowing malicious actors to specify arbitrary email recipients and include user-provided content in confirmation emails...

8.7CVSS7.2AI score0.00451EPSS
Exploits0References9
OSV
OSV
added 2024/06/12 12:8 a.m.15 views

MAL-2024-1603 Malicious code in icon-reactjs (npm)

This package is considered malicious because it contains code to spam Telegram channels and Whatsapp channels with fake payment confirmations...

7.3AI score
Exploits0
NVD
NVD
added 2024/04/04 9:15 a.m.25 views

CVE-2023-36644

Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all order confirmations from the online shop via the printmail plugin...

7.5CVSS7.5AI score0.00955EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2024/04/04 9:15 a.m.5 views

CVE-2023-36644

Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all order confirmations from the online shop via the printmail plugin...

7.5CVSS5.8AI score0.00955EPSS
Exploits1References2
OSV
OSV
added 2024/04/04 9:15 a.m.8 views

CVE-2023-36644

Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all order confirmations from the online shop via the printmail plugin...

5.3CVSS5.8AI score0.00955EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/04/04 12:0 a.m.11 views

PT-2024-12573 · Itb Gmbh · Itb-Gmbh Tradepro

Name of the Vulnerable Software and Affected Versions: ITB-GmbH TradePro version 9.5 Description: The issue allows remote attackers to bypass access controls and receive all order confirmations from the online shop via the printmail plugin. Recommendations: For ITB-GmbH TradePro version 9.5,...

7.5CVSS7.4AI score0.00955EPSS
Exploits1References4
Rows per page
Query Builder