Lucene search
K

100 matches found

EUVD
EUVD
โ€ขadded 5 days agoโ€ข6 views

EUVD-2026-42267

Grav before 2.0.0 affected through 2.0.0-rc.9 and the 2.0 branch contains a stored CSS injection vulnerability in the Markdown image resize media action. Prior media hardening rejects direct ?style= payloads and unsafe attribute fallbacks, but the resize action in Excerpts::processMediaActions...

4.8CVSS6.1AI score0.00217EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
โ€ขadded 2026/06/29 4:53 p.m.โ€ข6 views

Malicious code in @content-editor/common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af120addbb0e18e1202a82729c25dc190dba070fee695cc22bcb91c7eea6ad25 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
โ€ขadded 2026/06/29 4:53 p.m.โ€ข10 views

Malicious code in @contenteditor-shared/content-editor-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d9fc086285355b04152703d1c9de2c2a48e3b70580c5f8cb02fa60918e52f47a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
โ€ขadded 2026/06/29 4:53 p.m.โ€ข10 views

MAL-2026-6607 Malicious code in @content-editor/common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af120addbb0e18e1202a82729c25dc190dba070fee695cc22bcb91c7eea6ad25 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
โ€ขadded 2026/06/29 4:53 p.m.โ€ข9 views

MAL-2026-6608 Malicious code in @contenteditor-shared/content-editor-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d9fc086285355b04152703d1c9de2c2a48e3b70580c5f8cb02fa60918e52f47a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
โ€ขadded 2026/06/18 12:0 a.m.โ€ข10 views

Joomla! Extension 'JCE' < 2.9.99.5 Remote Code Execution

The version of the JCE Joomla Content Editor extension for the Joomla! application running on the remote host is prior to 2.9.99.5. It is, therefore, affected by an improper access control vulnerability. The extension allows the creation of new editor profiles for unauthenticated users, ultimatel...

10CVSS6.3AI score0.80425EPSS
Exploits19References3
CISA
CISA
โ€ขadded 2026/06/16 12:0 p.m.โ€ข8 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-48907link is external Widget Factory Joomla Content Editor Improper Access Control Vulnerability This type of vulnerability is a frequent attack vector for...

10CVSS5.5AI score0.80425EPSS
In wildExploits19References7
CISA KEV Catalog
CISA KEV Catalog
โ€ขadded 2026/06/16 12:0 a.m.โ€ข17 views

Widget Factory Joomla Content Editor Improper Access Control Vulnerability

Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users...

10CVSS5.6AI score0.80425EPSS
In wildExploits19
GithubExploit
GithubExploit
โ€ขadded 2026/06/12 9:22 a.m.โ€ข136 views

Exploit for CVE-2026-48907

๐Ÿšจ CVE-2026-48907 - JCE Joomla Content Editor Unauthenticated...

10CVSS6AI score0.80425EPSS
Exploits19
GithubExploit
GithubExploit
โ€ขadded 2026/06/12 8:12 a.m.โ€ข97 views

JoomlaSniper

JoomlaSniper CVE-2026-48907 โ€” Joomla JCE Editor Unauthen...

10CVSS6.7AI score0.80425EPSS
Exploits19
RedhatCVE
RedhatCVE
โ€ขadded 2026/06/05 7:42 p.m.โ€ข9 views

CVE-2025-15369

The Xpro Addons โ€” 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getcontenteditor function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to create...

5.3CVSS5.5AI score0.00248EPSS
Exploits0References1
Cvelist
Cvelist
โ€ขadded 2026/06/05 7:31 a.m.โ€ข81 views

CVE-2026-48907 Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution...

10CVSS0.80425EPSS
Exploits19References1
Vulnrichment
Vulnrichment
โ€ขadded 2026/06/05 7:31 a.m.โ€ข18 views

CVE-2026-48907 Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution...

10CVSS5.6AI score0.80425EPSS
Exploits19References1
NVD
NVD
โ€ขadded 2026/05/20 4:16 a.m.โ€ข15 views

CVE-2025-15369

The Xpro Addons โ€” 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getcontenteditor function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to create...

5.3CVSS0.00248EPSS
Exploits0References2
CVE
CVE
โ€ขadded 2026/05/20 2:27 a.m.โ€ข20 views

CVE-2025-15369

CVE-2025-15369 affects the WordPress plugin Xpro Addons โ€” 140+ Widgets for Elementor. All versions up to and including 1.5.0 are vulnerable due to a missing capability check in the get_content_editor function, enabling unauthenticated attackers to modify data and create published Xpro templates. ...

5.3CVSS5.8AI score0.00248EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
โ€ขadded 2026/05/20 2:27 a.m.โ€ข8 views

CVE-2025-15369

The Xpro Addons โ€” 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getcontenteditor function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to create...

5.3CVSS5.8AI score0.00248EPSS
Exploits0References3
Vulnrichment
Vulnrichment
โ€ขadded 2026/05/20 2:27 a.m.โ€ข9 views

CVE-2025-15369 Xpro Addons โ€” 140+ Widgets for Elementor <= 1.5.0 - Missing Authorization to Unauthenticated Xpro Template Creation

The Xpro Addons โ€” 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getcontenteditor function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to create...

5.3CVSS5.8AI score0.00248EPSS
Exploits0References2
CNNVD
CNNVD
โ€ขadded 2026/05/20 12:0 a.m.โ€ข10 views

WordPress plugin Xpro Addons โ€” 140+ Widgets for Elementor ๅฎ‰ๅ…จๆผๆดž

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS5.8AI score0.00248EPSS
Exploits0References1
Positive Technologies
Positive Technologies
โ€ขadded 2026/05/20 12:0 a.m.โ€ข14 views

PT-2026-42086

The Xpro Addons โ€” 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get content editor function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to create...

5.3CVSS5.8AI score0.00248EPSS
Exploits0References3
EUVD
EUVD
โ€ขadded 2026/04/21 3:32 p.m.โ€ข5 views

EUVD-2026-24135

In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit PHP content can bypass this filtering, resulting in full remote code...

8.8CVSS6.8AI score0.00572EPSS
Exploits0References3
Rows per page
Query Builder