Lucene search
K

1177957 matches found

RedhatCVE
RedhatCVE
added 6 hours ago4 views

CVE-2026-9719

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the changestatus function. This makes it possible for...

4.3CVSS5.5AI score0.00014EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 6 hours ago5 views

CVE-2026-8900

The Simple SEO Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS5.7AI score0.00032EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 6 hours ago6 views

CVE-2026-7047

The Frontend User Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the funpajaxmodifynotes function. This makes it possible for unauthenticated attackers to trick a logged-in...

4.3CVSS5.3AI score0.00015EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 6 hours ago6 views

CVE-2026-8893

The Express Payment For Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the stripe-express shortcode in versions up to, and including, 1.28.0. This is due to insufficient input sanitization and output escaping on the shortcode attribute value,...

6.4CVSS5.7AI score0.0003EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 6 hours ago5 views

CVE-2026-46396

HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting XSS vulnerability exists in versions prior to 26.0.0 due to improper sanitization of elements. The application allows javascript: URIs in the src attribute, which are executed when a malicious page ...

9.3CVSS5.6AI score0.00047EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added yesterday7 views

CVE-2026-11337

A vulnerability was found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected by this vulnerability is an unknown functionality of the file /dashboardpage/forms/fetch.php. The manipulation of the argument...

5.3CVSS4AI score0.00036EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added yesterday8 views

CVE-2026-50232

Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM. Attackers can craft files with XSS payloads in metadata tags that execute in the web interface when user...

7.2CVSS5.3AI score0.00029EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added yesterday7 views

CVE-2026-50231

Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in the log viewer that allows attackers to inject malicious scripts by exploiting unescaped template variables. Attackers can inject XSS payloads through search, lines, and path query parameters or by...

7.2CVSS5.6AI score0.00043EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-50230

Lyrion Music Server 9.2.0 contains an unauthenticated reflected cross-site scripting vulnerability in the server.log endpoint that allows attackers to inject arbitrary HTML and JavaScript code through the search parameter. Attackers can craft malicious URLs with JavaScript payloads in the search...

6.1CVSS5.6AI score0.00036EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added yesterday8 views

CVE-2026-50235

Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attackers can inject malicious scripts through unfiltered search parameters to execute arbitrary JavaScri...

6.1CVSS5.6AI score0.00029EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-46511

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored XSS alongside dynamic token exposure in the /system/api/connectionSettings endpoint allows an authenticated attacker to perform a complete cross-tenant account takeover...

8.7CVSS5.5AI score0.00071EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-45327

TinyIce is a streaming server for audio and video. In versions 0.8.95 through 2.4.1, missing authentication on WebRTC ingest endpoint allows unauthenticated stream injection. Version 2.5.0 fixes the issue by requiring either HTTP Basic auth or a ?password= query parameter, comparing the supplied...

8.2CVSS5.5AI score0.00071EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-48925

A cross-site request forgery CSRF vulnerability in Jenkins GitHub Integration Plugin 0.7.3 and earlier allows attackers to attackers to trigger a build for a pull request...

4.3CVSS5.4AI score0.00017EPSS
Exploits0References1
NVD
NVD
added yesterday7 views

CVE-2026-11436

A vulnerability was detected in Mage AI up to 0.9.79. This impacts the function useMutation of the file mageai/frontend/components/Sessions/SignForm/index.tsx of the component Sign-in Flow. Performing a manipulation of the argument query.redirecturl results in cross site scripting. Remote...

5.3CVSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-11436

A vulnerability was detected in Mage AI up to 0.9.79. This impacts the function useMutation of the file mageai/frontend/components/Sessions/SignForm/index.tsx of the component Sign-in Flow. Performing a manipulation of the argument query.redirecturl results in cross site scripting. Remote...

5.3CVSS4AI score
Exploits0References5
CVE
CVE
added yesterday11 views

CVE-2026-11436

Mage AI up to version 0.9.79 is affected in the Sign-in Flow. The vulnerability is in the useMutation function within mage_ai/frontend/components/Sessions/SignForm/index.tsx, where manipulating the query.redirect_url argument triggers cross site scripting. Remote exploitation is possible, and the...

5.3CVSS4.1AI score
Exploits0References5
Cvelist
Cvelist
added yesterday11 views

CVE-2026-11436 Mage AI Sign-in Flow index.tsx useMutation cross site scripting

A vulnerability was detected in Mage AI up to 0.9.79. This impacts the function useMutation of the file mageai/frontend/components/Sessions/SignForm/index.tsx of the component Sign-in Flow. Performing a manipulation of the argument query.redirecturl results in cross site scripting. Remote...

5.3CVSS
Exploits0References5
EUVD
EUVD
added yesterday5 views

EUVD-2026-34971

A vulnerability was detected in Mage AI up to 0.9.79. This impacts the function useMutation of the file mageai/frontend/components/Sessions/SignForm/index.tsx of the component Sign-in Flow. Performing a manipulation of the argument query.redirecturl results in cross site scripting. Remote...

5.3CVSS4AI score
Exploits0References5
NVD
NVD
added yesterday6 views

CVE-2026-11434

A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could...

4.8CVSS
Exploits0References5
Debian
Debian
added yesterday5 views

[SECURITY] [DSA 6324-1] request-tracker5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6324-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 06, 2026 https://www.debian.org/security/faq -...

8.8CVSS5.5AI score0.0007EPSS
Exploits0
Rows per page
Query Builder