Lucene search
K

25 matches found

NVD
NVD
added 2026/05/21 5:16 a.m.32 views

CVE-2026-1543

The Avada Fusion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 3.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS0.00337EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/21 4:28 a.m.11 views

CVE-2026-1543 Avada (Fusion) Builder <= 3.15.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Shortcodes

The Avada Fusion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 3.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS6AI score0.00337EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 12:23 p.m.5 views

CVE-2018-14860

Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression sandbox and execute arbitrary code on the hosting system...

9.1CVSS7.6AI score0.02211EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/28 2:38 a.m.5 views

CVE-2025-62982

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sarah Giles Dynamic User Directory dynamic-user-directory allows Stored XSS.This issue affects Dynamic User Directory: from n/a through = 2.3...

5.9CVSS6AI score0.00163EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/27 3:30 a.m.6 views

EUVD-2025-35963

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sarah Giles Dynamic User Directory dynamic-user-directory allows Stored XSS.This issue affects Dynamic User Directory: from n/a through = 2.3...

5.4CVSS5.5AI score0.00163EPSS
Exploits0References2
NVD
NVD
added 2025/10/27 2:15 a.m.6 views

CVE-2025-62982

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sarah Giles Dynamic User Directory dynamic-user-directory allows Stored XSS.This issue affects Dynamic User Directory: from n/a through = 2.3...

5.9CVSS0.00163EPSS
Exploits0References1
CVE
CVE
added 2025/10/27 1:34 a.m.12 views

CVE-2025-62982

CVE-2025-62982 : WordPress plugin Dynamic User Directory (&lt;= v2.3) contains a stored XSS flaw due to improper input neutralization during page generation. Wordfence corroborates the CVE and notes the issue affects Dynamic User Directory

5.9CVSS5.6AI score0.00163EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/27 1:34 a.m.10 views

CVE-2025-62982 WordPress Dynamic User Directory plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sarah Giles Dynamic User Directory dynamic-user-directory allows Stored XSS.This issue affects Dynamic User Directory: from n/a through = 2.3...

5.9CVSS0.00163EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/27 1:34 a.m.3 views

CVE-2025-62982 WordPress Dynamic User Directory plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sarah Giles Dynamic User Directory dynamic-user-directory allows Stored XSS.This issue affects Dynamic User Directory: from n/a through = 2.3...

5.9CVSS5.6AI score0.00163EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.4 views

PT-2025-43854

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sarah Giles Dynamic User Directory dynamic-user-directory allows Stored XSS.This issue affects Dynamic User Directory: from n/a through = 2.3...

5.4CVSS6AI score0.00163EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.4 views

WordPress plugin Dynamic User Directory 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

5.9CVSS5.8AI score0.00163EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/10/21 2:15 p.m.5 views

WordPress Dynamic User Directory plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jin Yub in WordPress Plugin Dynamic User Directory versions = 2.3...

5.4CVSS6.1AI score0.00163EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-6742

Malware in sbrugna...

9.1CVSS9.3AI score0.02211EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/06/29 10:25 p.m.350 views

Exploit for SQL Injection in Mayurik Best_Salon_Management_System

CVE-2025-6860 Exploit Tool A proof‑of‑concept command‑line to...

8.8CVSS7.1AI score0.00361EPSS
Exploits2
OSV
OSV
added 2024/04/17 10:15 a.m.1 views

UBUNTU-CVE-2024-26822

In the Linux kernel, the following vulnerability has been resolved: smb: client: set correct id, uid and cruid for multiuser automounts When uid, gid and cruid are not specified, we need to dynamically set them into the filesystem context used for automounting otherwise they'll end up reusing the...

5.5CVSS6.2AI score0.00225EPSS
Exploits0References18
SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.4 views

SUSE CVE-2019-3843

It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially...

4.5CVSS6.7AI score0.00912EPSS
Exploits0References28
OSV
OSV
added 2022/05/13 1:36 a.m.2 views

GHSA-9V72-P5P3-9W65 Exposure of Sensitive Information to an Unauthorized Actor in Jenkins-mailer-plugin

jenkins-mailer-plugin before version 1.20 is vulnerable to an information disclosure while using the feature to send emails to a dynamically created list of users based on the changelogs. This could in some cases result in emails being sent to people who have no user account in Jenkins, and in ra...

3.7CVSS5.9AI score0.01633EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2021/06/15 2:47 p.m.30 views

Insider Risks In the Work-From-Home World

The employee who exfiltrated data after being fired. The employees who exposed 250 million customer records. The employee who stole trade secrets to get a leg up in his next job because hey, after all, it’s “his” work that he’s taking, right? Those are our traditional notions of insider risk and...

7.1AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/04/28 3:46 p.m.12 views

systemd: services with DynamicUser can create SUID/SGID binaries

It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially...

7.8CVSS5.8AI score0.00912EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/04/28 3:46 p.m.7 views

systemd: services with DynamicUser can get new privileges and create SGID binaries

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow a cooperating process to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to...

7.8CVSS5.9AI score0.00888EPSS
Exploits2References4
Rows per page
Query Builder