Lucene search
K

15416 matches found

EUVD
EUVD
added 4 days ago5 views

EUVD-2026-41244

The Envo's Templates & Widgets for Elementor and WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing authorization check on the Envo Tabs and Off Canvas widget's template rendering in versions up to, and including, 1.4.26. The render method of the Tabs...

4.3CVSS5.7AI score0.00223EPSS
Exploits0References8
Snyk
Snyk
added 5 days ago1 views

Cross-site Scripting (XSS)

Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the dynamic image URL generator view within the admin interface. An attacker with a limited-permission editor account can execute arbitrary...

8.5CVSS5.8AI score0.00203EPSS
Exploits0References2
NVD
NVD
added 5 days ago7 views

CVE-2026-54263

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, reflected cross-site scripting XSS vulnerability exists on the dynamic image URL generator view within the Wagtail admin interface. A user with a limited-permission editor account for...

7.3CVSS0.00203EPSS
Exploits0References1
NVD
NVD
added 5 days ago5 views

CVE-2026-55886

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. Versions prior to 4.12.26 are vulnerable to Prototype Pollution through Jodit.modules.Helpers.setchain, value, obj, which walks the dot-separated chain, creating and following each path segment...

6.3CVSS0.00315EPSS
Exploits0References1
NVD
NVD
added 5 days ago5 views

CVE-2026-58263

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in clean-html sanitizer can be bypassed by a MathML/ carrier that hides a dangerous element from the sanitizer's element walk, so a no-interaction event...

7.2CVSS0.00179EPSS
Exploits0References1
NVD
NVD
added 5 days ago6 views

CVE-2026-54756

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.18, Jodit.configureoptions — and the internal ConfigMerge / ConfigProto helpers — merged user-supplied options into the editor configuration without filtering...

6.3CVSS0.00273EPSS
Exploits0References1
CVE
CVE
added 5 days ago10 views

CVE-2026-54263

Wagtail (Django-based CMS) has a reflected XSS in the dynamic image URL generator view within the admin. A limited-permission editor could craft a URL that, when seen by a higher-privilege user, could act with that user’s credentials. Affected versions: < 7.0.8, < 7.3.3,

7.3CVSS5.5AI score0.00203EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-58263 Jodit Editor: Mutation XSS in jodit clean-html via a MathML/style rawtext carrier

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in clean-html sanitizer can be bypassed by a MathML/ carrier that hides a dangerous element from the sanitizer's element walk, so a no-interaction event...

7.2CVSS0.00179EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago3 views

CVE-2026-58263

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in clean-html sanitizer can be bypassed by a MathML/...

7.2CVSS5.8AI score0.00179EPSS
Exploits0References2Affected Software1
CVE
CVE
added 5 days ago10 views

CVE-2026-58263

CVE-2026-58263 affects Jodit Editor prior to 4.12.28. The built‑in clean-html sanitizer can be bypassed via a MathML/ carrier, allowing a no‑interaction event handler (e.g., onload) to survive in the editor value. When attacker‑supplied HTML is rendered (element.innerHTML = editor.value), the han...

7.2CVSS5.7AI score0.00179EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-54756 Jodit Editor: Prototype pollution via Jodit.configure() / ConfigMerge

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.18, Jodit.configureoptions — and the internal ConfigMerge / ConfigProto helpers — merged user-supplied options into the editor configuration without filtering...

6.3CVSS0.00273EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago3 views

CVE-2026-54756

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.18, Jodit.configureoptions — and the internal ConfigMerge / ConfigProto helpers — merged user-supplied options into the editor configuration without filtering...

6.3CVSS5.7AI score0.00273EPSS
Exploits0References2Affected Software1
CVE
CVE
added 5 days ago12 views

CVE-2026-54756

The CVE pertains to Jodit Editor (TypeScript WYSIWYG) where versions prior to 4.12.18 expose a Prototype Pollution risk via Jodit.configure(options) and internal ConfigMerge/ConfigProto, which may merge user-controlled options (e.g., under a plain-object option like controls) into Object.prototyp...

6.3CVSS5.7AI score0.00273EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-55886

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. Versions prior to 4.12.26 are vulnerable to Prototype Pollution through Jodit.modules.Helpers.setchain, value, obj, which walks the dot-separated chain, creating and following each path segment...

6.3CVSS5.7AI score0.00315EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-55886 Jodit Editor: Prototype Pollution in Jodit via Jodit.modules.Helpers.set()

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. Versions prior to 4.12.26 are vulnerable to Prototype Pollution through Jodit.modules.Helpers.setchain, value, obj, which walks the dot-separated chain, creating and following each path segment...

6.3CVSS0.00315EPSS
Exploits0References1
CVE
CVE
added 5 days ago17 views

CVE-2026-55886

CVE-2026-55886 — Jodit Prototype Pollution Affected software: Jodit Editor (npm package) up to version 4.12.25 (vulnerability fixed in 4.12.26). Root cause: Prototype pollution via Jodit.modules.Helpers.set(chain, value, obj) which walks a dot-separated path and creates path segments without filt...

6.3CVSS5.7AI score0.00315EPSS
Exploits0References1
Debian CVE
Debian CVE
added 5 days ago5 views

CVE-2026-55595

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when providing invalid arguments to the connected-components option an infinite loop will occur. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26...

4.7CVSS5.8AI score0.0009EPSS
Exploits0
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-40497

Use after free in IME in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.2AI score0.00351EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago4 views

PT-2026-54911

Name of the Vulnerable Software and Affected Versions Jodit Editor versions prior to 4.12.28 Description The built-in clean-html sanitizer can be bypassed using a MathML/ carrier. This technique hides dangerous elements from the sanitizer's element walk, allowing no-interaction event handlers to...

7.2CVSS5.9AI score0.00179EPSS
Exploits0References4
NVD
NVD
added 6 days ago4 views

CVE-2026-13811

Use after free in IME in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00351EPSS
Exploits0References2
Rows per page
Query Builder