Lucene search
K

5229 matches found

CVE
CVE
•added yesterday•5 views

CVE-2025-71382

MuPDF prior to 1.27.0-rc1 is affected by an uncontrolled recursion in the EPUB CSS rendering engine. The function value_from_inheritable_property() in css-apply.c recurses through the CSS property inheritance chain without a depth limit, enabling remote attackers to trigger a denial of service by...

7.1CVSS6AI score
Exploits0References4
Nuclei
Nuclei
•added yesterday•6 views

Unlimited Elements for Elementor <= 1.5.93 - Cross Site Scripting

Unlimited Elements For Elementor Free Widgets, Addons, Templates versions up to 1.5.93 contain a reflected cross-site scripting caused by improper neutralization of input during web page generation, letting attackers execute malicious scripts in the victim's browser, exploit requires attacker to...

7.1CVSS7.2AI score0.0074EPSS
Exploits0References3
Nuclei
Nuclei
•added yesterday•31 views

WordPress Shortcodes and Extra Features for Phlox <2.9.8 - Cross-Site Scripting

WordPress Shortcodes and extra features plugin for the Phlox theme before 2.9.8 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the response. An attacker can inject arbitrary script in the browser of an unsuspecting...

6.1CVSS6.4AI score0.01205EPSS
Exploits1References5
NVD
NVD
•added 2 days ago•7 views

CVE-2026-50555

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.16, 20.3.24, and 19.2.25, a Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino wh...

8.6CVSS0.00343EPSS
Exploits0References2
NVD
NVD
•added 2 days ago•6 views

CVE-2026-52725

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/core package allows bypassing script-execution restrictions during dynamic component...

5.3CVSS0.00404EPSS
Exploits0References3
NVD
NVD
•added 2 days ago•6 views

CVE-2026-50557

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22 and 19.2.22, an issue in the @angular/compiler and @angular/core packages allows bypassing element and attribute...

5.3CVSS0.00336EPSS
Exploits0References3
CVE
CVE
•added 2 days ago•12 views

CVE-2026-52725

Angular CVE-2026-52725 concerns an issue in the @angular/core dynamic component creation flow. The vulnerability allows bypassing script-execution restrictions by mounting a dynamic component directly onto a [removed] tag or namespaced script element when a user-controlled host/selector is suppli...

5.3CVSS6AI score0.00404EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
•added 2 days ago•3 views

CVE-2026-50557

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22 and 19.2.22, an issue in the @angular/compiler and @angular/core packages allows bypassing element and attribute...

5.3CVSS5.8AI score0.00336EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
•added 2 days ago•28 views

CVE-2026-50557 Angular: Template and Attribute Namespace Sanitization Bypass (XSS)

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22 and 19.2.22, an issue in the @angular/compiler and @angular/core packages allows bypassing element and attribute...

5.3CVSS0.00336EPSS
Exploits0References3
EUVD
EUVD
•added 2 days ago•5 views

EUVD-2026-38257

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22 and 19.2.22, an issue in the @angular/compiler and @angular/core packages allows bypassing element and attribute...

5.3CVSS5.8AI score0.00336EPSS
Exploits0References3
NVD
NVD
•added 2 days ago•5 views

CVE-2026-56424

MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, or where ownership/editability checks were missing on write paths. In affected subsystems, a lower-privileged authenticated user with the relevant feature permission could...

8.8CVSS0.00313EPSS
Exploits0References5
EUVD
EUVD
•added 2 days ago•6 views

EUVD-2026-38227

MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, or where ownership/editability checks were missing on write paths. In affected subsystems, a lower-privileged authenticated user with the relevant feature permission could...

7.1CVSS5.9AI score0.00313EPSS
Exploits0References5
Nuclei
Nuclei
•added 2 days ago•20 views

Jeg Elementor Kit < 2.5.7 - Unauthenticated Settings Update

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...

8.6CVSS7.1AI score0.01594EPSS
Exploits1References4
AstraLinux
AstraLinux
•added 5 days ago•8 views

Astra Linux – Vulnerability in Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: restore set elements when delete set fails From the abort path, nftmapelemactivate needs to restore refcounters to their original state. Currently, it uses set-ops-walk to iterate over these set elements. The...

5.5CVSS6.1AI score0.00262EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 5 days ago•10 views

PT-2026-51122

Name of the Vulnerable Software and Affected Versions Symfony UX Icons affected versions not specified Description The ux icon Twig function is marked as safe for HTML, which prevents Twig from escaping its output. The Icon::toHtml function inlines SVG source code directly into the page. Because...

6.1CVSS5.5AI score
Exploits0References5
EUVD
EUVD
•added last week•8 views

EUVD-2026-37668

Contributor Arbitrary File Upload in Unlimited Elements for Elementor Premium = 2.0.6 versions...

9.9CVSS5.2AI score0.00319EPSS
Exploits0References2
NVD
NVD
•added last week•6 views

CVE-2026-54812

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in StylemixThemes Motors allows Blind SQL Injection. This issue affects Motors: from n/a through 1.4.109...

9.3CVSS0.00291EPSS
Exploits0References1
NVD
NVD
•added last week•8 views

CVE-2026-27041

Contributor Arbitrary File Upload in Unlimited Elements for Elementor Premium = 2.0.6 versions...

9.9CVSS0.00319EPSS
Exploits0References1
CVE
CVE
•added last week•15 views

CVE-2026-27041

CVE-2026-27041 : Affected software is WordPress Unlimited Elements for Elementor – Premium, versions

9.9CVSS5.2AI score0.00319EPSS
Exploits0References1
Cvelist
Cvelist
•added last week•26 views

CVE-2026-27041 WordPress Unlimited Elements for Elementor (Premium) plugin <= 2.0.6 - Arbitrary File Upload vulnerability

Contributor Arbitrary File Upload in Unlimited Elements for Elementor Premium = 2.0.6 versions...

9.9CVSS0.00319EPSS
Exploits0References1
Rows per page
Query Builder