Lucene search
K

166 matches found

CVE
CVE
added 2026/02/19 7:15 p.m.16 views

CVE-2026-26193

Open WebUI (self-hosted, offline) is affected prior to v0.6.44. The vulnerability arises from allowing manual modification of chat history to set the embeds property on a response message, which is loaded into an iframe with an aggressive sandbox (allow-scripts and allow-same-origin) that bypasse...

7.3CVSS5.5AI score0.00198EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.8 views

PT-2026-20918

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.6.44 Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Manually modifying chat history allows setting the embeds property on a response message. The...

7.3CVSS4.8AI score0.00198EPSS
Exploits1References13
RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.4 views

CVE-2023-4799

The Magic Embeds WordPress plugin before 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.5AI score0.00426EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:17 a.m.4 views

CVE-2025-14144

The Mstoic Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'start' parameter of the msyoutubeembeds shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.1AI score0.00228EPSS
Exploits0References1
OSV
OSV
added 2026/01/08 9:47 p.m.4 views

GHSA-MCMC-2M55-J8JJ vLLM introduced enhanced protection for CVE-2025-62164

Summary The fix here for CVE-2025-62164 is not sufficient. The fix only disables prompt embeds by default rather than addressing the root cause, so the DoS vulnerability remains when the feature is enabled. Details vLLM's pending change attempts to fix the root cause, which is the missing sparse...

8.8CVSS6.7AI score0.00831EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/01/08 9:47 p.m.172 views

vLLM introduced enhanced protection for CVE-2025-62164

Summary The fix here for CVE-2025-62164 is not sufficient. The fix only disables prompt embeds by default rather than addressing the root cause, so the DoS vulnerability remains when the feature is enabled. Details vLLM's pending change attempts to fix the root cause, which is the missing sparse...

8.8CVSS6.8AI score0.00831EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.3 views

WordPress plugin Mstoic Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin ... A cross-site...

6.4CVSS5.8AI score0.00228EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.5 views

PT-2026-1631

Name of the Vulnerable Software and Affected Versions Mstoic Shortcodes plugin for WordPress versions prior to 2.1 Description The Mstoic Shortcodes plugin for WordPress is susceptible to Stored Cross-Site Scripting. This occurs through the start parameter of the ms youtube embeds shortcode due t...

6.4CVSS6AI score0.00228EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-15871

Malware in sbrugna...

5.4CVSS5.8AI score0.02094EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-5672

Malicious code in bioql PyPI...

7.1CVSS6.6AI score0.00363EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-3271

Malicious code in bioql PyPI...

7.7CVSS6.3AI score0.00243EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-17143

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00174EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-8611

Malicious code in bioql PyPI...

6.5CVSS9AI score0.00193EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-46135

Malicious code in bioql PyPI...

10CVSS8.6AI score0.00527EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-25237

Malicious code in bioql PyPI...

9.6CVSS6.5AI score0.00634EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2020-28033

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. CVE-2020-28033 Note that Nessus...

7.5CVSS7.4AI score0.02622EPSS
Exploits0References2
OSV
OSV
added 2025/07/25 1:17 p.m.5 views

OESA-2025-1912 thunderbird security update

Security Fixes: A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox 140, Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12.CVE-2025-6424 An attacker who enumerated resources from the WebCompat extension coul...

9.8CVSS6.2AI score0.03057EPSS
Exploits0References5
OSV
OSV
added 2025/06/27 6:15 a.m.6 views

CVE-2025-5194

The WP Map Block WordPress plugin before 2.0.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

4.8CVSS5.8AI score0.00204EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/08 1:19 p.m.8 views

CVE-2025-49429

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ryan Burnette Video Embeds video-embeds allows Stored XSS.This issue affects Video Embeds: from n/a through = 0.1.1...

6.5CVSS5.9AI score0.00174EPSS
Exploits0References1
NVD
NVD
added 2025/06/06 1:15 p.m.17 views

CVE-2025-49429

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ryan Burnette Video Embeds video-embeds allows Stored XSS.This issue affects Video Embeds: from n/a through = 0.1.1...

6.5CVSS0.00174EPSS
Exploits0References1
Rows per page
Query Builder