347 matches found
EUVD-2026-39777
Zed Attack Proxy ZAP ViewState add-on before version 4 contains an insecure deserialization vulnerability that allows attackers who control a proxied web server to achieve arbitrary code execution by embedding a malicious serialized Java object in the javax.faces.ViewState HTTP response parameter...
CVE-2026-57527
Zed Attack Proxy ZAP ViewState add-on before version 4 contains an insecure deserialization vulnerability that allows attackers who control a proxied web server to achieve arbitrary code execution by embedding a malicious serialized Java object in the javax.faces.ViewState HTTP response parameter...
CVE-2026-57527
CVE-2026-57527 affects the Zed Attack Proxy (ZAP) ViewState add-on prior to version 4. The vulnerability arises in the JSFViewState.decode() path, which base64-decodes the javax.faces.ViewState value and passes it directly to ObjectInputStream.readObject() without a deserialization filter, allowl...
CVE-2026-8038
The Faces of Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in the 'facesofusers' shortcode in all versions up to, and including, 0.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
CVE-2026-8038
The Faces of Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in the 'facesofusers' shortcode in all versions up to, and including, 0.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
CVE-2026-8038
The Faces of Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in the 'facesofusers' shortcode in all versions up to, and including, 0.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
CVE-2026-8038
The CVE concerns the WordPress plugin Faces of Users, vulnerable to Stored Cross-Site Scripting via the default shortcode attribute in the facesofusers shortcode, affecting all versions up to 0.0.3. Root cause: insufficient input sanitization and output escaping. Exploitation requires authenticat...
CVE-2026-8038 Faces of Users <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'default' Shortcode Attribute
The Faces of Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in the 'facesofusers' shortcode in all versions up to, and including, 0.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
EUVD-2026-31043
The Faces of Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in the 'facesofusers' shortcode in all versions up to, and including, 0.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
CVE-2026-8038 Faces of Users <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'default' Shortcode Attribute
The Faces of Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in the 'facesofusers' shortcode in all versions up to, and including, 0.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
WordPress plugin Faces of Users 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...
PT-2026-42075
Name of the Vulnerable Software and Affected Versions Faces of Users versions prior to 0.0.4 Description The Faces of Users plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping within the default attribute of the...
WordPress Faces of Users plugin <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Faces of Users versions = 0.0.3...
EUVD-2026-28794
OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote Code Execution RCE. This affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g...
JLSEC-2026-192
A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function LWOImporter::CountVertsAndFacesLWO2 of the file assimp/code/AssetLib/LWO/LWOLoader.cpp. The manipulation leads to out-of-bounds read. The attack needs to be...
Oracle Application Development Framework 安全漏洞
The Oracle Application Development Framework is an enterprise-level application development framework developed by Oracle, a company in the United States. Versions 12.2.1.4.0 and 14.1.2.0.0.0 of the Oracle Application Development Framework contain security vulnerabilities. These vulnerabilities...
co.luminositylabs.oss.ica.migration:legacy-data-viewer-webapp (=0.2.0), com.aripd:aricom (=1.0) +13 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=2.1 <=2.7.1)
org.omnifaces:omnifaces MAVEN version =2.1, =2.2.3, =2.2.3, =2.2.3, =2.2.3, =2.2.3, =1.0.0-RC1, =1.0.0, =0.1, =0.14 Source cves: CVE-2026-41883 Source advisory: OSV:GHSA-VP6R-9M58-5XV8...
DHS Wants a Single Search Engine to Flag Faces and Fingerprints Across Agencies
Homeland Security aims to combine its face and fingerprint systems into one big biometric platform—after dismantling centralized privacy reviews and key limits on face recognition...
br.com.jarch:jarch-apt (>=20.3.0 <=24.1.0), br.com.jarch:jarch-core (>=20.3.0 <=24.1.0) +15 more potentially affected by CVE-2025-64087 via fr.opensagres.xdocreport:fr.opensagres.xdocreport.template.freemarker (>=0.9.5 <=2.1.0)
fr.opensagres.xdocreport:fr.opensagres.xdocreport.template.freemarker MAVEN version =0.9.5, =20.3.0, =20.3.0, =2.23.5, =24.2.0, =23.1.0, =2.23.0, =1.0.4, =1.0.2, =1.0.1, =1.3.0, =1.3.0, =0.9.5, =1.0.6-1, =2.0.0-M3, =1.16.0, =1.16.2 and more Source cves: CVE-2025-64087 Source advisory:...
br.com.jarch:jarch-apt (>=20.3.0 <=24.1.0), br.com.jarch:jarch-core (>=20.3.0 <=24.1.0) +50 more potentially affected by CVE-2025-65482 via fr.opensagres.xdocreport:fr.opensagres.xdocreport.document (>=0.9.2 <=2.0.3)
fr.opensagres.xdocreport:fr.opensagres.xdocreport.document MAVEN version =0.9.2, =20.3.0, =20.3.0, =2.23.5, =24.2.0, =23.1.0, =2.23.0, =2.0, =2.0, =2.0, =2.2.4, =2.0, =2.2.4, =2.2.4, =2.2.4, =2.2.7 and more Source cves: CVE-2025-65482 Source advisory: OSV:GHSA-7JC7-G598-2P64...