Lucene search
K

1256 matches found

CVE
CVE
added 2026/05/19 11:1 a.m.22 views

CVE-2026-7860

CVE-2026-7860 describes an information-disclosure risk in Vaadin build tools: Vaadin Maven/Gradle plugins can print the full set of environment variables to build logs when a frontend build fails (non-zero exit). This can expose credentials/secrets in CI logs and artifacts. Affected ranges and fi...

5.8CVSS5.8AI score0.00117EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 11:1 a.m.13 views

CVE-2026-7860 Possible information disclosure of environment variables in Vaadin Build Plugins via Failed Frontend Build

A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. Because the build environment may contain credentials...

5.8CVSS5.8AI score0.00117EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/18 12:24 p.m.18 views

org.wildfly.core:wildfly-elytron-integration: Wildfly Elytron Brute Force Attack via CLI

A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI...

8.1CVSS7.2AI score0.00817EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/18 12:21 p.m.15 views

org.wildfly.core:wildfly-elytron-integration: Wildfly Elytron Brute Force Attack via CLI

A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI...

8.1CVSS7.2AI score0.00817EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/18 12:12 p.m.24 views

org.wildfly.core:wildfly-elytron-integration: Wildfly Elytron Brute Force Attack via CLI

A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI...

8.1CVSS7.2AI score0.00817EPSS
Exploits1References5
Packet Storm News
Packet Storm News
added 2026/05/18 12:0 a.m.13 views

Apple Security Advisory 05-11-2026-4

Apple Security Advisory 05-11-2026-4 - iOS 16.7.16 and iPadOS 16.7.16 addresses a failed deletion issue...

6.2CVSS6AI score0.0288EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/18 12:0 a.m.23 views

Apple Security Advisory 05-11-2026-5

Apple Security Advisory 05-11-2026-5 - iOS 15.8.8 and iPadOS 15.8.8 addresses a failed deletion issue...

6.2CVSS6AI score0.0288EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/18 12:0 a.m.10 views

Apple Security Advisory 05-11-2026-3

Apple Security Advisory 05-11-2026-3 - iPadOS 17.7.11 addresses a failed deletion issue...

6.2CVSS6AI score0.0288EPSS
Exploits0
CVE
CVE
added 2026/05/14 1:52 p.m.25 views

CVE-2026-21730

CVE-2026-21730 affects Verba. A stored XSS exists in the login logging path: when an unauthenticated attacker logs in with an incorrect username, the username is recorded without sanitization and can execute in the admin’s browser via the log viewer. Impact aligned to CVSS v4.0 metrics (base scor...

6.1CVSS5.8AI score0.00205EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/14 1:52 p.m.7 views

CVE-2026-21730 Stored XSS in Verba

Verba is affected by a Stored Cross-Site Scripting XSS vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of...

5.3CVSS5.8AI score0.00205EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 1:52 p.m.29 views

EUVD-2026-30284

Verba is affected by a Stored Cross-Site Scripting XSS vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of...

5.3CVSS5.8AI score0.00205EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 6:16 a.m.9 views

CVE-2026-6417

The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failedorders' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/14 5:30 a.m.37 views

CVE-2026-6417 GLS Shipping for WooCommerce <= 1.4.0 - Reflected Cross-Site Scripting via 'failed_orders'

The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failedorders' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS0.00168EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/14 5:30 a.m.8 views

EUVD-2026-30236

The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failedorders' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS6AI score0.00168EPSS
Exploits0References2
CVE
CVE
added 2026/05/14 5:30 a.m.14 views

CVE-2026-6417

The GLS Shipping for WooCommerce plugin for WordPress has a Reflected Cross-Site Scripting vulnerability (CVE-2026-6417) in the failed_orders parameter across all versions up to 1.4.0, caused by insufficient input sanitization and output escaping. Unauthenticated attackers can inject scripts in p...

6.1CVSS6AI score0.00168EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/14 5:30 a.m.8 views

CVE-2026-6417 GLS Shipping for WooCommerce <= 1.4.0 - Reflected Cross-Site Scripting via 'failed_orders'

The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failedorders' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS6AI score0.00168EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/14 5:30 a.m.8 views

CVE-2026-6417

The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failedorders' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS6AI score0.00168EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.18 views

PT-2026-40874

The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failed orders' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS6AI score0.00168EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

WordPress plugin GLS Shipping for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.1CVSS5.6AI score0.00168EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.15 views

Verint Verba 跨站脚本漏洞

Verint Verba is an enterprise-level compliance communication recording and interaction archiving platform developed by Verint Corporation in the United States. Verint Verba has a cross-site scripting vulnerability. This vulnerability stems from a lack of input sanitization in the login logging...

6.1CVSS5.7AI score0.00205EPSS
Exploits0References1
Rows per page
Query Builder