Lucene search
K

10268 matches found

EUVD
EUVD
added 2026/01/15 3:52 p.m.6 views

EUVD-2026-2767

Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, potentially enabling session hijacking and persistent...

7.2CVSS5.8AI score0.00252EPSS
Exploits1References5
CVE
CVE
added 2026/01/15 3:52 p.m.13 views

CVE-2021-47764

AbsoluteTelnet 11.24 is affected by a denial-of-service vulnerability triggered by crafting a 1000-character payload and injecting it into the DialUp connection and license name fields. The vulnerability description across sources specifies that local attackers can crash the application, causing ...

6.7CVSS6AI score0.00174EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/15 7:23 a.m.11 views

CVE-2026-0813

The Short Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'shortlinkposttitle' and 'shortlinkpagetitle' parameters in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

4.4CVSS5AI score0.002EPSS
Exploits0References1
NVD
NVD
added 2026/01/15 6:16 a.m.6 views

CVE-2025-14448

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4CVSS0.00187EPSS
Exploits0References2
OSV
OSV
added 2026/01/15 6:16 a.m.2 views

CVE-2025-14448

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4CVSS5.9AI score0.00187EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/15 5:24 a.m.4 views

EUVD-2026-2829

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4CVSS4.7AI score0.00187EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/15 5:24 a.m.22 views

CVE-2025-14448 WP-Members Membership Plugin <= 3.5.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fields

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4CVSS0.00187EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/15 5:24 a.m.2 views

CVE-2025-14448

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4CVSS5.7AI score0.00187EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/15 5:24 a.m.4 views

CVE-2025-14448 WP-Members Membership Plugin <= 3.5.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fields

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4CVSS4.8AI score0.00187EPSS
Exploits0References2
CVE
CVE
added 2026/01/15 5:24 a.m.19 views

CVE-2025-14448

Summary: CVE-2025-14448 affects the WordPress WP-Members Membership Plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw in the Multiple Checkbox and Multiple Select user profile fields. The issue arises from insufficient input sanitization and output escaping in all versions up ...

5.4CVSS4.8AI score0.00187EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/15 3:18 a.m.5 views

CVE-2025-71101

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing The hppopulateelementsfrompackage functions in the hp-bioscfg driver contain out-of-bounds array access vulnerabilities. These functions parse ACPI...

6.1AI score0.00117EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.8 views

PT-2026-2982

Name of the Vulnerable Software and Affected Versions WP-Members Membership Plugin versions up to and including 3.5.4.3 Description The WP-Members Membership Plugin for WordPress is susceptible to Stored Cross-Site Scripting through the Multiple Checkbox and Multiple Select user profile fields...

5.4CVSS5.6AI score0.00187EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.4 views

Bdtask Isshue Shopping Cart security vulnerability

Bdtask Isshue Shopping Cart is an e-commerce shopping cart software system developed by the Bangladeshi company Bdtask. Version 3.5 of Bdtask Isshue Shopping Cart contains a security vulnerability. This vulnerability stems from persistent cross-site scripting in the title input fields of the...

5.1CVSS5.6AI score0.00252EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.4 views

Celestial AbsoluteTelnet Buffer Error Vulnerability

Celestial AbsoluteTelnet is a Telnet/SSH terminal client software developed by the American company Celestial. Version 11.24 of Celestial AbsoluteTelnet contains a buffer error vulnerability. This vulnerability stems from manipulating the DialUp connection and license name fields, which could all...

6.7CVSS6AI score0.00174EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.4 views

PT-2026-3046

RDP Manager 4.9.9.3 contains a denial of service vulnerability in connection input fields that allows local attackers to crash the application. Attackers can add oversized entries in Verbindungsname and Server fields to permanently freeze and crash the software, potentially requiring full...

6.8CVSS6.5AI score0.00224EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.4 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002018)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002018 advisory. The sctpsfdo51Dce function in net/sctp/smstatefuns.c in the Linux kernel through 3.13.6 does not validate certain authenable and authcapable fields before making an...

7.8CVSS6.1AI score0.06988EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2026/01/14 11:19 p.m.13 views

CVE-2022-50937

Ametys CMS v4.4.1 contains a persistent cross-site scripting vulnerability in the link directory's input fields for external links. Attackers can inject malicious script code in link text and descriptions to execute persistent attacks that compromise user sessions and manipulate application modul...

6.1CVSS6.5AI score0.00262EPSS
Exploits1References1
Snyk
Snyk
added 2026/01/14 9:15 p.m.3 views

SQL Injection

Overview pimcore/pimcore is a content & product management framework CMS/PIM/E-Commerce. Affected versions of this package are vulnerable to SQL Injection via the fields parameter in the admin search API endpoint. An attacker can access sensitive database information and potentially compromise th...

8.8CVSS7.4AI score0.00724EPSS
Exploits1References2
NVD
NVD
added 2026/01/14 7:16 p.m.8 views

CVE-2026-23477

Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. This endpoint returns an OAuth application, as long a...

7.7CVSS0.00306EPSS
Exploits1References1
OSV
OSV
added 2026/01/14 3:5 p.m.2 views

CVE-2025-71113 crypto: af_alg - zero initialize memory allocated via sock_kmalloc

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - zero initialize memory allocated via sockkmalloc Several crypto user API contexts and requests allocated with sockkmalloc were left uninitialized, relying on callers to set fields explicitly. This resulted in the...

5.5CVSS5.3AI score0.00123EPSS
Exploits0References10
Rows per page
Query Builder