Lucene search
K

155 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/30 9:31 a.m.7 views

CVE-2026-9711

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress full is vulnerable to SQL Injection via the WordPress 'search' parameter in versions up to, and including, 5.0.11 due to insufficient escaping on the user supplied parameter and lack of preparation on the existing SQL quer...

9.8CVSS5.8AI score0.00438EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/24 7:50 p.m.5 views

CVE-2026-50129

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.11, 4.4.18, and 4.3.24, a DoS can be triggered by Uncaught Exception vulerability, due to missing exception handling in the math sanitizer. Malformed nodes can result in a DoS of a whole server or targeted...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 7:48 p.m.21 views

CVE-2026-50128

Mastodon is a free, open-source social network server based on ActivityPub. From 4.3.0 until 4.5.11 and 4.4.18, Mastodon has a feature to let websites credit authors of their articles. To prevent false attribution claims, Mastodon uses the attributionDomains JSON-LD term, however, an error in how...

5.3CVSS5.9AI score0.00129EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/15 9:16 p.m.9 views

CVE-2026-39468

Contributor Arbitrary File Deletion in Meta Box – WordPress Custom Fields Framework = 5.11.1 versions...

6.8CVSS0.00355EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 8:29 p.m.15 views

EUVD-2026-32922

TinyMCE Cross-Site Scripting XSS vulnerability using media plugin data-mce-object injection...

8.7CVSS5.4AI score0.00264EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/03 12:0 a.m.9 views

CVE-2026-26379

Koha versions up to 25.11 contain a Server-Side Request Forgery SSRF vulnerability via the Z39.50/SRU server configuration. This allows authenticated attackers to perform internal network scanning and identify running services by analyzing server response times...

5.8AI score0.00243EPSS
Exploits1References3
OSV
OSV
added 2026/05/28 4:16 p.m.25 views

UBUNTU-CVE-2026-47759

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via unsanitized data-mce- attributes data-mce-href, data-mce-src, data-mce-style. Allows attackers to inject malicious values that override safe attributes during serialization,...

8.7CVSS5.8AI score0.00281EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:21 p.m.17 views

CVE-2026-47762

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and inject scripts that execute when content is restored. Impacts users who utilize the protect option. Thi...

8.7CVSS5.9AI score0.00281EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/28 3:21 p.m.14 views

CVE-2026-47762 TinyMCE Cross-Site Scripting (XSS) vulnerability through `mce:protected` comments

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and inject scripts that execute when content is restored. Impacts users who utilize the protect option. Thi...

8.7CVSS5.9AI score0.00281EPSS
Exploits0References3
CVE
CVE
added 2026/05/28 3:20 p.m.54 views

CVE-2026-47761

Summary: CVE-2026-47761 is a stored XSS vulnerability in TinyMCE’s media plugin, triggered by crafted data-mce-* attributes during content rendering. Affected software: TinyMCE (open source rich text editor); affected version range prior to 5.11.1, 7.9.3, and 8.5.1. Root cause/Vector: Media plugi...

8.7CVSS5.8AI score0.00264EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/28 5:0 a.m.35 views

CVE-2026-9673

CVE-2026-9673 affects json-2-csv versions 3.15.0 and earlier up to 5.5.11, vulnerable to CSV Injection via the preventCsvInjection option, which can be bypassed. An attacker can inject formulas into CSV files that execute when opened in spreadsheet apps. The SNYK entry describes a PoC and recomme...

7CVSS5.9AI score0.00166EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.18 views

PT-2026-44391

Name of the Vulnerable Software and Affected Versions TinyMCE versions prior to 5.11.1 TinyMCE versions prior to 7.9.3 TinyMCE versions prior to 8.5.1 Description A stored Cross-Site Scripting XSS issue exists via forged mce:protected comments. This allows attackers to bypass sanitization and...

8.7CVSS5.9AI score0.00281EPSS
Exploits0References13
OSV
OSV
added 2026/05/15 9:12 p.m.5 views

CVE-2026-45347 Open WebUI: Blind server side request forgery (SSRF) via the PDF generate function

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.11, there is a blind server side request forgery SSRF via the PDF generate function. In the PDF export, user inputs are interpreted as HTML and embedded into the PDF. According to tests...

4.3CVSS6.1AI score0.00186EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.10 views

Unity Linux 20.1060e / 20.1070e Security Update: qt5-qtbase (UTSA-2026-017636)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017636 advisory. An out-of-bounds memory access in the generateDirectionalRuns function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a...

4.3CVSS6.4AI score0.0205EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/23 8:28 p.m.11 views

CVE-2025-53444

Cross-Site Request Forgery CSRF vulnerability in DeluxeThemes Userpro userpro allows Cross Site Request Forgery.This issue affects Userpro: from n/a through 5.1.11...

4.3CVSS5.8AI score0.00098EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.9 views

PT-2026-33076

Name of the Vulnerable Software and Affected Versions Userpro versions prior to 5.1.11 Description A Cross-Site Request Forgery CSRF flaw in DeluxeThemes Userpro allows an attacker to induce a user to perform actions they did not intend to. CSRF is a technique where a malicious site tricks a user...

4.3CVSS5.1AI score0.00098EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/14 1:22 a.m.6 views

CVE-2026-39647

Server-Side Request Forgery SSRF vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through = 5.11...

5.4CVSS5.8AI score0.00168EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 9:31 a.m.5 views

EUVD-2026-20309

Server-Side Request Forgery SSRF vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through = 5.11...

5.9AI score0.00168EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/08 8:30 a.m.3 views

CVE-2026-39647 WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 5.11 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through = 5.11...

5.8AI score0.00168EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.26 views

CVE-2026-39647 WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 5.11 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through = 5.11...

5.4CVSS0.00168EPSS
Exploits0References1
Rows per page
Query Builder