Lucene search
K

16 matches found

NVD
NVD
added 2026/06/15 9:16 p.m.7 views

CVE-2026-39468

Contributor Arbitrary File Deletion in Meta Box – WordPress Custom Fields Framework = 5.11.1 versions...

6.8CVSS0.00355EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 8:29 p.m.12 views

EUVD-2026-32922

TinyMCE Cross-Site Scripting XSS vulnerability using media plugin data-mce-object injection...

8.7CVSS5.4AI score0.00223EPSS
Exploits0References4
OSV
OSV
added 2026/05/28 4:16 p.m.12 views

UBUNTU-CVE-2026-47759

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via unsanitized data-mce- attributes data-mce-href, data-mce-src, data-mce-style. Allows attackers to inject malicious values that override safe attributes during serialization,...

8.7CVSS5.8AI score0.00238EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/28 3:21 p.m.13 views

CVE-2026-47762 TinyMCE Cross-Site Scripting (XSS) vulnerability through `mce:protected` comments

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and inject scripts that execute when content is restored. Impacts users who utilize the protect option. Thi...

8.7CVSS5.9AI score0.00238EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:21 p.m.17 views

CVE-2026-47762

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and inject scripts that execute when content is restored. Impacts users who utilize the protect option. Thi...

8.7CVSS5.9AI score0.00238EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/28 3:20 p.m.53 views

CVE-2026-47761

Summary: CVE-2026-47761 is a stored XSS vulnerability in TinyMCE’s media plugin, triggered by crafted data-mce-* attributes during content rendering. Affected software: TinyMCE (open source rich text editor); affected version range prior to 5.11.1, 7.9.3, and 8.5.1. Root cause/Vector: Media plugi...

8.7CVSS5.8AI score0.00223EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.15 views

PT-2026-44391

Name of the Vulnerable Software and Affected Versions TinyMCE versions prior to 5.11.1 TinyMCE versions prior to 7.9.3 TinyMCE versions prior to 8.5.1 Description A stored Cross-Site Scripting XSS issue exists via forged mce:protected comments. This allows attackers to bypass sanitization and...

8.7CVSS5.9AI score0.00238EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2026/03/07 9:30 a.m.9 views

Meta Box Plugin for WordPress: Authenticated (Contributor+) Arbitrary File Deletion via ajax_delete_file

The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxdeletefile' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...

7.2CVSS6.4AI score0.00654EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/02/19 2:58 p.m.26 views

CVE-2025-71243 SPIP Saisies Plugin < 5.11.1 Remote Code Execution

The 'Saisies pour formulaire' Saisies plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution RCE vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the server. Users should immediately update to version 5.11.1 or later...

9.8CVSS0.05126EPSS
Exploits5References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:5 a.m.5 views

CVE-2024-41943

I, Librarian is an open-source version of a PDF managing SaaS. PDF notes are displayed on the Item Summary page without any form of validation or sanitation. An attacker can exploit this vulnerability by inserting a payload in the PDF notes that contains malicious code or script. This code will...

4.6CVSS7.1AI score0.00263EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/07 12:0 a.m.6 views

I, Librarian 代码问题漏洞

I, Librarian is a library management program by Martin Kucej, a personal developer. A security vulnerability exists in I, Librarian version 5.11.1 and earlier, which stems from improper input validation in classes/security/validation.php and is vulnerable to server-side request forgery attacks...

9.8CVSS6.5AI score0.18174EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/09/19 12:0 a.m.5 views

Nagios XI Cross-Site Scripting Vulnerability

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A cross-site scripting vulnerability exists in Nagios XI 5.11.1 and earlier versions, which originates fro...

5.4CVSS5.8AI score0.01984EPSS
Exploits0References4
OSV
OSV
added 2023/07/10 4:15 p.m.5 views

CVE-2023-30447

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253436...

7.5CVSS7.4AI score0.01115EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/03/24 11:15 a.m.8 views

CVE-2022-0145

Cross-site Scripting XSS - Stored in GitHub repository forkcms/forkcms prior to 5.11.1...

6.8CVSS6.3AI score0.00671EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/05/06 12:0 a.m.5 views

WordPress 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress plugin Business Directory version...

8.8CVSS7.8AI score0.00672EPSS
Exploits2References3
CNNVD
CNNVD
added 2021/05/06 12:0 a.m.4 views

WordPress 代码问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A remote code execution vulnerability exists in WordPress Business Directory Plugin versions prior t...

7.2CVSS6.8AI score0.01583EPSS
Exploits2References2
Rows per page
Query Builder