Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/04/08 9:25 a.m.19 views

CVE-2026-4300 Robo Gallery <= 5.1.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'Loading Label' Setting

The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Loading Label' setting in all versions up to, and including, 5.1.3. The plugin uses a custom |...| marker pattern in its fixJsFunction method to embed raw JavaScript function references within JSON-encoded...

6.4CVSS0.00429EPSS
Exploits0References14
OSV
OSV
added 2026/01/10 2:57 a.m.8 views

CVE-2026-22597 Ghost has SSRF via External Media Inliner

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...

5.1CVSS6.6AI score0.00265EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/11/19 12:0 a.m.4 views

PT-2024-34191 · WordPress · Bold Page Builder

Name of the Vulnerable Software and Affected Versions: Bold Page Builder versions through 5.1.3 Description: The issue is related to missing authorization, allowing exploitation of incorrectly configured access control security levels. This could potentially lead to site compromise...

8.8CVSS6.6AI score0.01918EPSS
Exploits0References5
CNVD
CNVD
added 2019/01/25 12:0 a.m.1 views

Out-of-bounds read vulnerability in multiple Apple products (CNVD-2019-02759)

Apple iOS is an operating system developed for mobile devices; watchOS is a smartwatch operating system. An out-of-bounds read vulnerability exists in the Core Media component in Apple iOS before 12.1.3, watchOS before 5.1.3, and macOS. An attacker can exploit the vulnerability to elevate...

7.8CVSS6.3AI score0.00938EPSS
Exploits0References1
Rows per page
Query Builder