Lucene search
K

5 matches found

Vulnrichment
Vulnrichment
added 2026/05/13 3:27 p.m.11 views

CVE-2026-44664 fast-xml-builder: Comment Value bypass regex

fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace/--/g, '- -'. This skip the values containing three consecutive dashes e.g., ---..., allowing an attacker to break out of an XML comment and...

6.1CVSS5.9AI score0.00238EPSS
Exploits1References1
Patchstack
Patchstack
added 2024/10/31 12:0 a.m.8 views

WordPress AtomChat Plugin <= 1.1.5 is vulnerable to Cross Site Scripting (XSS)

Software AtomChat Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10232 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 646d1a105951 Credits Peter Thaleikis Required...

6.4CVSS5.8AI score0.00318EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/07/01 12:0 a.m.17 views

WordPress CRM Perks Forms Plugin <= 1.1.5 is vulnerable to Broken Access Control

Software CRM Perks Forms Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37463 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 16266b67c664 Credits Manab Jyoti Dowarah Required...

9.8CVSS6.3AI score0.00444EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/12 12:0 a.m.11 views

WordPress AffiEasy Plugin <= 1.1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software AffiEasy Type Plugin Vulnerable versions = 1.1.4 Fixed in 1.1.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32435 Patch priority Low CVSS severity Low 4.3 Developer AffiEasy PSID 0bbb7a2d55c1 Credits Dhabaleshwar Das Required privile...

4.3CVSS6.6AI score0.00216EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/06 12:0 a.m.9 views

WordPress HT Portfolio Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software HT Portfolio Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0497 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3421d1e706d1 Credits Lana Codes Required...

4.3CVSS6.6AI score0.00281EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder