Lucene search
K

818 matches found

OSV
OSV
added 2026/04/01 9:10 a.m.2 views

CLEANSTART-2026-YO19768 Security fixes for CVE-2026-25679, CVE-2026-27139, CVE-2026-27142 applied in versions: 3.6.0-r0

Multiple security vulnerabilities affect the fluent-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

7.5CVSS7.4AI score0.00728EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/03/30 1:38 p.m.6 views

WordPress Fluent Booking plugin <= 2.0.01 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters vulnerability

Unauthenticated Stored Cross-Site Scripting via Multiple Parameters vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Fluent Booking versions = 2.0.01...

7.2CVSS5.9AI score0.00302EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/27 5:9 p.m.3 views

CVE-2026-2231

The Fluent Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 2.0.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

7.2CVSS6AI score0.00302EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/27 2:26 p.m.14 views

CVE-2021-27186

Fluent Bit 1.6.10 has a NULL pointer dereference when an flbmalloc return value is not validated by flbavro.c or httpserver/api/v1/metrics.c...

7.5CVSS6.9AI score0.01987EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/26 3:30 p.m.6 views

EUVD-2026-16172

The Fluent Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 2.0.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

7.2CVSS6AI score0.00302EPSS
Exploits0References8
NVD
NVD
added 2026/03/26 2:16 p.m.2 views

CVE-2026-2231

The Fluent Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 2.0.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

7.2CVSS0.00302EPSS
Exploits0References7
CVE
CVE
added 2026/03/26 1:26 p.m.6 views

CVE-2026-2231

The CVE-2026-2231 entry concerns the Fluent Booking plugin for WordPress. Affected component: the plugin’s stored XSS via multiple parameters in all versions up to 2.0.01, caused by insufficient input sanitization and output escaping. Impact: unauthenticated attackers can inject arbitrary web scr...

7.2CVSS6AI score0.00302EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/03/26 1:26 p.m.23 views

CVE-2026-2231 Fluent Booking <= 2.0.01 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters

The Fluent Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 2.0.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

7.2CVSS0.00302EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/03/26 1:26 p.m.2 views

CVE-2026-2231 Fluent Booking <= 2.0.01 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters

The Fluent Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 2.0.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

7.2CVSS6AI score0.00302EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/03/26 1:26 p.m.2 views

CVE-2026-2231

The Fluent Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 2.0.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

7.2CVSS6AI score0.00302EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.3 views

PT-2026-28322

Name of the Vulnerable Software and Affected Versions Fluent Booking versions up to and including 2.0.01 Description The Fluent Booking plugin for WordPress is susceptible to Stored Cross-Site Scripting through multiple parameters. Insufficient input sanitization and output escaping allow...

7.2CVSS6AI score0.00302EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.10 views

WordPress plugin Fluent Booking 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.2CVSS5.7AI score0.00302EPSS
Exploits0References7
Redos
Redos
added 2026/03/19 12:0 a.m.5 views

ROS-20260319-73-0012

A vulnerability in the tagkey validation mechanism of the Fluent Bit log collection and processing tool is related to insufficient input data validation. Exploitation of the vulnerability could allow an attacker acting remotely to affect the integrity and availability of protected information...

5.4CVSS5.8AI score0.00341EPSS
Exploits0
Redos
Redos
added 2026/03/19 12:0 a.m.6 views

ROS-20260319-73-0008

A vulnerability in the indocker plugin of the extractname function of the Fluent Bit log collection and processing tool is related to a stacked buffer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

8.8CVSS6.2AI score0.00788EPSS
Exploits0
Redos
Redos
added 2026/03/19 12:0 a.m.5 views

ROS-20260319-73-0009

A vulnerability in the outfile plugin of the Fluent Bit logging tool is related to an incorrect directory path name restriction. Exploitation of the vulnerability could allow an attacker acting remotely to write an arbitrary file outside the target directory...

5.3CVSS5.9AI score0.00651EPSS
Exploits0
Redos
Redos
added 2026/03/19 12:0 a.m.5 views

ROS-20260319-73-0011

A vulnerability in the inhttp, insplunk and inelasticsearch plugins of the Fluent Bit log collection and processing tool is related to incorrect input data type validation when processing the tagkey parameter. Exploitation of the vulnerability could allow an attacker acting remotely to disclose a...

9.1CVSS5.8AI score0.00632EPSS
Exploits0
Redos
Redos
added 2026/03/19 12:0 a.m.8 views

ROS-20260319-73-0010

A vulnerability in the inforward plug-in of the Fluent Bit logging tool is related to a lack of authentication for a critical function . Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions and gain access to the system...

6.5CVSS5.8AI score0.00555EPSS
Exploits0
OSV
OSV
added 2026/03/10 12:58 a.m.6 views

CLEANSTART-2026-AB04032 OpenTelemetry-Go is the Go implementation of OpenTelemetry

Multiple security vulnerabilities affect the fluent-operator-fips package. OpenTelemetry-Go is the Go implementation of OpenTelemetry. See references for individual vulnerability details...

9.8CVSS5.8AI score0.00157EPSS
Exploits0References4
OSV
OSV
added 2026/03/07 12:39 a.m.3 views

CLEANSTART-2026-PP62083 OpenTelemetry-Go is the Go implementation of OpenTelemetry

Multiple security vulnerabilities affect the fluent-operator-fips package. OpenTelemetry-Go is the Go implementation of OpenTelemetry. See references for individual vulnerability details...

9.8CVSS5.8AI score0.00157EPSS
Exploits0References4
OSV
OSV
added 2026/03/07 12:39 a.m.4 views

CLEANSTART-2026-GI57625 OpenTelemetry-Go is the Go implementation of OpenTelemetry

Security vulnerability affects the fluent-operator-fips package. OpenTelemetry-Go is the Go implementation of OpenTelemetry...

9.8CVSS5.8AI score0.00157EPSS
Exploits0References3
Rows per page
Query Builder