Lucene search
+L

36 matches found

nvd
nvd
added 3 days ago3 views

CVE-2026-57391

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tangible Loops & Logic tangible-loops-and-logic allows Stored XSS.This issue affects Loops & Logic: from n/a through = 4.2.3...

6.5CVSS0.00168EPSS
Exploits0References1
cvelist
cvelist
added 3 days ago25 views

CVE-2026-57391 WordPress Loops & Logic plugin <= 4.2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tangible Loops & Logic tangible-loops-and-logic allows Stored XSS.This issue affects Loops & Logic: from n/a through = 4.2.3...

6.5CVSS0.00168EPSS
Exploits0References1
patchstack
patchstack
added 2026/07/08 9:2 a.m.4 views

WordPress Loops & Logic plugin <= 4.2.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by ParkHyunWoo in WordPress Plugin Loops & Logic versions = 4.2.3...

6.5CVSS6.1AI score0.00168EPSS
Exploits0Affected Software1
attackerkb
attackerkb
added 2026/06/25 1:12 p.m.6 views

CVE-2026-54823

Contributor Remote Code Execution RCE in Widget Options = 4.2.3 versions...

9.9CVSS5.9AI score0.00426EPSS
Exploits0References2
euvd
euvd
added 2026/06/25 1:12 p.m.6 views

EUVD-2026-39365

Contributor Remote Code Execution RCE in Widget Options = 4.2.3 versions...

9.9CVSS5.9AI score0.00426EPSS
Exploits0References1
patchstack
patchstack
added 2026/06/10 9:22 a.m.10 views

WordPress PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget plugin <= 4.2.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Jakub Herman in WordPress Plugin PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget versions = 4.2.3...

7.4CVSS5.3AI score0.00214EPSS
Exploits0Affected Software1
osv
osv
added 2026/05/12 8:35 a.m.3 views

CVE-2026-8159 multiparty vulnerable to ReDoS via filename parsing

[email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with a long header value can cause regex matching to take seconds, blocking the event loop. Impact: any...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References5
cvelist
cvelist
added 2026/04/11 1:24 a.m.34 views

CVE-2026-5226 Optimole <= 4.2.3 - Reflected Cross-Site Scripting via Page Profiler URL

The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and including, 4.2.3 This is due to insufficient output escaping on user-supplied URL paths in the getcurrenturl function, which are inserted into...

6.1CVSS0.00495EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2026/04/11 12:0 a.m.18 views

PT-2026-32092

The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and including, 4.2.3 This is due to insufficient output escaping on user-supplied URL paths in the get current url function, which are inserted into...

6.1CVSS6AI score0.00495EPSS
Exploits0References10
alpinelinux
alpinelinux
added 2026/03/26 5:10 p.m.37 views

CVE-2026-33481

Syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those...

5.3CVSS6.2AI score0.00408EPSS
Exploits0References4
nessus
nessus
added 2026/01/15 12:0 a.m.4 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001887)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001887 advisory. The slhcinit function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to...

4.9CVSS6.2AI score0.00646EPSS
Exploits1References25
euvd
euvd
added 2025/10/07 12:30 a.m.9 views

EUVD-2011-0431

Malware in sbrugna...

6.8CVSS6.3AI score0.06055EPSS
Exploits2References9
attackerkb
attackerkb
added 2025/03/06 2:15 p.m.8 views

CVE-2025-0877

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in AtaksAPP Reservation Management System allows Cross-Site Scripting XSS. This issue affects Reservation Management System: before 4.2.3...

4.7CVSS5.4AI score0.00276EPSS
Exploits0References3
cnnvd
cnnvd
added 2025/01/07 12:0 a.m.6 views

pgAgent 安全漏洞

pgAgent is an open source job scheduler for PostgreSQL from the pgAdmin Project. A security vulnerability exists in pgAgent versions prior to 4.2.3 that stems from insufficient initialization of the random number generator used to generate directory names, which allows a local attacker to...

7.1CVSS5.2AI score0.00171EPSS
Exploits0References2
osv
osv
added 2025/01/02 3:15 p.m.4 views

CVE-2022-45830

Missing Authorization vulnerability in Analytify.This issue affects Analytify: from n/a through 4.2.3...

9.8CVSS5.8AI score0.00378EPSS
Exploits0References1
cnnvd
cnnvd
added 2024/12/02 12:0 a.m.6 views

WordPress plugin Jobify 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

6.5CVSS7.6AI score0.0027EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/06/19 12:0 a.m.8 views

PT-2024-12565 · Thimpress · Thimpress Learnpress

Name of the Vulnerable Software and Affected Versions: ThimPress LearnPress versions 4.2.3 and earlier Description: The issue is related to a Missing Authorization vulnerability in ThimPress LearnPress. Recommendations: For ThimPress LearnPress versions 4.2.3 and earlier, update to a version late...

9.8CVSS9.3AI score0.00441EPSS
Exploits0References5
githubexploit
githubexploit
added 2024/03/10 4:20 p.m.75 views

Exploit for Cross-site Scripting in Sygnoos Popup_Builder

CVE-2023-6000 PoC How does this detection method work?...

6.1CVSS6.9AI score0.01999EPSS
Exploits4
cnnvd
cnnvd
added 2023/12/15 12:0 a.m.7 views

TAIWAN-CA(TWCA) JCICSecurityTool Input Validation Error Vulnerability

TAIWAN-CATWCA JCICSecurityTool is an application from Taiwan Web Certification TWCA. An input validation error vulnerability exists in TAIWAN-CATWCA JCICSecurityTool version v4.2.3.32, which stems from insufficient filtering of special characters in registry-related functions, and can be exploite...

8.8CVSS6.2AI score0.0103EPSS
Exploits0References2
jvn
jvn
added 2023/11/07 4:47 a.m.6 views

EC-CUBE 3 series and 4 series vulnerable to arbitrary code execution

Overview EC-CUBE 3 series and 4 series provided by EC-CUBE CO.,LTD. contain an arbitrary code execution vulnerability CWE-94 due to improper settings of the product's template engine "Twig". Takeshi Miura of N.F.Laboratories Inc. reported this vulnerability to EC-CUBE CO.,LTD. EC-CUBE CO.,LTD. In...

7.2CVSS7.6AI score0.01582EPSS
Exploits1References5
Rows per page
Query Builder