Lucene search
K

6 matches found

NVD
NVD
added 2026/06/17 1:19 p.m.8 views

CVE-2026-11975

Stored cross-site scripting XSS in NewsItemApiController In SimplCommerce prior to commit 6142d3b5 allows an authenticated administrator to execute arbitrary JavaScript via the ShortContent and FullContent fields, which are stored without HTML sanitization and rendered unencoded via @Html.Raw...

6.2CVSS0.00256EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.15 views

PT-2026-45047

Name of the Vulnerable Software and Affected Versions Koel versions prior to 9.3.5 Description Koel fails to validate individual episode enclosure URLs extracted from RSS XML feeds, despite validating the main podcast feed URL. These unvalidated URLs are stored in the database and subsequently...

7.7CVSS5.3AI score0.00263EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/11/06 5:31 a.m.6 views

CVE-2025-12560 Blog2Social: Social Media Auto Post & Scheduler <= 8.6.0 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via post_url

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 8.6.0 via the getFullContent function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make we...

4.3CVSS0.00195EPSS
Exploits0References2
NVD
NVD
added 2025/09/06 2:15 a.m.29 views

CVE-2025-7368

The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 19.9.7 via the 'ajaxactionregetfullcontent' function due to insufficient restrictions on which posts can be included. This makes i...

5.3CVSS0.00255EPSS
Exploits0References2
CVE
CVE
added 2025/09/06 1:45 a.m.22 views

CVE-2025-7368

CVE-2025-7368 — REHub WordPress Theme: Unauthenticated information exposure in REHub up to version 19.9.7 due to insufficient restrictions in the ajax_action_re_getfullcontent path, allowing access to password-protected post data. Affected: REHub Theme for WordPress (versions ≤ 19.9.7). Root caus...

5.3CVSS5.8AI score0.00255EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/06 1:45 a.m.5 views

CVE-2025-7368 Rehub <= 19.9.7 - Unauthenticated Password Protected Post Disclosure

The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 19.9.7 via the 'ajaxactionregetfullcontent' function due to insufficient restrictions on which posts can be included. This makes i...

5.3CVSS5.8AI score0.00255EPSS
Exploits0References2
Rows per page
Query Builder