Lucene search
K

985 matches found

NVD
NVD
added 2026/05/05 3:15 a.m.10 views

CVE-2026-5247

The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapper' attribute of the futureaction shortcode in all versions up to, and including, 4.10.0. This is due to insufficient input sanitization on the wrapper attribute. The...

5.5CVSS0.00274EPSS
Exploits0References4
CVE
CVE
added 2026/05/05 2:26 a.m.9 views

CVE-2026-5247

The CVE concerns the WordPress plugin Schedule Post Changes With PublishPress Future (WordPress). All versions up to 4.10.0 are affected by a Stored Cross-Site Scripting (XSS) vulnerability in the [futureaction] shortcode’s wrapper attribute. The root cause is insufficient input sanitization: esc...

5.5CVSS6AI score0.00274EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/05 2:26 a.m.4 views

CVE-2026-5247

The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapper' attribute of the futureaction shortcode in all versions up to, and including, 4.10.0. This is due to insufficient input sanitization on the wrapper attribute. The...

5.5CVSS6AI score0.00274EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/05 2:26 a.m.29 views

CVE-2026-5247 Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.10.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'wrapper' Shortcode Attribute

The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapper' attribute of the futureaction shortcode in all versions up to, and including, 4.10.0. This is due to insufficient input sanitization on the wrapper attribute. The...

5.5CVSS0.00274EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/05/04 2:2 p.m.6 views

WordPress Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories plugin <= 4.10.0 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Post Expirator versions = 4.10.0...

5.5CVSS5.8AI score0.00274EPSS
Exploits0References1Affected Software1
RustSec
RustSec
added 2026/05/02 12:0 p.m.12 views

Null-pointer dereference and double-free via safe APIs

Two soundness violations exist in the Rust bindings for MetaCall: Null-pointer dereference: MetaCallFuture::newraw accepts a raw pointer without validation. The Debug impl calls Box::fromrawself.data on it. Passing a null pointer causes the Debug impl to construct a NonNull from null, producing...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.7 views

PT-2026-36035

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 9.0 through 18.9.6 GitLab CE/EE versions 18.10 through 18.10.5 GitLab CE/EE versions 18.11 through 18.11.2 Description Insufficient input validation allows an unauthenticated user to cause a denial of service by sending...

7.5CVSS5.8AI score0.00355EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/28 4:43 p.m.3 views

CVE-2026-6238

The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.0.1 to version 2.43 fail to validate the RDATA content against the RDATA length in a DNS response when processing A6, CERT, LOC, TKEY or TSIG records, which may allow an attacker to craft a DNS response,...

6.5CVSS5.8AI score0.00311EPSS
Exploits0References3Affected Software1
Microsoft Secure
Microsoft Secure
added 2026/04/22 5:0 p.m.10 views

AI-powered defense for an AI-accelerated threat landscape

We are at an inflection point in cybersecurity. Recent advances in AI model capabilities are changing how vulnerabilities are discovered and exploited. AI models can autonomously discover weaknesses, chain multiple lower-severity issues into working end-to-end exploits, and produce working...

5.7AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/04/20 4:0 p.m.10 views

Making opportunistic cyberattacks harder by design

This is part of a series of blogs and interviews conducted with our Microsoft Deputy CISOs , in which we surface a number of mission-critical security recommendations and best practices that businesses can enact right now and derive real meaningful benefits from. In this article, Ilya Grebnov,...

6.2AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/04/20 4:0 p.m.9 views

Making opportunistic cyberattacks harder by design

This is part of a series of blogs and interviews conducted with our Microsoft Deputy CISOs , in which we surface a number of mission-critical security recommendations and best practices that businesses can enact right now and derive real meaningful benefits from. In this article, Ilya Grebnov,...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/15 12:0 a.m.5 views

Challenges and Future Directions in Agentic Reverse Engineering Systems

Agentic systems built on large language models LLMs are increasingly being used for complex security tasks, including binary reverse engineering RE. Despite recent growth in popularity and capability, these systems continue to face limitations in realistic settings. Cutting-edge systems still fai...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/13 7:23 p.m.7 views

CVE-2026-40093

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestamp validation enforces that timestamp = parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MINPRODUCERTIMEOUT for skip blocks, but there is no visible upper...

8.1CVSS5.8AI score0.00314EPSS
Exploits0References1
OSV
OSV
added 2026/04/10 7:55 p.m.4 views

GHSA-49XC-52MP-CC9J nimiq-blockchain is missing a wall-clock upper bound on block timestamps

Impact Block timestamp validation enforces that timestamp = parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MINPRODUCERTIMEOUT for skip blocks, but there is no visible upper bound check against the wall clock. A malicious block-producing validator can set block timestamps...

9.1CVSS5.8AI score0.00314EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/10 7:55 p.m.6 views

EUVD-2026-21146

nimiq-blockchain is missing a wall-clock upper bound on block timestamps...

8.1CVSS5.8AI score0.00314EPSS
Exploits0References2
NVD
NVD
added 2026/04/09 9:16 p.m.5 views

CVE-2026-40093

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestamp validation enforces that timestamp = parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MINPRODUCERTIMEOUT for skip blocks, but there is no visible upper...

8.1CVSS0.00314EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 8:29 p.m.4 views

CVE-2026-40093

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestamp validation enforces that timestamp = parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MINPRODUCERTIMEOUT for skip blocks, but there is no visible upper...

8.1CVSS5.9AI score0.00314EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/09 8:29 p.m.25 views

CVE-2026-40093 nimiq-blockchain is missing a wall-clock upper bound on block timestamps

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestamp validation enforces that timestamp = parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MINPRODUCERTIMEOUT for skip blocks, but there is no visible upper...

8.1CVSS0.00314EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/09 8:29 p.m.3 views

CVE-2026-40093 nimiq-blockchain is missing a wall-clock upper bound on block timestamps

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestamp validation enforces that timestamp = parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MINPRODUCERTIMEOUT for skip blocks, but there is no visible upper...

8.1CVSS5.8AI score0.00314EPSS
Exploits0References1
CVE
CVE
added 2026/04/09 8:29 p.m.9 views

CVE-2026-40093

The CVE describes a wall-clock upper bound omission in Nimiq’s block timestamp validation for the nimiq-blockchain Rust implementation (1.3.0 and earlier). Specifically, non-skip blocks enforce timestamp &gt;= parent.timestamp and skip blocks enforce timestamp == parent.timestamp + MIN_PRODUCER_T...

8.1CVSS5.9AI score0.00314EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder