Lucene search
K

538 matches found

CNNVD
CNNVD
added 2026/03/23 12:0 a.m.9 views

WordPress plugin Smart Custom Fields 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00289EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/17 2:32 p.m.24 views

CVE-2025-13406 Scanning for higher HART revision device leads into NULL pointer dereference in live list

NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT Webserver modules allows HTTP DoS.This issue affects smartLink SW-HT: 1.43...

6.8CVSS0.00315EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.11 views

Microsoft Azure Arc 授权问题漏洞

Microsoft Azure Arc is a storage system provided by the American company Microsoft. It allows for the extension of the Azure platform into your environment. There are authorization-related vulnerabilities in Microsoft Azure Arc. Attackers can exploit these vulnerabilities to gain higher levels of...

7.8CVSS5.8AI score0.00292EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/03/06 12:0 a.m.5 views

PQC-LEO: An Evaluation Framework for Post-Quantum Cryptographic Algorithms

Advances in quantum computing threaten digital communication security by undermining the foundations of current public-key cryptography through Shor's quantum algorithm. This has driven the development of Post-Quantum Cryptography PQC, a new set of algorithms resistant to quantum attacks. While...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/02 1:50 a.m.6 views

CVE-2026-28426

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, stored XSS vulnerability in svg and icon related components allow authenticated users with appropriate permissions to inject malicious JavaScript that executes when viewed by higher-privileg...

8.7CVSS5.8AI score0.00259EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/01 1:31 a.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the svg and icon related components. An authenticated user can execute arbitrary JavaScript in the context of higher-privileged users by injecting malicious scripts that are triggered when those users view t...

8.7CVSS5.9AI score0.00259EPSS
Exploits0References2
OSV
OSV
added 2026/03/01 1:31 a.m.5 views

GHSA-5VRJ-WF7V-5WR7 Statamic vulnerable to privilege escalation via stored cross-site scripting

Impact Stored XSS vulnerability in svg and icon related components allow authenticated users with appropriate permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Patches This has been fixed in 5.73.11 and 6.4.0...

8.7CVSS5.8AI score0.00259EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/28 7:47 a.m.14 views

CVE-2025-14040

The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Call to Action' custom fields in all versions up to, and including, 13.4. This is due to insufficient input sanitization and output escaping on user-supplied attributes in th...

6.4CVSS6.1AI score0.00269EPSS
Exploits0References1
NVD
NVD
added 2026/02/27 11:16 p.m.13 views

CVE-2026-28426

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, stored XSS vulnerability in svg and icon related components allow authenticated users with appropriate permissions to inject malicious JavaScript that executes when viewed by higher-privileg...

8.7CVSS0.00259EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.8 views

WordPress plugin The Events Calendar 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

5.4CVSS5.8AI score0.00227EPSS
Exploits0References6
OSV
OSV
added 2026/02/24 2:42 a.m.7 views

CVE-2026-27128 Craft CMS's race condition in Token Service potentially allows for token usage greater than the token limit

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a Time-of-Check-Time-of-Use TOCTOU race condition exists in Craft CMS’s token validation service for tokens that explicitly set a limited usage. The getTokenRoute method reads a token’s...

6.9CVSS5.7AI score0.00176EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/22 7:24 a.m.5 views

CVE-2026-27196

Statmatic is a Laravel and Git powered content management system CMS. Versions 5.73.8 and below in addition to 6.0.0-alpha.1 through 6.3.1 have a Stored XSS vulnerability in html fieldtypes which allows authenticated users with field management permissions to inject malicious JavaScript that...

8.1CVSS5.5AI score0.0028EPSS
Exploits0References1
NVD
NVD
added 2026/02/21 5:17 a.m.9 views

CVE-2026-27196

Statmatic is a Laravel and Git powered content management system CMS. Versions 5.73.8 and below in addition to 6.0.0-alpha.1 through 6.3.1 have a Stored XSS vulnerability in html fieldtypes which allows authenticated users with field management permissions to inject malicious JavaScript that...

8.1CVSS0.0028EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/21 4:30 a.m.5 views

CVE-2026-27196

Statmatic is a Laravel and Git powered content management system CMS. Versions 5.73.8 and below in addition to 6.0.0-alpha.1 through 6.3.1 have a Stored XSS vulnerability in html fieldtypes which allows authenticated users with field management permissions to inject malicious JavaScript that...

8.1CVSS5.5AI score0.0028EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/02/19 8:30 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the configFieldItems function. An attacker can execute arbitrary JavaScript in the context of higher-privileged users by injecting malicious scripts as an authenticated user with field management permissions...

8.1CVSS5.6AI score0.0028EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/19 8:30 p.m.9 views

Statamic affected by privilege escalation via stored cross-site scripting

Impact Stored XSS vulnerability in html fieldtypes allow authenticated users with field management permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Patches This has been fixed in 6.3.2 and 5.73.9...

8.1CVSS5.4AI score0.0028EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.6 views

PT-2026-20984

Name of the Vulnerable Software and Affected Versions Statamic versions 5.73.8 and below, and 6.0.0-alpha.1 through 6.3.1 Description Statamic, a Laravel and Git powered content management system CMS, is affected by a Stored Cross-Site Scripting XSS issue in the html fieldtypes. This flaw allows...

8.1CVSS5.5AI score0.0028EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.9 views

WordPress plugin Toret Manager 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.8CVSS6AI score0.00292EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/02/16 12:0 a.m.5 views

A Scan-Based Analysis of Internet-Exposed IoT Devices Using Shodan Data

An open measurement problem in IoT security is whether scan-observable network configurations encode population-level exposure risk beyond individual devices. An analysis of internet-exposed IoT endpoints using a controlled multi-country sample from Shodan Search and Shodan InternetDB, selecting...

5.6AI score
Exploits0
NVD
NVD
added 2026/02/11 9:16 p.m.6 views

CVE-2026-25759

Statmatic is a Laravel and Git powered content management system CMS. From 6.0.0 to before 6.2.3, a stored XSS vulnerability in content titles allows authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Maliciou...

8.7CVSS0.00293EPSS
Exploits0References3
Rows per page
Query Builder