Lucene search
K

5158 matches found

Nuclei
Nuclei
added yesterday80 views

Thinfinity Iframe Injection

A vulnerability exists in Thinfinity VirtualUI in a function located in /lab.html reachable which by default could allow IFRAME injection via the "vpath" parameter. id: CVE-2021-45092 info: name: Thinfinity Iframe Injection author: danielmofer severity: critical description: A vulnerability exist...

9.8CVSS6.7AI score0.39973EPSS
Exploits7References5
NVD
NVD
added 4 days ago6 views

CVE-2026-56354

n8n before 1.123.24, 2.10.4, and 2.12.0 across its 1.x and 2.x branches contains cross-site scripting and open redirect vulnerabilities in the Form Node due to unsanitized HTML description fields and overly permissive iframe sandbox policies. Authenticated users with workflow creation permissions...

5.4CVSS0.00186EPSS
Exploits0References2
CVE
CVE
added 4 days ago6 views

CVE-2026-56354

CVE-2026-56354 affects n8n before 1.123.24, 2.10.4, and 2.12.0 (1.x and 2.x branches). The Form Node contains cross-site scripting and open redirect vulnerabilities caused by unsanitized HTML description fields and overly permissive iframe sandbox policies. Authenticated users with workflow creat...

5.4CVSS6.1AI score0.00186EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-56354 n8n - Cross-Site Scripting and Open Redirect in Form Node

n8n before 1.123.24, 2.10.4, and 2.12.0 across its 1.x and 2.x branches contains cross-site scripting and open redirect vulnerabilities in the Form Node due to unsanitized HTML description fields and overly permissive iframe sandbox policies. Authenticated users with workflow creation permissions...

5.1CVSS0.00186EPSS
Exploits0References2
NVD
NVD
added 6 days ago8 views

CVE-2026-55596

Plate is a rich-text editor with AI and shadcn/ui. From 53.0.0 until 53.1.4, the media embed renderer trusts serialized provider or sourceUrl metadata in useMediaState and skips parseMediaUrl protocol validation, allowing a crafted Plate document to set a known video provider while keeping url as...

8.7CVSS0.00241EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-55596 Plate: Media embed provider metadata can bypass URL sanitization and execute iframe JavaScript

Plate is a rich-text editor with AI and shadcn/ui. From 53.0.0 until 53.1.4, the media embed renderer trusts serialized provider or sourceUrl metadata in useMediaState and skips parseMediaUrl protocol validation, allowing a crafted Plate document to set a known video provider while keeping url as...

8.7CVSS0.00241EPSS
Exploits0References4
CVE
CVE
added 6 days ago7 views

CVE-2026-55596

Plate is a rich-text editor (with AI and shadcn/ui). Affects versions 53.0.0 through 53.1.4 where the media embed renderer trusts serialized provider or sourceUrl metadata in useMediaState and skips parseMediaUrl protocol validation. This allows a crafted Plate document to set a known video provi...

8.7CVSS6AI score0.00241EPSS
Exploits0References4
NVD
NVD
added 6 days ago10 views

CVE-2026-6742

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'additional' parameter in all versions up to, and including, 2026.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS0.00156EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42219

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'additional' parameter in all versions up to, and including, 2026.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS6.1AI score0.00156EPSS
Exploits0References2
CVE
CVE
added 6 days ago11 views

CVE-2026-6742

The data shows CVE-2026-6742 affects the WordPress Advanced iFrame plugin: all versions up to 2026.1 are vulnerable to Stored Cross-Site Scripting via the Gutenberg Block 'additional' attribute due to insufficient input sanitization and output escaping. This allows authenticated users with contri...

6.4CVSS6.1AI score0.00156EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago5 views

PT-2026-56579

Name of the Vulnerable Software and Affected Versions Plate versions 53.0.0 through 53.1.3 Description The media embed renderer trusts serialized provider or sourceUrl metadata in useMediaState and skips parseMediaUrl protocol validation. This allows a crafted document to specify a known video...

8.7CVSS6.1AI score0.00241EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 6 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-58266

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Anki is a program for creating and reviewing flashcards. Prior to 25.09.4, Anki's webview-based pages communicate with the Rust backend using an internal...

6.5CVSS6.2AI score0.00169EPSS
Exploits0References2
NVD
NVD
added last week7 views

CVE-2026-58266

Anki is a program for creating and reviewing flashcards. Prior to 25.09.4, Anki's webview-based pages communicate with the Rust backend using an internal localhost API, and user scripts included via iframes in the editor can access this API despite protections intended to block reviewer and edito...

6.5CVSS0.00169EPSS
Exploits0References3
NVD
NVD
added last week7 views

CVE-2026-55592

Dashy is a self-hostable personal dashboard. Prior to 4.3.7, Dashy's workspace view trusts the url query parameter and assigns it directly to an iframe source without scheme validation. If a logged-in user opens a crafted workspace link containing a javascript: URL, JavaScript runs on the Dashy...

3.9CVSS0.00255EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added last week7 views

CVE-2026-58266

Anki is a program for creating and reviewing flashcards. Prior to 25.09.4, Anki's webview-based pages communicate with the Rust backend using an internal localhost API, and user scripts included via iframes in the editor can access this API despite protections intended to block reviewer and edito...

6.5CVSS6AI score0.00169EPSS
Exploits0References4Affected Software1
CVE
CVE
added last week10 views

CVE-2026-58266

The CVE-2026-58266 issue affects Anki prior to 25.09.4, where webview pages expose the internal localhost API to user scripts loaded in iframes. This allows a malicious imported card package with an embedded iframe to call exposed API methods (e.g., getImageForOcclusion) and read files accessible...

6.5CVSS6AI score0.00169EPSS
Exploits0References3
Cvelist
Cvelist
added last week23 views

CVE-2026-58266 Anki: User scripts in iframes have access to the internal Anki API

Anki is a program for creating and reviewing flashcards. Prior to 25.09.4, Anki's webview-based pages communicate with the Rust backend using an internal localhost API, and user scripts included via iframes in the editor can access this API despite protections intended to block reviewer and edito...

6.5CVSS0.00169EPSS
Exploits0References3
OSV
OSV
added last week5 views

CVE-2026-58266 Anki: User scripts in iframes have access to the internal Anki API

Anki is a program for creating and reviewing flashcards. Prior to 25.09.4, Anki's webview-based pages communicate with the Rust backend using an internal localhost API, and user scripts included via iframes in the editor can access this API despite protections intended to block reviewer and edito...

6.5CVSS6AI score0.00169EPSS
Exploits0References5
Debian CVE
Debian CVE
added last week3 views

CVE-2026-58266

Anki is a program for creating and reviewing flashcards. Prior to 25.09.4, Anki's webview-based pages communicate with the Rust backend using an internal localhost API, and user scripts included via iframes in the editor can access this API despite protections intended to block reviewer and edito...

6.5CVSS6AI score0.00169EPSS
Exploits0
OSV
OSV
added last week6 views

CVE-2026-55408 Koodo Reader: Remote code execution via malicious epub file

Koodo Reader is an ebook reader. In version 2.3.0 and earlier, Koodo Reader is vulnerable to remote code execution through malicious EPUB files because the open-book IPC handler enables nodeIntegrationInSubFrames and EPUB chapter content is rendered with unsanitized innerHTML. An attacker can cra...

8.4CVSS6.8AI score0.00188EPSS
Exploits0References3
Rows per page
Query Builder