Lucene search
K

5125 matches found

Vulnrichment
Vulnrichment
added 2026/02/19 8:27 a.m.2 views

CVE-2026-25453 WordPress Advanced iFrame plugin <= 2025.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mdempfle Advanced iFrame advanced-iframe allows DOM-Based XSS.This issue affects Advanced iFrame: from n/a through = 2025.10...

6.5CVSS5.5AI score0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/19 8:27 a.m.28 views

CVE-2026-25453 WordPress Advanced iFrame plugin <= 2025.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mdempfle Advanced iFrame advanced-iframe allows DOM-Based XSS.This issue affects Advanced iFrame: from n/a through = 2025.10...

6.5CVSS0.00161EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/19 8:27 a.m.3 views

CVE-2026-25453

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mdempfle Advanced iFrame advanced-iframe allows DOM-Based XSS.This issue affects Advanced iFrame: from n/a through = 2025.10...

5.5AI score0.00161EPSS
Exploits0References2
CVE
CVE
added 2026/02/19 8:27 a.m.9 views

CVE-2026-25412

The CVE-2026-25412 entry concerns the WordPress Advanced iFrame plugin (

5.4AI score0.00028EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/02/19 8:27 a.m.2 views

CVE-2026-25412

...

5.2AI score0.00028EPSS
Exploits0
Cvelist
Cvelist
added 2026/02/19 8:27 a.m.27 views

CVE-2026-25412

...

0.00028EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/02/19 8:27 a.m.2 views

CVE-2026-25412

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

5.1AI score0.00028EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.6 views

PT-2026-20843

SPIP before 4.4.8 allows Cross-Site Scripting XSS in the private area via malicious iframe tags. The application does not properly sandbox or escape iframe content in the back-office, allowing an attacker to inject and execute malicious scripts. The fix adds a sandbox attribute to iframe tags in...

5.4CVSS5.6AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.8 views

PT-2026-20918

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.6.44 Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Manually modifying chat history allows setting the embeds property on a response message. The...

7.3CVSS4.8AI score0.00198EPSS
Exploits1References11
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.10 views

SPIP 安全漏洞

SPIP is an open-source software developed by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.8 contained security vulnerabilities. These vulnerabilities stemmed from improper sandboxing or escaping of iframe content in private areas, which could lead to cross-site scripting...

6.1CVSS5.6AI score0.00188EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.8 views

PT-2026-20749

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mdempfle Advanced iFrame advanced-iframe allows DOM-Based XSS.This issue affects Advanced iFrame: from n/a through = 2025.10...

5.5AI score0.00161EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.4 views

PT-2026-20737

Missing Authorization vulnerability in mdempfle Advanced iFrame advanced-iframe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced iFrame: from n/a through = 2025.10...

5.5AI score0.00028EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.6 views

PT-2026-20917

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.7.0 Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Modifying chat history before version 0.7.0 allows manipulation of the html property within...

7.3CVSS4.8AI score0.00194EPSS
Exploits1References19
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.9 views

WordPress plugin Advanced iFrame 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.6AI score0.00161EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-26223

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP before 4.4.8 allows cross-site scripting XSS in the private area via malicious iframe tags. The application does not properly sandbox or escape iframe...

6.1CVSS5.8AI score0.00188EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.7 views

WordPress plugin Popup Box – Easily Create WordPress Popups 操作系统命令注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The WordPres...

6.4CVSS5.7AI score0.0019EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2026/02/13 1:27 p.m.7 views

How to find and remove credential-stealing Chrome extensions

Researchers have found yet another family of malicious extensions in the Chrome Web Store. This time, 30 different Chrome extensions were found stealing credentials from more than 260,000 users. The extensions rendered a full-screen iframe pointing to a remote domain. This iframe overlaid the...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/02/07 6:52 p.m.211 views

Payload-XSS

Payload-XSS Daftar Isi 1. Payload Dasar 1-20payload-...

5.5AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.118 views

📄 Gibbon 14.0.01 Frame Injection

Frame injection vulnerabilities exist in Gibbon version 14.0.01. These vulnerabilities allow remote attackers to inject arbitrary HTML frames into the application. This issue is older research added to the archive. Gibbon v14.0.01 - Frame Injection Vulnerabilities Advisory ID: RO-18-012 Severity:...

5.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/29 3:19 p.m.14 views

CVE-2025-14616

The Recooty – Job Widget Old Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing nonce validation on the recootysavemaybe function. This makes it possible for unauthenticated attackers to update the...

4.3CVSS5.8AI score0.00128EPSS
Exploits0References1
Rows per page
Query Builder