Lucene search
K

1498 matches found

NVD
NVD
added 2026/06/09 5:16 a.m.14 views

CVE-2026-8910

The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...

6.1CVSS0.0012EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.21 views

PT-2026-47259

Name of the Vulnerable Software and Affected Versions VMware Cloud Foundation Operations affected versions not specified Description Stored cross-site scripting issues exist where a malicious actor with privileges to create policies, views, or text-widgets can inject scripts. This allows the...

8CVSS5.2AI score0.00302EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.10 views

CVE-2026-7421

The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0. This is due to the getshopurl method returning the shopname setting value without sanitization when it begins with "http", combined with insufficient validation in th...

4.4CVSS5.6AI score0.00208EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.11 views

CVE-2026-6256

The Credits Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the 'credits' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.7AI score0.00187EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.14 views

CVE-2026-6701

The addfreespace plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...

4.3CVSS5.4AI score0.00158EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.13 views

CVE-2026-31953

Xibo is an open source digital signage platform with a web content management system and Windows display player software. A stored Cross-Site Scripting XSS vulnerability in versions prior to 4.4.1 allows an authenticated user with notification creation permissions to inject arbitrary JavaScript...

6.4CVSS5.6AI score0.00141EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.9 views

CVE-2026-8602

In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA system and inject arbitrary sensor readings...

9.1CVSS5.6AI score0.00448EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/28 8:13 p.m.14 views

CVE-2026-46363

phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and update endpoints that bypass sanitization through encode-decode cycles. The vulnerability allows authenticated attackers with FAQADD permission to inject malicious script tags via question or answer...

5.4CVSS5.7AI score0.00153EPSS
Exploits0References1
OSV
OSV
added 2026/05/27 2:16 p.m.9 views

UBUNTU-CVE-2026-45849

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: add missing lock protection in ocelotportxmitinj ocelotportxmitinj calls ocelotcaninject and ocelotportinjectframe without holding the injection group lock. Both functions contain lockdepassertheld for the...

5.5CVSS5.7AI score0.00136EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

WordPress plugin WPBakery Page Builder Addons by Livemesh 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

6.4CVSS5.8AI score0.00223EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

Amazon Web Services Kiro CLI 安全漏洞

Amazon Web Services Kiro CLI is a command-line intelligent programming tool provided by Amazon, which supports AI agents, MCP integration, and terminal automation. Versions of the Amazon Web Services Kiro CLI prior to 1.28.0 contained security vulnerabilities. These vulnerabilities stemmed from...

8.4CVSS6AI score0.00119EPSS
Exploits0References2
CISA KEV Catalog
CISA KEV Catalog
added 2026/05/21 12:0 a.m.14 views

Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability

Trend Micro Apex One on-premise contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations...

6.7CVSS5.9AI score0.12682EPSS
In wildExploits0
VulnCheck KEV
VulnCheck KEV
added 2026/05/21 12:0 a.m.21 views

VulnCheck KEV: CVE-2026-34926

A directory traversal vulnerability in the Apex One on-premise server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Apex...

6.7CVSS5.9AI score0.12682EPSS
In wildExploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Ansible

A flaw was discovered in Ansible Engine. This flaw occurs in all versions of Ansible Engine from 2.7.x, 2.8.x, and 2.9.x, up to 2.7.17, 2.8.9, and 2.9.6. The issue arises when using ansiblefacts as a subkey of itself and promoting it to a variable when inject is enabled. After a clean operation,...

7.9CVSS6.9AI score0.00345EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/20 1:25 a.m.15 views

EUVD-2026-31028

The BLOGCHAT Chat System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious...

6.1CVSS5.7AI score0.00174EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:25 a.m.9 views

CVE-2026-8420

The BLOGCHAT Chat System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious...

6.1CVSS5.7AI score0.00174EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.16 views

PT-2026-42078

Name of the Vulnerable Software and Affected Versions BLOGCHAT Chat System versions prior to 1.3.6.4 Description The BLOGCHAT Chat System plugin for WordPress contains a Cross-Site Request Forgery CSRF flaw. This occurs due to missing or incorrect nonce validation—a security token used to ensure...

6.1CVSS5.7AI score0.00174EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.16 views

PT-2026-42077

Name of the Vulnerable Software and Affected Versions Amazon Scraper versions prior to 1.2 Description The Amazon Scraper plugin for WordPress contains a Cross-Site Request Forgery CSRF flaw. This occurs because of missing or incorrect nonce validation—a security token used to ensure requests are...

4.3CVSS5.7AI score0.00191EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2026/05/19 5:0 p.m.13 views

CVE-2026-8602 Missing authentication for critical function in ScadaBR

In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA system and inject arbitrary sensor readings...

8.8CVSS5.9AI score0.00448EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/19 5:0 p.m.12 views

EUVD-2026-30960

In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA system and inject arbitrary sensor readings...

8.8CVSS5.9AI score0.00448EPSS
Exploits0References1
Rows per page
Query Builder