Lucene search
K

399 matches found

NVD
NVD
added yesterday6 views

CVE-2026-7517

The Custom Payment Gateways for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'algwccpginputfields' parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS0.00247EPSS
Exploits0References8
EUVD
EUVD
added yesterday6 views

EUVD-2026-40902

The Custom Payment Gateways for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'algwccpginputfields' parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS5.9AI score0.00247EPSS
Exploits0References8
CVE
CVE
added yesterday8 views

CVE-2026-7517

The CVE-2026-7517 entry concerns the Custom Payment Gateways for WooCommerce WordPress plugin. It is vulnerable to Stored Cross-Site Scripting via the alg_wc_cpg_input_fields parameter in all versions up to 2.1.0 due to insufficient input sanitization and output escaping. Exploitation is possible...

7.2CVSS5.9AI score0.00247EPSS
Exploits0References8
Cvelist
Cvelist
added yesterday31 views

CVE-2026-7517 Custom Payment Gateways for WooCommerce <= 2.1.0 - Unauthenticated Stored Cross-Site Scripting via 'alg_wc_cpg_input_fields' Parameter

The Custom Payment Gateways for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'algwccpginputfields' parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS0.00247EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.9 views

CVE-2025-62309

HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the browser, potentially leading to unintended exposure under specific conditions...

2.6CVSS5.4AI score0.00115EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.12 views

CVE-2026-6696

The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'firstname', 'lastname', and 'phone' parameters on the plugin's sign-up admin page in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output...

6.1CVSS5.7AI score0.00219EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 4:22 p.m.11 views

CVE-2026-46243 smb: client: reject userspace cifs.spnego descriptions

In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcalltarget that cifs.upcall treats as kernel-originating inputs. However,...

7.1CVSS5.8AI score0.00353EPSS
Exploits4References8
Vulnrichment
Vulnrichment
added 2026/05/25 2:15 p.m.7 views

CVE-2018-25369 Visual Ping 0.8.0.0 Buffer Overflow Denial of Service

Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious payloads exceeding 4108 bytes into the Host, Time Out, Packet Size, Pause, or Loops fields to trigg...

6.9CVSS6AI score0.0017EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/25 2:15 p.m.12 views

EUVD-2018-21890

Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious payloads exceeding 4108 bytes into the Host, Time Out, Packet Size, Pause, or Loops fields to trigg...

6.9CVSS6AI score0.0017EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:15 p.m.7 views

CVE-2018-25369

Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious payloads exceeding 4108 bytes into the Host, Time Out, Packet Size, Pause, or Loops fields to trigg...

6.9CVSS6AI score0.0017EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.10 views

Visual Ping 安全漏洞

Visual Ping is a website change monitoring tool from Visual Ping. A security vulnerability exists in Visual Ping version 0.8.0.0, which stems from a buffer overflow in input field handling that could cause a local attacker to crash the application by supplying oversized data...

6.9CVSS6.1AI score0.0017EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.11 views

PT-2026-43221

Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious payloads exceeding 4108 bytes into the Host, Time Out, Packet Size, Pause, or Loops fields to trigg...

6.9CVSS6AI score0.0017EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/23 6:30 p.m.14 views

CVE-2018-25355 Audiograbber 1.83 Local Buffer Overflow via SEH

Audiograbber 1.83 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious input in the Interpret or Album fields that triggers a buffer overflow, overwriting SEH pointers a...

8.6CVSS0.00162EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/21 5:9 p.m.8 views

EUVD-2026-31294

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in dbloader.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters ticketshost, ticketsdb, ticketsuser, ticketspassword,...

5.4CVSS5.8AI score0.00212EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.11 views

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of the frmaddstr POST parameter in the ics213.php file, allowing uncleane...

5.4CVSS5.8AI score0.00212EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 5:16 p.m.16 views

CVE-2025-62309

HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the browser, potentially leading to unintended exposure under specific conditions...

2.6CVSS0.00115EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 4:10 p.m.7 views

EUVD-2025-209850

HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the browser, potentially leading to unintended exposure under specific conditions...

2.6CVSS5.8AI score0.00115EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 4:10 p.m.9 views

CVE-2025-62309

HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the browser, potentially leading to unintended exposure under specific conditions...

2.6CVSS5.8AI score0.00115EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/14 4:10 p.m.8 views

CVE-2025-62309 HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields.

HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the browser, potentially leading to unintended exposure under specific conditions...

2.6CVSS5.8AI score0.00115EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.10 views

PT-2026-40952

HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the browser, potentially leading to unintended exposure under specific conditions...

2.6CVSS5.8AI score0.00115EPSS
Exploits0References2
Rows per page
Query Builder