Lucene search
K

24584 matches found

Cvelist
Cvelist
added 2026/07/01 3:43 a.m.37 views

CVE-2026-9107 Kali Forms <= 2.4.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'kaliforms_field_components' Parameter

The Kali Forms — Contact Form & Drag-and-Drop Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'metakaliformsfieldcomponents' parameter in all versions up to, and including, 2.4.13 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS0.00241EPSS
Exploits0References10
CVE
CVE
added 2026/07/01 3:43 a.m.15 views

CVE-2026-13246

The CVE concerns GiveWP – Donation Plugin and Fundraising Platform for WordPress (up to version 4.16.0). A Stored XSS exists in the givewp_campaign_comments shortcode (block_id and similar attributes) due to insufficient sanitization and escaping in CampaignCommentsShortcode::parseAttributes() an...

6.4CVSS5.9AI score0.00241EPSS
Exploits0References12
NVD
NVD
added 2026/06/30 11:17 p.m.6 views

CVE-2026-56415

Storage Concentrator SC & SCVM contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attacker can submit a specially crafted HTTP request containing a malicious payload that is processed without adequate input sanitization,...

10CVSS0.03074EPSS
Exploits0References3
NVD
NVD
added 2026/06/29 8:17 p.m.13 views

CVE-2026-43724

The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to cause unexpected system termination or write kernel memory...

7.8CVSS0.00142EPSS
Exploits0References2
NVD
NVD
added 2026/06/29 8:17 p.m.8 views

CVE-2026-43722

The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to leak sensitive kernel state...

5.5CVSS0.00147EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/29 7:42 p.m.7 views

CVE-2026-43724

The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to cause unexpected system termination or write kernel memory...

6AI score0.00142EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/29 7:42 p.m.27 views

CVE-2026-43724

The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to cause unexpected system termination or write kernel memory...

0.00142EPSS
Exploits0References2
CVE
CVE
added 2026/06/29 7:42 p.m.33 views

CVE-2026-43724

CVE-2026-43724 affects macOS Tahoe (kernel) and is described as an issue where an app may be able to cause unexpected system termination or write kernel memory. The fixed variant is addressed by improved input sanitization and is released in macOS Tahoe 26.5.2 (also reflected for iOS 26.5.2 and i...

7.8CVSS5.7AI score0.00142EPSS
Exploits0References2Affected Software3
Cvelist
Cvelist
added 2026/06/29 7:42 p.m.24 views

CVE-2026-43722

The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to leak sensitive kernel state...

0.00147EPSS
Exploits0References2
CVE
CVE
added 2026/06/29 7:42 p.m.41 views

CVE-2026-43722

CVE-2026-43722 affects Apple OS components (kernel) on macOS Tahoe and related iOS/iPadOS versions. The issue could allow an app to leak sensitive kernel state via malicious content processed locally; attack vector is local with required user interaction and no privileges, and exploitation status...

5.5CVSS5.7AI score0.00147EPSS
Exploits0References2Affected Software3
RedhatCVE
RedhatCVE
added 2026/06/29 4:33 p.m.7 views

CVE-2026-50269

A flaw was found in aiohttp, an asynchronous HTTP client/server framework. This vulnerability, known as CRLF Carriage Return Line Feed injection, allows an attacker to modify HTTP requests by injecting malicious input into multipart or payload headers. If an application processes user-controlled...

7.5CVSS5.8AI score0.00301EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-302 Cybersecurity AI (CAI) vulnerable to Command Injection in run_ssh_command_with_credentials Agent tool

Summary A command injection vulnerability is present in the function tool runsshcommandwithcredentials available to AI agents. Details This is the source code of the function tool runsshcommandwithcredentials code: python @functiontool def runsshcommandwithcredentials host: str, username: str,...

9.6CVSS6AI score0.01831EPSS
Exploits1References7
OSV
OSV
added 2026/06/29 6:0 a.m.4 views

BIT-GITLAB-2026-10086 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary client-side code in the context of...

8.7CVSS6.1AI score0.00231EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.12 views

PT-2026-53719

Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description Insufficient input sanitization in Apple platforms allows an app to reach sensitive kernel code paths. This improper input validation...

7.8CVSS6.5AI score0.00142EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.10 views

PT-2026-53718

Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A kernel issue exists where an application may be able to leak sensitive kernel state. The problem is related to insufficient input...

5.5CVSS6AI score0.00147EPSS
Exploits0References6
Apple
Apple
added 2026/06/29 12:0 a.m.8 views

About the security content of macOS Tahoe 26.5.2

About the security content of macOS Tahoe 26.5.2 This update delivers security fixes that were first made available in the macOS Tahoe 26.6 beta. This document describes the security content of macOS Tahoe 26.5.2. About Apple security updates For our customers' protection, Apple doesn't disclose,...

9.1CVSS5.8AI score0.00371EPSS
Exploits2References1Affected Software1
Apple
Apple
added 2026/06/29 12:0 a.m.11 views

About the security content of iOS 26.5.2 and iPadOS 26.5.2

About the security content of iOS 26.5.2 and iPadOS 26.5.2 This update delivers security fixes that were first made available in the iOS 26.6 and iPadOS 26.6 betas. This document describes the security content of iOS 26.5.2 and iPadOS 26.5.2. About Apple security updates For our customers'...

9.1CVSS5.8AI score0.00371EPSS
Exploits2References1Affected Software2
CVE
CVE
added 2026/06/27 6:50 a.m.15 views

CVE-2026-12399

The Gutenverse WordPress plugin (Blocks, Page Builder & Site Editor) is affected by a Stored Cross-Site Scripting vulnerability up to version 3.8.0. The issue arises from insufficient input sanitization and output escaping in admin settings, allowing authenticated users with editor-level permissi...

4.4CVSS5.9AI score0.00246EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/06/27 5:33 a.m.36 views

CVE-2026-13245 MaxButtons <= 9.8.5 - Reflected Cross-Site Scripting via 'view' Parameter

The MaxButtons – Create buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'view' parameter in all versions up to, and including, 9.8.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00211EPSS
Exploits0References4
CVE
CVE
added 2026/06/27 1:27 a.m.15 views

CVE-2026-11356

The Ivory Search – WordPress Search Plugin for WordPress is affected by a Stored Cross-Site Scripting vulnerability in the settings fields menu_title and menu_magnifier_color, affecting all versions up to and including 5.5.15. The root cause is insufficient input sanitization and output escaping....

4.4CVSS5.9AI score0.00251EPSS
Exploits0References10
Rows per page
Query Builder