Lucene search
K

1523 matches found

CVE
CVE
added 8 hours ago7 views

CVE-2026-15677

The CVE-2026-15677 entry concerns code-projects Online Job Portal 1.0. Affected component: /JobSeekerInsert.php. Issue: manipulating the argument txtFile allows unrestricted upload, with the attack executable remotely and the exploit publicly available. Impact is described as unrestricted file up...

7.5CVSS6.8AI score
Exploits0References6
NVD
NVD
added yesterday6 views

CVE-2026-15518

A vulnerability has been found in AREA 17 Twill CMS up to 3.6.0. The impacted element is the function FileLibraryController::storeFile of the file src/Http/Controllers/Admin/FileLibraryController.php of the component Media Library Insert Page. Such manipulation of the argument qqfilename leads to...

5.8CVSS0.00248EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-59922 Mistune plugins/formatting: quadratic-time parsing on long runs of `~~x~~`, `==x==`, and `^^x^^` markers (strikethrough / mark / insert)

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a run of closed tilde, equals-sign, or caret marker pairs around a character causes quadratic work in src/mistune/plugins/formatting.py when the strikethrough, mark, or insert plugin scans for matching markers from ea...

7.5CVSS0.00366EPSS
Exploits1References3
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42135

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, UpsertWorkspaceApp overwrites an existing app's agentid on a primary-key conflict and insertAgentApp accepts the app ID from the provisioner's CompleteJob...

8.7CVSS6AI score0.00508EPSS
Exploits0References6
OSV
OSV
added last week5 views

PYSEC-2026-1306 Reverb use after free vulnerability

There exists a use after free vulnerability in Reverb. Reverb supports the VARIANT datatype, which is supposed to represent an arbitrary object in C++. When a tensor proto of type VARIANT is unpacked, memory is first allocated to store the entire tensor, and a ctor is called on each instance...

6.1CVSS6.1AI score0.00123EPSS
Exploits0References6
NVD
NVD
added 2026/07/02 6:16 a.m.12 views

CVE-2026-10089

The Insert Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post custom field keys meta key names in all versions up to, and including, 3.11.4. This is due to insufficient output escaping in the themeta function: while the custom field VALUE is sanitized with wpksespost...

6.4CVSS0.00217EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/02 5:35 a.m.9 views

EUVD-2026-41249

The Insert Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post custom field keys meta key names in all versions up to, and including, 3.11.4. This is due to insufficient output escaping in the themeta function: while the custom field VALUE is sanitized with wpksespost...

6.4CVSS5.9AI score0.00217EPSS
Exploits0References8
CVE
CVE
added 2026/07/02 5:35 a.m.19 views

CVE-2026-10089

CVE-2026-10089 concerns the WordPress plugin Insert Pages (versions up to 3.11.4). It describes a Stored XSS where the meta field key (not the value) is interpolated into rendered HTML without escaping when rendering a page via the [insert page] shortcode. The underlying cause is insufficient esc...

6.4CVSS5.9AI score0.00217EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/07/02 5:35 a.m.7 views

CVE-2026-10089

The Insert Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post custom field keys meta key names in all versions up to, and including, 3.11.4. This is due to insufficient output escaping in the themeta function: while the custom field VALUE is sanitized with wpksespost...

6.4CVSS5.9AI score0.00217EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/07/02 5:35 a.m.40 views

CVE-2026-10089 Insert Pages <= 3.11.4 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Field Keys (Meta Key Names)

The Insert Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post custom field keys meta key names in all versions up to, and including, 3.11.4. This is due to insufficient output escaping in the themeta function: while the custom field VALUE is sanitized with wpksespost...

6.4CVSS0.00217EPSS
Exploits0References8
NVD
NVD
added 2026/07/01 9:17 p.m.11 views

CVE-2026-54720

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In versions prior to 6.2.2, the "Insert media from web" functionality in the CMS is vulnerable to XSS from a specially crafted embed. This issue was fixed in version 6.2.2/...

5.4CVSS0.00263EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 9:2 p.m.38 views

CVE-2026-54720 Silverstripe Framework: Possible XSS attack through media embed

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In versions prior to 6.2.2, the "Insert media from web" functionality in the CMS is vulnerable to XSS from a specially crafted embed. This issue was fixed in version 6.2.2/...

5.4CVSS0.00263EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/01 9:2 p.m.7 views

CVE-2026-54720

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In versions prior to 6.2.2, the "Insert media from web" functionality in the CMS is vulnerable to XSS from a specially crafted embed. This issue was fixed in version 6.2.2/...

5.4CVSS5.8AI score0.00263EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/07/01 9:2 p.m.12 views

CVE-2026-54720

Silverstripe Framework (PHP) contains an XSS vulnerability in the CMS “Insert media from web” feature, exploitable via a specially crafted embed. The issue affects versions prior to 6.2.2 and is mitigated by upgrading to 6.2.2 or later. The vulnerability stems from the media embed handling and co...

5.4CVSS5.8AI score0.00263EPSS
Exploits0References2
OSV
OSV
added 2026/07/01 9:2 p.m.6 views

CVE-2026-54720 Silverstripe Framework: Possible XSS attack through media embed

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In versions prior to 6.2.2, the "Insert media from web" functionality in the CMS is vulnerable to XSS from a specially crafted embed. This issue was fixed in version 6.2.2/...

5.4CVSS5.9AI score0.00263EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/07/01 5:21 p.m.5 views

WordPress Insert Pages plugin <= 3.11.4 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Insert Pages versions = 3.11.4...

6.4CVSS5.8AI score0.00217EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2026/07/01 3:35 a.m.6 views

SUSE CVE-2026-13573

A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of the component ValueSymbolTable Module. The manipulation results in stack-based buffer overflow. Attacking locally is a requirement. The...

4.8CVSS6AI score0.00124EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54846

Name of the Vulnerable Software and Affected Versions Silverstripe Framework versions prior to 6.2.2 Description The "Insert media from web" functionality in the CMS is susceptible to Cross-Site Scripting XSS, a technique where malicious scripts are injected into trusted websites, when processing...

5.4CVSS6AI score0.00263EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/30 8:0 p.m.8 views

CVE-2026-13573

A flaw was found in llvm. A local attacker could exploit a stack-based buffer overflow vulnerability in the llvm::StringMap::insert function. This manipulation could lead to a denial of service, making the affected system or application unavailable. Mitigation Mitigation for this issue is either...

4.8CVSS5.9AI score0.00124EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2026-13573

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of th...

4.8CVSS6AI score0.00124EPSS
Exploits0References4
Rows per page
Query Builder