Lucene search
+L

89 matches found

Cvelist
Cvelist
added 2026/07/02 5:35 a.m.40 views

CVE-2026-13704 GiveWP <= 4.16.1 - Authenticated (Give Worker+) Stored Cross-Site Scripting via Sequioa Form

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sequoiaintroductionimage' parameter in all versions up to, and including, 4.16.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00235EPSS
Exploits0References9
EUVD
EUVD
added 2026/07/02 5:35 a.m.9 views

EUVD-2026-41251

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sequoiaintroductionimage' parameter in all versions up to, and including, 4.16.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.9AI score0.00235EPSS
Exploits0References9
CVE
CVE
added 2026/06/09 12:25 p.m.43 views

CVE-2026-46330

The CVE-2026-46330 entry concerns the Linux kernel TCP ULP support for SMC. The vulnerability arises when an active TCP socket is converted into an SMC socket by in-place modifications to core VFS structures (struct file, dentry, inode), violating VFS invariants that expect these structures to be...

7.8CVSS5.4AI score0.00112EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.8 views

MaxKB 安全漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.7.1 contained a security vulnerability. This vulnerability stemmed from a storage-oriented cross-site scripting in the application introduction field,...

5.4CVSS5.8AI score0.0018EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-1510

Malware in sbrugna...

5.5CVSS5.7AI score0.00404EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-0128

Malware in sbrugna...

9.8CVSS7.3AI score0.06031EPSS
Exploits1References22
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-41502

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00302EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-51390

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00721EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/07/30 12:0 a.m.2 views

Microsegmentation in Zero Trust Part One: Introduction and Planning

The Journey to Zero Trust series covers cybersecurity capabilities and architecture supporting organization adoption of modern zero trust ZT principles. ZT’s core concept of never trust and always verify evolved from prior cybersecurity models. This current ZT series supports an organization’s ZT...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/17 4:53 a.m.11 views

Meta Starts Showing Ads on WhatsApp After 6-Year Delay From 2018 Announcement

Meta Platforms on Monday announced that it's bringing advertising to WhatsApp, but emphasized that the ads are "built with privacy in mind." The ads are expected to be displayed on the Updates tab through its Stories-like Status feature, which allows ephemeral sharing of photos, videos, voice...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:54 a.m.10 views

CVE-2023-33983

The Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the public keys of introducees. An introducer can launch man-in-the-middle attacks against later private communication between two introduced parties...

7.4CVSS6.9AI score0.00596EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:3 p.m.13 views

CVE-2020-18167

Cross Site Scripting XSS in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Homepage Introduction" field of component "admin/info.php?shuyu"...

4.8CVSS6.9AI score0.00865EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 9:16 a.m.8 views

CVE-2019-17613

qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin=addjf via CSRF, as demonstrated by a payload in the...

9.8CVSS7.9AI score0.02857EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:48 p.m.14 views

CVE-2005-2017

Symantec AntiVirus 9 Corporate Edition allows local users to gain privileges via the "Scan for viruses" option, which launches a help window with raised privileges, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2002-1540...

10CVSS6.8AI score0.01694EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/01 12:0 a.m.5 views

PT-2025-18482 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability has been resolved in the Linux kernel, specifically in the net/9p module. The issue involves inconsistent lock state in the p9 req put function, which can be caused by...

5AI score0.00124EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2025/04/10 4:0 a.m.12 views

CVE-2025-31475

tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where the addOrUpdate function, used for applying custom texts, did not properly validate input. This allowed an attacker with direct access to the site's source code ...

5.5CVSS7.4AI score0.00322EPSS
Exploits0References1
HackRead
HackRead
added 2025/03/24 10:31 a.m.31 views

Arsen Introduces AI-Powered Phishing Tests to Improve Social Engineering Resilience

Paris, France, 24th March 2025, CyberNewsWire...

7.3AI score
Exploits0
NVD
NVD
added 2025/02/27 8:16 p.m.16 views

CVE-2025-21802

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix oops when unload drivers paralleling When unload hclge driver, it tries to disable sriov first for each aedev node from hnae3aedevlist. If user unloads hns3 driver at the time, because it removes all the aedev node...

5.5CVSS0.00191EPSS
Exploits0References10
OSV
OSV
added 2025/02/27 8:0 p.m.8 views

CVE-2025-21802 net: hns3: fix oops when unload drivers paralleling

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix oops when unload drivers paralleling When unload hclge driver, it tries to disable sriov first for each aedev node from hnae3aedevlist. If user unloads hns3 driver at the time, because it removes all the aedev node...

5.5CVSS6AI score0.00191EPSS
Exploits0References13
CVE
CVE
added 2025/02/27 8:0 p.m.181 views

CVE-2025-21802

CVE-2025-21802 is a Linux kernel issue affecting the networking driver path for hns3. The vulnerability arises during driver unload when the hclge path attempts to disable SR-IOV for each ae_dev in hnae3_ae_dev_list while the ae_dev list is being modified, which can cause an oops. The root cause ...

5.5CVSS6.5AI score0.00191EPSS
Exploits0References10Affected Software1
Rows per page
Query Builder