58809 matches found
CVE-2026-8054
creationtimestamp| type| source ---|---|--- 2026-05-27 12:08:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmthwqhajr2p 2026-05-27 16:40:57+00:00| seen| https://bsky.app/profile/basefortify.bsky.social/post/3mmtx4dglos2m 2026-05-27 16:40:58+00:00| seen|...
CVE-2026-3348
The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings Description, Title, and other fields in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
CVE-2026-3349
The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter on the redirect page in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...
CVE-2026-2288
The myLinksDump plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linktitle' parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access...
CVE-2026-999999
creationtimestamp| type| source ---|---|--- 2026-05-27 11:00:04+00:00| seen| https://t.me/GithubRedTeam/86098 2026-05-27 21:02:47+00:00| seen| Telegram/ymQhnDFcziGLHK8SJX7axBvcDuNVbRkzysaenktlRf2qI3g...
CVE-2026-48784
creationtimestamp| type| source ---|---|--- 2026-05-27 10:04:13+00:00| seen| https://bsky.app/profile/symfony.com/post/3mmtaxwk33y23 2026-05-27 14:35:08+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mmtq4e3x7q2h...
CVE-2026-8042
creationtimestamp| type| source ---|---|--- 2026-05-27 09:53:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmtaf7ne3f2e...
CVE-2026-8906
creationtimestamp| type| source ---|---|--- 2026-05-27 09:29:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmt6zpts4t2i...
CVE-2026-3348
Summary: CVE-2026-3348 affects the MinhNhut Link Gateway WordPress plugin up to version 3.6.1. The issue is a Stored Cross-Site Scripting flaw caused by insufficient input sanitization and output escaping in plugin settings (Description, Title, and other fields). Exploitation requires authenticat...
CVE-2026-3348 MinhNhut Link Gateway <= 3.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting via Plugin Settings
The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings Description, Title, and other fields in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
CVE-2026-3348 MinhNhut Link Gateway <= 3.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting via Plugin Settings
The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings Description, Title, and other fields in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
CVE-2026-3349
The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter on the redirect page in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...
EUVD-2026-32174
The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings Description, Title, and other fields in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
CVE-2026-3349
The CVE describes a vulnerability in the MinhNhut Link Gateway plugin for WordPress: a Reflected Cross-Site Scripting issue exploitable via the url parameter on the redirect page, affecting all versions up to and including 3.6.1. The root cause is insufficient input sanitization and output escapi...
CVE-2026-2288
CVE-2026-2288 affects the WordPress plugin myLinksDump (versions up to 1.6). The vulnerability is a Stored Cross-Site Scripting flaw triggered by the attack vector through the public-facing parameter 'link_title', caused by insufficient input sanitization and output escaping. Authentication requi...
CVE-2026-8942
creationtimestamp| type| source ---|---|--- 2026-05-27 09:11:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmt625haue2p...
CVE-2026-7618
creationtimestamp| type| source ---|---|--- 2026-05-27 09:00:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmt5gecmo52v...
CVE-2026-40834
creationtimestamp| type| source ---|---|--- 2026-05-27 08:11:16+00:00| seen| https://infosec.exchange/users/certvde/statuses/116645525736344350 2026-05-27 08:12:06+00:00| seen| https://infosec.exchange/users/certvde/statuses/116645529147227087...
CVE-2026-40812
creationtimestamp| type| source ---|---|--- 2026-05-27 08:11:15+00:00| seen| https://infosec.exchange/users/certvde/statuses/116645525736344350 2026-05-27 08:12:06+00:00| seen| https://infosec.exchange/users/certvde/statuses/116645529147227087...
CVE-2026-8871
The Formidable Kinetic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'kineticlink' shortcode in versions up to, and including, 1.1.01. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes notably 'window', 'class', an...