Lucene search
K

49163 matches found

NVD
NVD
added 48 minutes ago2 views

CVE-2026-13042

The RPB Chessboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content in all versions up to, and including, 8.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

7.2CVSS
Exploits0References8
CVE
CVE
added 2 hours ago7 views

CVE-2026-13042

Technical details about CVE-2026-13042 are not publicly available in the provided documents; monitor for updates.

7.2CVSS6.2AI score
Exploits0References8
Cvelist
Cvelist
added 2 hours ago7 views

CVE-2026-13042 RPB Chessboard <= 8.1.2 - Unauthenticated Stored Cross-Site Scripting via Comment Content

The RPB Chessboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content in all versions up to, and including, 8.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

7.2CVSS
Exploits0References8
EUVD
EUVD
added 2 hours ago2 views

EUVD-2026-44865

The RPB Chessboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content in all versions up to, and including, 8.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

7.2CVSS
Exploits0References8
Positive Technologies
Positive Technologies
added 6 hours ago3 views

PT-2026-60406

The RPB Chessboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content in all versions up to, and including, 8.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

7.2CVSS6.2AI score
Exploits0References9
Github Security Blog
Github Security Blog
added yesterday5 views

systeminformation: OS command injection in networkInterfaces() via interfaces(5) source-directive path on Linux

Summary On Linux, systeminformation's networkInterfaces is vulnerable to OS command injection through the Debian/Ubuntu interfaces5 source directive. While collecting per-interface DHCP state, the library reads /etc/network/interfaces and, for every source line it encounters, extracts the path...

6.3AI score
Exploits0References4Affected Software1
OSV
OSV
added yesterday2 views

GHSA-5XPP-75JX-M839 systeminformation: OS command injection in networkInterfaces() via interfaces(5) source-directive path on Linux

Summary On Linux, systeminformation's networkInterfaces is vulnerable to OS command injection through the Debian/Ubuntu interfaces5 source directive. While collecting per-interface DHCP state, the library reads /etc/network/interfaces and, for every source line it encounters, extracts the path...

8.7CVSS6.3AI score
Exploits0References4
OSV
OSV
added yesterday6 views

GHSA-7GCF-G7XR-8HXJ serde_with: KeyValueMap serialization panics on empty sequence or map entries

Summary The public KeyValueMap serializer assumes that each mapped element has at least one field or item to use as the map key, but it subtracts 1 from the caller-visible length before validating that assumption. An application that serializes attacker-controlled data through serdeasas =...

5.1CVSS6.1AI score
Exploits0References5
Github Security Blog
Github Security Blog
added yesterday8 views

serde_with: KeyValueMap serialization panics on empty sequence or map entries

Summary The public KeyValueMap serializer assumes that each mapped element has at least one field or item to use as the map key, but it subtracts 1 from the caller-visible length before validating that assumption. An application that serializes attacker-controlled data through serdeasas =...

6.1AI score
Exploits0References5Affected Software1
GithubExploit
GithubExploit
added yesterday15 views

Exploit for CVE-2026-21045

CVE-2026-21045 & CVE-2026-21048 — Samsung libimagecodec.quram...

8.3CVSS6.3AI score0.00379EPSS
Exploits1
NVD
NVD
added yesterday6 views

CVE-2026-50182

WWBN AVideo is an open source video platform. Versions prior to 29.0 contain an unauthenticated Reflected XSS vulnerability through AVideo YouTubeAPI Gallery Pagination. The $GET'search' query parameter is concatenated directly into the href attribute of two pagination links in...

6.1CVSS0.00094EPSS
Exploits0References2
OSV
OSV
added yesterday3 views

JLSEC-2026-770 OSGeo GDAL vulnerable to out-of-bounds read

A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the...

4.8CVSS5.6AI score0.00246EPSS
Exploits1References11
EUVD
EUVD
added yesterday4 views

EUVD-2026-44827

WWBN AVideo is an open source video platform. Versions prior to 29.0 contain an unauthenticated Reflected XSS vulnerability through AVideo YouTubeAPI Gallery Pagination. The $GET'search' query parameter is concatenated directly into the href attribute of two pagination links in...

6.1CVSS6.3AI score0.00094EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday10 views

CVE-2026-50182 AVideo Has Unauthenticated Reflected XSS via $_GET['search'] in YouTubeAPI Gallery Pagination

WWBN AVideo is an open source video platform. Versions prior to 29.0 contain an unauthenticated Reflected XSS vulnerability through AVideo YouTubeAPI Gallery Pagination. The $GET'search' query parameter is concatenated directly into the href attribute of two pagination links in...

6.1CVSS0.00094EPSS
Exploits0References2
CVE
CVE
added yesterday17 views

CVE-2026-50182

Summary (CVE-2026-50182) WWBN AVideo (API + YouTubeAPI + Layout plugins) is affected. Versions prior to 29.0 contain an unauthenticated Reflected XSS via the $_GET['search'] parameter used in the YouTubeAPI gallery pagination. The payload is injected into the hrefs of the previous/next page links...

6.1CVSS6.3AI score0.00094EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-49459

A flaw was found in DOMPurify, a library designed to sanitize HTML, MathML, and SVG to prevent cross-site scripting XSS attacks. A remote attacker could exploit a vulnerability in the DOMPurify.sanitize function when used with the INPLACE: true option. This flaw allows an attacker to bypass the...

6.1CVSS6.2AI score0.00254EPSS
Exploits0References6
OSV
OSV
added yesterday3 views

MAL-2026-10670 Malicious code in eslintcmd (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cf4500fbbfc85f42275772210ace6efb69c5f90d9d0a5edd7c0c75fa271f0c3 The package's postinstall script scripts/install-check.cjs fetches a JSON config from https://slimopump.vercel.app/config/clob-math.json, downloads...

6.3AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday6 views

Malicious code in eslintcmd (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cf4500fbbfc85f42275772210ace6efb69c5f90d9d0a5edd7c0c75fa271f0c3 The package's postinstall script scripts/install-check.cjs fetches a JSON config from https://slimopump.vercel.app/config/clob-math.json, downloads...

6.3AI score
Exploits0References1
Nuclei
Nuclei
added yesterday60 views

SiYuan <= v3.5.9 - SVG Animate Element XSS

SiYuan = v3.5.9 contains a reflected XSS caused by insufficient SVG sanitization allowing SVG animation elements to inject executable JavaScript in /api/icon/getDynamicIcon endpoint, letting unauthenticated attackers execute scripts. id: CVE-2026-31807 info: name: SiYuan = v3.5.9 - SVG Animate...

6.4CVSS7.1AI score0.00445EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday18 views

Rank Math SEO <= 1.0.40.2 - Redirect Creation via Unprotected REST API Endpoint

The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs that redirect to an external web site via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue; instead, it allows the...

6.1CVSS6.5AI score0.02072EPSS
Exploits2References3
Rows per page
Query Builder