Lucene search
K

712 matches found

NVD
NVD
added yesterday7 views

CVE-2026-13015

The Wp Google Places Review Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'place' parameter in versions up to, and including, 18.1. This is due to insufficient input sanitization and output escaping in admin/partials/googlecrawldfs.php, where the $GET'place'...

6.1CVSS0.00211EPSS
Exploits0References5
Cvelist
Cvelist
added yesterday13 views

CVE-2026-13015 WP Google Review Slider <= 18.1 - Reflected Cross-Site Scripting via 'place' Parameter

The Wp Google Places Review Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'place' parameter in versions up to, and including, 18.1. This is due to insufficient input sanitization and output escaping in admin/partials/googlecrawldfs.php, where the $GET'place'...

6.1CVSS0.00211EPSS
Exploits0References5
CVE
CVE
added yesterday10 views

CVE-2026-13015

The CVE-2026-13015 entry applies to the WordPress plugin “Wp Google Places Review Slider” (versions up to and including 18.1). The vulnerability is a Reflected Cross-Site Scripting (XSS) in admin/partials/googlecrawl_dfs.php via the 'place' GET parameter. The value from $_GET['place'] is URL-deco...

6.1CVSS5.9AI score0.00211EPSS
Exploits0References5
EUVD
EUVD
added yesterday6 views

EUVD-2026-40896

The Wp Google Places Review Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'place' parameter in versions up to, and including, 18.1. This is due to insufficient input sanitization and output escaping in admin/partials/googlecrawldfs.php, where the $GET'place'...

6.1CVSS5.9AI score0.00211EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2 days ago4 views

kernel: crypto: algif_aead - Revert to operating out-of-place

A flaw was found in the Linux kernel's algifaead cryptographic algorithm interface. An incorrect in-place operation causes source and destination data mappings to differ during cryptographic processing. A low-privileged local attacker can exploit this flaw to corrupt the contents of sensitive...

7.8CVSS7.3AI score0.96775EPSS
Exploits228References14
Circl
Circl
added 2026/06/23 9:0 p.m.6 views

CVE-2026-12488

creationtimestamp| type| source ---|---|--- 2026-06-23 21:00:08+00:00| seen| https://infosec.place/objects/7f6c82b9-c033-48e7-9877-68f6450948a2...

6.2CVSS5.8AI score0.00197EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/23 12:0 a.m.4 views

CVE-2025-61018

An issue in the sqloplacedtset component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS5.8AI score0.00482EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: crypto: essiv – The ssizei check is moved to the beginning of essivaeadcrypt, so it is also checked for decryption and in-place encryption operations...

5.7AI score0.00274EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.13 views

PT-2026-50922

Name of the Vulnerable Software and Affected Versions Chromacam version 4.0.3.0 Description An unquoted service path issue exists in the PsyFrameGrabberService. This allows local attackers with write access to C: or subdirectories such as C:Program Files x86Personify to execute arbitrary code. By...

8.5CVSS6.5AI score0.0012EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.6 views

EulerOS Virtualization 2.10.0 : kernel (EulerOS-SA-2026-2430)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : xfrm: esp: avoid in-place decrypt on shared skb fragsCVE-2026-43284 crypto: algifaead - Revert to operating...

8.8CVSS7.1AI score0.96775EPSS
Exploits255References3
Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.5 views

EulerOS Virtualization 2.10.1 : kernel (EulerOS-SA-2026-2429)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : xfrm: esp: avoid in-place decrypt on shared skb fragsCVE-2026-43284 crypto: algifaead - Revert to operating...

8.8CVSS7.1AI score0.96775EPSS
Exploits255References3
NVD
NVD
added 2026/06/17 10:40 a.m.7 views

CVE-2026-35262

Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware component: Market Place. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Data...

8.3CVSS0.00387EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2026/06/16 10:30 p.m.17 views

USN-8440-1: Linux kernel (Azure) vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

9.8CVSS6.6AI score0.96775EPSS
Exploits282
OSV
OSV
added 2026/06/16 10:30 p.m.12 views

USN-8440-1 linux-azure-6.8 vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

9.8CVSS7.6AI score0.96775EPSS
Exploits282References394
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-49840

Name of the Vulnerable Software and Affected Versions Oracle Data Integrator version 12.2.1.4.0 Oracle Data Integrator version 14.1.2.0.0 Description An issue exists in the Market Place component of the Oracle Data Integrator product of Oracle Fusion Middleware. A low privileged attacker with...

8.3CVSS5.9AI score0.00387EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.7 views

EulerOS Virtualization 2.11.1 : kernel (EulerOS-SA-2026-2425)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : xfrm: esp: avoid in-place decrypt on shared skb fragsCVE-2026-43284 crypto: algifaead - Revert to operating...

8.8CVSS7.3AI score0.96775EPSS
Exploits255References3
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.5 views

EulerOS Virtualization 2.11.0 : kernel (EulerOS-SA-2026-2427)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : xfrm: esp: avoid in-place decrypt on shared skb fragsCVE-2026-43284 crypto: algifaead - Revert to operating...

8.8CVSS7.3AI score0.96775EPSS
Exploits255References3
OSV
OSV
added 2026/06/15 8:0 p.m.10 views

GHSA-X4VX-RJVF-J5P4 DOMPurify: `IN_PLACE` mode trusts attacker-controlled `nodeName` on live non-form nodes, allowing script retention and XSS via attacker-supplied DOM objects

Summary When DOMPurify.sanitizeroot, INPLACE: true is called on an attacker-supplied live DOM node, DOMPurify still trusts currentNode.nodeName for non-form nodes in the main sanitizeElements pipeline. A real child node whose observable nodeName is attacker-controlled can therefore be misclassifi...

5.5AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 8:0 p.m.16 views

DOMPurify: `IN_PLACE` mode trusts attacker-controlled `nodeName` on live non-form nodes, allowing script retention and XSS via attacker-supplied DOM objects

Summary When DOMPurify.sanitizeroot, INPLACE: true is called on an attacker-supplied live DOM node, DOMPurify still trusts currentNode.nodeName for non-form nodes in the main sanitizeElements pipeline. A real child node whose observable nodeName is attacker-controlled can therefore be misclassifi...

5.5AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/15 7:56 p.m.3 views

GHSA-HPCV-96WG-7VJ8 DOMPurify: Cross-realm IN_PLACE sanitization leaves executable markup intact via realm-bound `instanceof` checks

Cross-realm INPLACE sanitization leaves executable markup intact via realm-bound instanceof checks CWE: CWE-79 XSS — Improper Neutralization of Input During Web Page Generation via CWE-693 Protection Mechanism Failure — realm-bound instanceof checks fail-open on foreign-realm DOM nodes and CWE-50...

6.1CVSS5.8AI score0.00055EPSS
Exploits0References2
Rows per page
Query Builder