Lucene search
K

450 matches found

Nuclei
Nuclei
added 11 hours ago7 views

Social Auto Poster <= 5.3.14 - Stored Cross-Site Scripting

Social Auto Poster plugin for WordPress versions up to 5.3.14 contains a stored cross-site scripting caused by insufficient sanitization and escaping of 'mapTypes' parameter in the 'wpwautopostermapwordpressposttype' AJAX function, letting unauthenticated attackers inject and execute arbitrary...

7.2CVSS5.8AI score0.00782EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Thunderbird

If a Thunderbird user quoted an HTML email, for example by replying to that email, and the email contained a VIDEO tag with the POSTER attribute or an OBJECT tag with a DATA attribute, a network request to the referenced remote URL would be made, regardless of any configuration that blocks remote...

8.1CVSS7.8AI score0.00528EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/12 10:9 p.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS incomplete validation of URI schemes in attributes such as action, formaction, data, poster, and background. An attacker can execute arbitrary scripts in the context of the user’s browser by injecting a crafted...

5.4CVSS5.3AI score0.00136EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 8:50 p.m.20 views

CVE-2026-53606

A CVE-2026-53606 entry concerns ApostropheCMS (Node.js) and its dependency sanitize-html. The issue arises in sanitize-html versions prior to 2.17.5, where allowedSchemesAppliedToAttributes (default: ['href','src','cite']) do not cover all URI-bearing attributes (e.g., action, formaction, data, p...

5.4CVSS5.3AI score0.00136EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 8:50 p.m.31 views

CVE-2026-53606 sanitize-html has an incomplete URI scheme validation that allows javascript: URIs through action, formaction, data, poster, and background attributes

ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Versions of sanitize-html prior to 2.17.5 use allowedSchemesAppliedToAttributes default: 'href', 'src', 'cite' to gate the naughtyHref function that blocks...

5.4CVSS0.00136EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.8 views

CVE-2026-27416

Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Poster: from n/a through 2.4.1...

5.3CVSS5.4AI score0.00182EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.10 views

CVE-2026-46337

WWBN AVideo is an open source video platform. In 29.0 and earlier, an unauthenticated remote attacker can read arbitrary image files anywhere on disk that the PHP user can open — including private user-profile photos that the application's normal serving wrappers gate behind ACLs, admin-uploaded...

6.9CVSS5.6AI score0.00455EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to version 29 contain security vulnerabilities. These vulnerabilities allow unauthorized remote attackers to read arbitrary image files on a disk that can be accessed by PHP...

6.9CVSS5.9AI score0.00455EPSS
Exploits1References1
OSV
OSV
added 2026/05/28 4:43 p.m.10 views

GHSA-HHG7-C65M-H7FF Symfony's HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite — `javascript`: URI Survives Sanitization (XSS)

Description symfony/html-sanitizer lets applications sanitise untrusted HTML. UrlAttributeSanitizer is the visitor responsible for validating URL-valued attributes and stripping dangerous schemes from them; it runs on every element regardless of configuration. Whether an attribute is kept is...

5.1CVSS5.8AI score0.00082EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/28 4:43 p.m.12 views

Symfony's HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite — `javascript`: URI Survives Sanitization (XSS)

Description symfony/html-sanitizer lets applications sanitise untrusted HTML. UrlAttributeSanitizer is the visitor responsible for validating URL-valued attributes and stripping dangerous schemes from them; it runs on every element regardless of configuration. Whether an attribute is kept is...

5.8AI score0.00082EPSS
Exploits0References6Affected Software2
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.16 views

PT-2026-44727

Name of the Vulnerable Software and Affected Versions symfony/html-sanitizer versions prior to 6.4 Description The UrlAttributeSanitizer visitor fails to validate the schemes of several URL-valued attributes because they are missing from the getSupportedAttributes list. Specifically, the action...

5.1CVSS5.2AI score0.00082EPSS
Exploits0References14
Snyk
Snyk
added 2026/05/20 3:35 p.m.12 views

Cross-site Scripting (XSS)

Overview symfony/html-sanitizer is a Provides an object-oriented API to sanitize untrusted HTML input for safe insertion into a document's DOM. Affected versions of this package are vulnerable to Cross-site Scripting XSS via incomplete URL attribute validation in UrlAttributeSanitizer. An attacke...

6.9CVSS5.5AI score0.00082EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/07 9:31 a.m.30 views

EUVD-2026-28336

Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Poster: from n/a through 2.4.1...

5.3CVSS5.8AI score0.00182EPSS
Exploits0References2
NVD
NVD
added 2026/05/07 9:16 a.m.26 views

CVE-2026-27416

Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Poster: from n/a through 2.4.1...

5.3CVSS0.00182EPSS
Exploits0References1
CVE
CVE
added 2026/05/07 8:38 a.m.23 views

CVE-2026-27416

The CVE-2026-27416 entry documents a Missing Authorization / Broken Access Control vulnerability in the WordPress PDF Poster plugin (versions

5.3CVSS5.8AI score0.00182EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/07 8:38 a.m.11 views

CVE-2026-27416

Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Poster: from n/a through 2.4.1...

5.3CVSS5.8AI score0.00182EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/07 8:38 a.m.8 views

CVE-2026-27416 WordPress PDF Poster plugin <= 2.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Poster: from n/a through 2.4.1...

5.3CVSS5.8AI score0.00182EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/07 8:38 a.m.51 views

CVE-2026-27416 WordPress PDF Poster plugin <= 2.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Poster: from n/a through 2.4.1...

5.3CVSS0.00182EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/07 8:36 a.m.13 views

WordPress PDF Poster plugin <= 2.4.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin PDF Poster versions = 2.4.1...

5.3CVSS5.8AI score0.00182EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

WordPress plugin PDF Poster 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.3CVSS5.8AI score0.00182EPSS
Exploits0References1
Rows per page
Query Builder