Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Vulnrichment
Vulnrichmentadded 2026/05/03 7:30 a.m.2 views

CVE-2026-7686 eyeo Adblock Plus Legacy Premium Activation premium.preload.js postMessage access control

A vulnerability was found in eyeo Adblock Plus up to 4.36.2 on Chrome. Affected by this vulnerability is the function postMessage of the file premium.preload.js of the component Legacy Premium Activation. Performing a manipulation results in improper access controls. Remote exploitation of the...

6.9CVSS5.7AI score0.0004EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/04/22 12:0 a.m.3 views

PT-2026-37156

Name of the Vulnerable Software and Affected Versions locize versions prior to 4.0.21 Description The locize client SDK registers a window.addEventListener"message", … handler that dispatches to internal handlers such as editKey, commitKey, commitKeys, isLocizeEnabled, and requestInitialize witho...

7.5CVSS5.8AI score0.00016EPSS
Exploits0References7
CNNVD
CNNVDadded 2025/12/19 12:0 a.m.1 views

Foxit PDF Editor 安全漏洞

Foxit PDF Editor is a PDF editor from the Chinese company Foxit Foxit. A security vulnerability exists in Foxit PDF Editor, which stems from the postMessage handler not validating the source of a message, and could lead to stored cross-site scripting...

6.3CVSS6AI score0.00026EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/12/14 5:3 a.m.1 views

CVE-2025-12077

The WP to LinkedIn Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS5.6AI score0.00118EPSS
Exploits0References1
CVE
CVEadded 2025/12/13 4:31 a.m.7 views

CVE-2025-12077

The CVE CVE-2025-12077 refers to the WP to LinkedIn Auto Publish WordPress plugin. It is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to and including 1.9.8 due to insufficient input sanitization and output escaping. The vulnerability allows unauthenticated atta...

6.1CVSS5.3AI score0.00118EPSS
Exploits0References3
Patchstack
Patchstackadded 2025/11/10 1:20 a.m.4 views

WordPress WP2Social Auto Publish plugin <= 2.4.7 - Reflected Cross-Site Scripting via PostMessage vulnerability

Reflected Cross-Site Scripting via PostMessage vulnerability discovered by Nicolai Hellesnes nico in WordPress Plugin WP2Social Auto Publish versions = 2.4.7...

6.1CVSS6.3AI score0.00106EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2025/05/22 3:42 a.m.139 views

CVE-2025-5062

The CVE-2025-5062 issue affects the WooCommerce plugin for WordPress, where PostMessage input data on the customize-store page is not properly sanitized or escaped. This allows unauthenticated attackers to inject arbitrary scripts in pages that a user visits if they can entice the user to perform...

6.1CVSS6.3AI score0.01571EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder