Lucene search
K

15 matches found

EUVD
EUVD
added 2026/06/18 12:56 p.m.8 views

EUVD-2026-37882

UBB.threads is vulnerable to Stored XSS via user posts and user profile fields. The application fails to properly sanitize user input, allowing low privileged attackers to inject arbitrary JavaScript that executes in a victim's browser upon viewing. Because vendor contact attempts were...

5.1CVSS5.3AI score0.00293EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.9 views

CVE-2026-35447

NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page modules/Core/pages/profile.php processes wall post submissions and replies before verifying whether the viewer is authorized to access the profile. This allows any user with the profile.post permission to wri...

5.3CVSS5.6AI score0.00236EPSS
Exploits0References1
OSV
OSV
added 2026/03/31 10:35 p.m.3 views

GHSA-VH89-RJPH-2G7P baserCMS has an SQL injection vulnerability in its blog post functionality

baserCMS has a SQL injection vulnerability in blog posts. Target baserCMS 5.2.2 and earlier versions Vulnerability Malicious SQL may be executed in blog posts. Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more information...

6.9CVSS5.9AI score0.00412EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.5 views

PT-2025-43783

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Justin Tadlock Query Posts query-posts allows Stored XSS.This issue affects Query Posts: from n/a through = 0.3.2...

5.4CVSS6AI score0.00191EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2017-9329

Malware in sbrugna...

5.3CVSS5.3AI score0.11123EPSS
Exploits6References6
Circl
Circl
added 2025/05/28 2:42 p.m.13 views

CVE-2025-32801

creationtimestamp| type| source ---|---|--- 2025-05-28 14:42:56+00:00| seen| https://seclists.org/oss-sec/2025/q2/176 2025-05-28 15:24:20+00:00| seen| https://seclists.org/oss-sec/2025/q2/177 2025-05-28 16:15:52+00:00| seen| https://seclists.org/oss-sec/2025/q2/178 2025-05-28 16:25:37+00:00| seen...

7.8CVSS5.7AI score0.00235EPSS
Exploits0References17
RedhatCVE
RedhatCVE
added 2025/05/23 9:22 a.m.6 views

CVE-2024-3275

The eRoom – Zoom Meetings & Webinars plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.18 via the searchposts function. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain post excerpts...

4.3CVSS5.8AI score0.00534EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/09 8:9 a.m.13 views

CVE-2025-4171

The WZ Followed Posts – Display what visitors are reading plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wfp' shortcode in all versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

6.4CVSS5.9AI score0.00203EPSS
Exploits0References1
Circl
Circl
added 2025/01/22 4:2 p.m.5 views

CVE-2024-52975

creationtimestamp| type| source ---|---|--- 2025-01-22 16:02:59+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113872848727322418 2025-01-23 07:29:56+00:00| seen| https://infosec.exchange/users/cve/statuses/113876493631662291 2025-01-23 08:03:12+00:00| seen|...

9CVSS5.8AI score0.00269EPSS
Exploits0References13
NVD
NVD
added 2025/01/16 8:15 p.m.6 views

CVE-2025-23476

Cross-Site Request Forgery CSRF vulnerability in isnowfy my-related-posts my-related-posts allows Stored XSS.This issue affects my-related-posts: from n/a through = 1.1...

7.1CVSS0.00197EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/16 12:0 a.m.4 views

PT-2024-36316 · Unknown · Linda Macphee-Cobb Category Of Posts

Name of the Vulnerable Software and Affected Versions: Linda MacPhee-Cobb Category of Posts versions n/a through 1.0 Description: The issue is related to a Cross-Site Request Forgery CSRF problem that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on...

7.1CVSS6.9AI score0.00202EPSS
Exploits0References3
Prion
Prion
added 2022/04/21 8:15 p.m.19 views

Sql injection

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&action=edit...

7.5CVSS9.7AI score0.01233EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/04/21 8:15 p.m.19 views

Sql injection

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&find=...

7.5CVSS9.7AI score0.01233EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/01/31 4:15 p.m.7 views

CVE-2021-46458

Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=addpost. This vulnerability can be exploited through a crafted POST request via the posttitle parameter...

7.5CVSS7.3AI score0.0137EPSS
Exploits1References3
Cvelist
Cvelist
added 2014/04/09 11:0 p.m.28 views

CVE-2014-0165

WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php...

5.9AI score0.02368EPSS
Exploits0References5
Rows per page
Query Builder