Lucene search
K

4505 matches found

Cvelist
Cvelist
added 2026/06/25 1:12 p.m.29 views

CVE-2026-54821 WordPress Visual Link Preview plugin <= 2.3.1 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in Visual Link Preview = 2.3.1 versions...

7.4CVSS0.00264EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:12 p.m.15 views

CVE-2026-54821

The CVE-2026-54821 entry concerns the WordPress Visual Link Preview plugin, affected versions are

7.4CVSS5.8AI score0.00264EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.7 views

PT-2026-52575

Name of the Vulnerable Software and Affected Versions Bitwarden Server versions prior to 2026.5.0 Description Broken access control allows any authenticated user to access arbitrary organization billing data. By supplying an arbitrary organizationId to the PreviewInvoiceController endpoints, an...

5.3CVSS5.9AI score0.00248EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.4 views

PT-2026-52491

Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.4-rc1 Description A flaw exists in the markdown artifact preview pipeline. The generateMarkdownHtml function located in client/src/utils/markdown.ts utilizes a custom image renderer that triggers a fallback to t...

5.4CVSS6AI score0.0014EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52410

Name of the Vulnerable Software and Affected Versions Visual Link Preview versions 2.3.1 and earlier Description Subscriber sensitive data exposure occurs in the software, potentially allowing unauthorized access to private information. Recommendations Disable or isolate the software immediately...

7.4CVSS5.8AI score0.00264EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 8:28 p.m.16 views

CVE-2026-31978 motionEye: Arbitrary File Read via Path Traversal in Picture/Movie Preview Endpoint

motionEye mEye is an online interface for motion software, which is a video surveillance program with motion detection. Versions prior to 0.44.0 are vulnerable to path traversal in the picture and movie API endpoints, suhc as /picture/id/preview/filename. Neither the API handlers, nor the...

6.5CVSS0.00418EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 8:28 p.m.12 views

CVE-2026-31978

Summary: CVE-2026-31978 affects motionEye (pre-0.44.0). A path traversal flaw in the picture/movie preview endpoints (/picture/{id}/preview/{filename}) allows an authenticated, non-admin user to read arbitrary files on the host filesystem via the get_media_preview() path, since it doesn’t check f...

6.5CVSS5.9AI score0.00418EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 8:14 p.m.15 views

CVE-2026-52798 Gogs: Stored XSS in `.ipynb` Preview

Gogs is an open source self-hosted Git service. Prior to 0.14.3, although .ipynb previews are sanitized on the server side via /-/api/sanitizeipynb, the inserted content is re-rendered on the client side without sanitization using marked on elements with the .nb-markdown-cell class. During this...

8.9CVSS0.00429EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 7:17 p.m.9 views

CVE-2026-53943

Ghost is a Node.js content management system. From until 6.37.0, when Ghost is behind a shared caching layer that results in cached content being shared between different visitors, an unauthenticated user could send an x-ghost-preview header that altered the rendered frontend response. In affecte...

9.6CVSS0.00244EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 6:13 p.m.27 views

CVE-2026-53943 Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header

Ghost is a Node.js content management system. From until 6.37.0, when Ghost is behind a shared caching layer that results in cached content being shared between different visitors, an unauthenticated user could send an x-ghost-preview header that altered the rendered frontend response. In affecte...

9.6CVSS0.00244EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 6:13 p.m.33 views

CVE-2026-53943

The CVE-2026-53943 entry describes a Ghost CMS vulnerability where, on sites behind a shared caching layer, an unauthenticated user can send an x-ghost-preview header that poisons cached responses, altering rendered frontend output. In affected configurations, this cached, request-specific previe...

9.6CVSS5.9AI score0.00244EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 7:16 a.m.11 views

CVE-2026-9710

The Cornerstone WordPress plugin before 7.8.8 does not enforce capability checks on one of its CSS-preview request handlers, and exposes the nonce needed to call it to every logged-in user on any wp-admin page, allowing any authenticated user to evaluate dynamic content tokens against arbitrary...

7.7CVSS0.00219EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 6:0 a.m.8 views

EUVD-2026-38697

The Cornerstone WordPress plugin before 7.8.8 does not enforce capability checks on one of its CSS-preview request handlers, and exposes the nonce needed to call it to every logged-in user on any wp-admin page, allowing any authenticated user to evaluate dynamic content tokens against arbitrary...

7.7CVSS6AI score0.00219EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 6:0 a.m.14 views

CVE-2026-9710

The CVE covers the premium Cornerstone WordPress component bundled with X Theme, affected versions before 7.8.8. Root cause: a CSS-preview request handler did not enforce capability checks and exposed the nonce to every logged-in user on wp-admin pages. Impact: any authenticated user can evaluate...

7.7CVSS6AI score0.00219EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 5:33 a.m.7 views

EUVD-2026-38656

The URL Preview plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0 via the 'url' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be use...

7.2CVSS5.9AI score0.00281EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.33 views

CVE-2026-12100 URL Preview <= 1.0 - Unauthenticated Server-Side Request Forgery via 'url' Parameter

The URL Preview plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0 via the 'url' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be use...

7.2CVSS0.00281EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 5:33 a.m.14 views

CVE-2026-12100

CVE-2026-12100 affects the WordPress URL Preview plugin. It is vulnerable to unauthenticated Server-Side Request Forgery via the url parameter in all versions up to and including 1.0. An unauthenticated attacker can cause the web application to issue requests to arbitrary locations from the web a...

7.2CVSS5.9AI score0.00281EPSS
Exploits0References3
OSV
OSV
added 2026/06/23 6:32 p.m.2 views

GHSA-RW9Q-97R9-8GVH motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read

Summary mEye contains an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files from the filesystem. The affected handlers accept a user-controlled filename parameter and construct filesystem paths using os.path.join. When an absolute...

8.7CVSS6AI score0.00623EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/23 6:32 p.m.9 views

motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read

Summary mEye contains an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files from the filesystem. The affected handlers accept a user-controlled filename parameter and construct filesystem paths using os.path.join. When an absolute...

8.7CVSS6AI score0.00623EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/06/23 6:18 p.m.14 views

CVE-2026-54011

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6,Open WebUI renders Mermaid blocks from Markdown files in the file preview panel and inserts the generated SVG into the DOM using innerHTML. Because Mermaid is configured with...

8.7CVSS0.002EPSS
Exploits1References1
Rows per page
Query Builder