Lucene search
K

1213 matches found

CVE
CVE
added yesterday16 views

CVE-2026-49981

CVE-2026-49981 (Twig) describes a bypass where the per-template allow-list verdict was cached at Template construction and could be reused after the sandbox state changed between renders. This affected twig/twig up to versions before 3.27.0, enabling a later sandboxed render to reuse an earlier c...

6CVSS6.1AI score
Exploits0References3
Nuclei
Nuclei
added 2 days ago60 views

Shield Security WP Plugin <= 18.5.9 - Local File Inclusion

The Shield Security Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the renderactiontemplate parameter. This makes it possible for unauthenticated attacker to include and execute PHP fil...

9.8CVSS7.2AI score0.56567EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-42861

The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget's 'sgbodydescription' parameter in versions up to, and including, 3.2.6. This is due to insufficient input...

6.4CVSS6.2AI score0.00206EPSS
Exploits0References8
CVE
CVE
added 6 days ago10 views

CVE-2026-59855

The CVE affects SiYuan prior to version 3.7.1 where Asset.render (app/src/asset/index.ts) interpolates unsanitized this.path into innerHTML. This allows a crafted asset link containing a double quote to break the src attribute and inject an event handler, enabling JavaScript execution that can ru...

8.6CVSS6AI score0.00305EPSS
Exploits0References3
OSV
OSV
added 6 days ago2 views

CVE-2026-59855 SiYuan: Store XSS To Rce via Asset.render

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, Asset.render in app/src/asset/index.ts interpolates the unsanitized this.path value into HTML assigned to innerHTML, allowing a crafted asset link containing a double quote to break out of the src attribute, inject an...

8.6CVSS6.2AI score0.00305EPSS
Exploits0References5
NVD
NVD
added 6 days ago5 views

CVE-2026-13253

The Ultimate Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'moreResultsText' block attribute of the ultimate-post/advanced-search block in versions up to and including 5.0.31. This is due to insufficient input sanitization and output escaping in the...

6.4CVSS0.00206EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-57012

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.1 Description In the Asset.render function within app/src/asset/index.ts, the unsanitized this.path variable is interpolated into HTML assigned to innerHTML. A crafted asset link containing a double quote can break...

8.6CVSS6.2AI score0.00305EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.7 views

PT-2026-56663

Name of the Vulnerable Software and Affected Versions ECA: Event - Condition - Action versions 0.0.0 through 2.1.20 ECA: Event - Condition - Action versions 3.0.0 through 3.0.12 ECA: Event - Condition - Action versions 3.1.0 through 3.1.4 Description Improperly controlled modification of...

6.1AI score0.00175EPSS
Exploits0References3
Fedora
Fedora
added 2026/07/07 12:51 a.m.8 views

[SECURITY] Fedora 44 Update: perl-Imager-1.032-1.fc44

Imager is a module for creating and altering images. It can read and write various image formats, draw primitive shapes like lines,and polygons, blend multiple images together in various ways, scale, crop, render text and more...

7.5CVSS5.9AI score0.00375EPSS
Exploits0
NVD
NVD
added 2026/07/03 10:16 a.m.8 views

CVE-2026-5137

The RTMKit rometheme-for-elementor plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.7 This is due to insufficient path validation on the 'template' parameter in the rendertemplates AJAX endpoint, which is used directly in a require/include statement...

4.3CVSS0.00266EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/03 9:31 a.m.8 views

CVE-2026-5137

The RTMKit rometheme-for-elementor plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.7 This is due to insufficient path validation on the 'template' parameter in the rendertemplates AJAX endpoint, which is used directly in a require/include statement...

4.3CVSS6.2AI score0.00266EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55522

Name of the Vulnerable Software and Affected Versions RTMKit versions prior to 2.0.8 Description The RTMKit rometheme-for-elementor plugin for WordPress contains a Local File Inclusion flaw. This occurs because the render templates AJAX endpoint does not properly validate the template parameter...

4.3CVSS6.2AI score0.00266EPSS
Exploits0References10
OSV
OSV
added 2026/07/02 8:44 p.m.5 views

GHSA-2V8P-FQPX-2Q3W jxl-oxide: integer subtraction overflow panic in cluster_from_table via crafted JXL input (DoS)

Summary Logic bug in decodesimpletableslow may cause integer arithmetic overflow when decoding Modular image with certain kind of MA tree, which may panic with overflow-checks enabled. Impact Denial of service: any application passing untrusted JXL data to JxlImage::renderframe or equivalent can ...

6.2CVSS5.9AI score
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:39 p.m.30 views

CVE-2026-14093

Use after free in Cast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

0.00234EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:38 p.m.21 views

CVE-2026-13937

CVE-2026-13937 concerns Google Chrome where insufficient policy enforcement in passwords handling within the Chromium-based renderer allowed a remote attacker who had already compromised the renderer to leak cross-origin data via a crafted HTML page. The vulnerability is described in multiple sou...

6.5CVSS5.8AI score0.00288EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/29 9:24 p.m.7 views

CVE-2026-46417

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.12, 21.2.13, 20.3.21, and 19.2.22, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server. The issue stems from how...

8.8CVSS5.8AI score0.00221EPSS
Exploits0References5
CVE
CVE
added 2026/06/24 9:14 p.m.12 views

CVE-2026-54067

SiYuan (prior to v3.7.0) is affected by a stored XSS in renderSnippet() where a CSS snippet containing breaks out of the surrounding tag during insertion, enabling injected JavaScript in the renderer. In Electron builds with nodeIntegration: true, this can reach Node APIs (e.g., child_process) a...

9.9CVSS6AI score0.00307EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:14 p.m.20 views

CVE-2026-54067 SiYuan: Stored XSS to RCE via CSS-snippet <style> breakout in renderSnippet()

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, CSS snippet body containing breaks out of its surrounding tag when renderSnippet interpolates it via insertAdjacentHTML. A payload like runs arbitrary JavaScript in the renderer. On Electron desktop builds the renderer...

9.9CVSS0.00307EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 7:17 p.m.10 views

CVE-2026-53946

Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, when re-rendering posts, Ghost would refetch missing image dimensions by issuing an outbound HTTP request to the URL stored on an image card — without restricting that URL to trusted image hosts. An authenticated staff user...

5.4CVSS0.00122EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 6:8 p.m.3 views

CVE-2026-53946 Ghost: Mobiledoc image-size fetch SSRF

Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, when re-rendering posts, Ghost would refetch missing image dimensions by issuing an outbound HTTP request to the URL stored on an image card — without restricting that URL to trusted image hosts. An authenticated staff user...

5.4CVSS5.9AI score0.00122EPSS
Exploits0References3
Rows per page
Query Builder