Lucene search
K

904 matches found

NVD
NVD
added 2026/04/23 2:16 a.m.5 views

CVE-2026-1923

The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.0019EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/23 1:24 a.m.33 views

CVE-2026-1923 Social Rocket – Social Sharing Plugin <= 1.3.4.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via id

The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.0019EPSS
Exploits0References2
CVE
CVE
added 2026/04/23 1:24 a.m.16 views

CVE-2026-1923

CVE-2026-1923 affects the WordPress plugin Social Rocket – Social Sharing Plugin. The vulnerability is a stored XSS via the id parameter in all versions up to and including 1.3.4.2, caused by insufficient input sanitization and output escaping. Exploitation requires authentication at Subscriber l...

6.4CVSS5.9AI score0.0019EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/23 1:24 a.m.5 views

CVE-2026-1923

The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.9AI score0.0019EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.11 views

WordPress plugin Social Rocket – Social Sharing Plugin 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.6AI score0.0019EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.7 views

PT-2026-34627

The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.9AI score0.0019EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.14 views

Rocket.Chat SQL注入漏洞

Rocket.Chat is a chat software developed by the Rocket.Chat company. Versions prior to 8.3.0, 8.2.1, 8.1.2, 8.0.3, 7.13.5, 7.12.6, 7.11.6, and 7.10.9 have a SQL injection vulnerability. This vulnerability stems from NoSQL injection and could lead to the takeover of the first user account with a...

9.8CVSS5.9AI score0.00416EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/22 11:30 p.m.7 views

CVE-2026-29198

In Rocket.Chat 8.3.0, 8.2.1, 8.1.2, 8.0.3, 7.13.5, 7.12.6, 7.11.6, and 7.10.9, a NoSQL injection vulnerability can lead to account takeover of the first user with a generated token when an OAuth app is configured...

5.8AI score0.00416EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.6 views

PT-2026-34579

In Rocket.Chat 8.3.0, 8.2.1, 8.1.2, 8.0.3, 7.13.5, 7.12.6, 7.11.6, and 7.10.9, a NoSQL injection vulnerability can lead to account takeover of the first user with a generated token when an OAuth app is configured...

5.8AI score0.00416EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/10 5:0 p.m.4 views

CVE-2026-22560

An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint...

5.9AI score0.00322EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/10 5:0 p.m.22 views

CVE-2026-22560

An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint...

0.00322EPSS
Exploits0References2
CVE
CVE
added 2026/04/10 5:0 p.m.14 views

CVE-2026-22560

CVE-2026-22560 is an open redirect vulnerability affecting Rocket.Chat prior to 8.4.0. The issue arises from manipulating parameters in the SAML endpoint to redirect users to arbitrary URLs, notably via the /_saml/sloRedirect/:provider flow where the redirect URL is placed directly in a Location ...

5.3CVSS5.9AI score0.00322EPSS
Exploits0References2Affected Software1
GithubExploit
GithubExploit
added 2026/04/10 9:16 a.m.111 views

Exploit for Special Element Injection in Rocket.Chat

Rocket.Chat CVE-2021-22911 Exploit ⚠️ DISCLAIMER - EDUCATI...

9.8CVSS7.4AI score0.95242EPSS
Exploits16
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.10 views

Rocket.Chat 安全漏洞

Rocket.Chat is a chat software developed by the Rocket.Chat company. Versions of Rocket.Chat prior to 8.4.0 contained a security vulnerability, which was caused by improper handling of SAML endpoint parameters. This vulnerability could lead to open redirection attacks...

5.3CVSS5.8AI score0.00322EPSS
Exploits0References3
Nuclei
Nuclei
added 2026/04/03 7:34 a.m.8 views

Rocket TRUfusion Enterprise - Server Side Request Forgery

Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource. id: CVE-2025-32355 info: name: Rocket TRUfusi...

7.9CVSS7.4AI score0.01249EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2026/03/31 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-32355

Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource...

7.9CVSS5.8AI score0.01249EPSS
In wildExploits1References2
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-23305

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: accel/rocket: fix unwinding in error path in rocketprobe When rocketcoreinit fails as could ...

7.1CVSS5.7AI score0.00124EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.3 views

CVE-2026-28044

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Media WP Rocket allows Stored XSS.This issue affects WP Rocket: from n/a through 3.19.4...

5.9CVSS5.2AI score0.00143EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/25 5:1 p.m.4 views

CVE-2026-23305

A flaw was found in the accel/rocket component of the Linux kernel. This vulnerability arises from improper error handling during the unwinding process in the rocketprobe function. When the rocketcoreinit function fails, the system does not correctly manage resources, leading to out-of-bounds...

5.7AI score0.00124EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/03/25 4:56 p.m.10 views

SUSE CVE-2026-23305

In the Linux kernel, the following vulnerability has been resolved: accel/rocket: fix unwinding in error path in rocketprobe When rocketcoreinit fails as could be the case with EPROBEDEFER, we need to properly unwind by decrementing the counter we just incremented and if this is the first core we...

7.1CVSS5.7AI score0.00124EPSS
Exploits0References3
Rows per page
Query Builder