Lucene search
K

3385 matches found

NVD
NVD
added 5 hours ago2 views

CVE-2026-57349

Unauthenticated Cross Site Scripting XSS in WPeMatico RSS Feed Fetcher = 2.8.17 versions...

7.1CVSS
Exploits0References1
CVE
CVE
added 6 hours ago5 views

CVE-2026-57349

CVE-2026-57349 affects the WordPress plugin WPeMatico RSS Feed Fetcher (versions

7.1CVSS5.8AI score
Exploits0References1
NVD
NVD
added 7 hours ago5 views

CVE-2026-13252

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'aspectRatio' Attribute in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. Th...

6.4CVSS
Exploits0References6
NVD
NVD
added 7 hours ago5 views

CVE-2026-13251

The Perfmatters plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.4 via the 's' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information...

7.5CVSS
Exploits0References3
Nuclei
Nuclei
added 8 hours ago117 views

Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE

The Import XML and RSS Feeds WordPress plugin before 2.1.5 allows unauthenticated attackers to execute arbitrary commands via a web shell. id: CVE-2023-4521 info: name: Import XML and RSS Feeds 2.1.5 - Unauthenticated RCE author: princechaddha severity: critical description: The Import XML and RS...

9.8CVSS7.6AI score0.39554EPSS
Exploits2References1
Nuclei
Nuclei
added 8 hours ago27 views

Changedetection.io RSS Single Watch - Cross-Site Scripting

changedetection.io 0.54.1 contains a stored XSS caused by unescaped reflection of UUID path parameter in RSS single-watch endpoint, letting remote attackers execute JavaScript in victim's browser, exploit requires victim to visit crafted URL. id: CVE-2026-27645 info: name: Changedetection.io RSS...

6.1CVSS5.9AI score0.00445EPSS
Exploits1References3
Nuclei
Nuclei
added 8 hours ago25 views

Cross RSS 1.7 - Local File Inclusion

Absolute path traversal vulnerability in Cross-RSS wp-cross-rss plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php. id: CVE-2014-4941 info: name: Cross RSS 1.7 - Local File Inclusion author: DhiyaneshDK severity: medium...

5CVSS7.5AI score0.04306EPSS
Exploits1References3
Patchstack
Patchstack
added yesterday4 views

WordPress RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin <= 5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by PRISM in WordPress Plugin Feedzy versions = 5.2.1...

6.4CVSS5.8AI score
Exploits0References1Affected Software1
NVD
NVD
added 3 days ago7 views

CVE-2026-57946

Invidious before version 2.20260626.0 contains a broken access control vulnerability that allows unauthenticated attackers to retrieve private playlist contents by accessing the RSS feed playlist endpoint without authentication. Attackers can supply a playlist ID to the feed endpoint to obtain th...

6.3CVSS0.00272EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-57940

HTMLy 3.1.1 contains a Server-Side Request Forgery SSRF vulnerability in the RSS feed import functionality. The function getfeed in system/admin/admin.php passes user-supplied $feedurl directly to filegetcontents without any validation. An authenticated attacker with administrative privileges can...

2.1CVSS0.00229EPSS
Exploits0References1
CVE
CVE
added 6 days ago11 views

CVE-2026-57940

CVE-2026-57940 affects HTMLy 3.1.1 and describes an SSRF in the RSS feed import. The vulnerable code path is get_feed() in system/admin/admin.php, which passes user-supplied feed_url directly to file_get_contents() without validation. An authenticated admin can exploit this by supplying a crafted...

2.1CVSS5.8AI score0.00229EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 6 days ago8 views

Oracle Linux 9 : kernel (ELSA-2026-27789)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-27789 advisory. - net/sched: fix pedit partial COW leading to page cache corruption Ivan Vecera RHEL-177392 CVE-2026-46331 - scsi: qla2xxx: Completely fix fcport doub...

9.8CVSS7.2AI score0.00563EPSS
Exploits13References18
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 5:32 p.m.3 views

Security Bulletin: SSRF Vulnerability in Langflow OSS Legacy Components Bypasses Protection

Summary Langflow OSS versions = 1.9.3 contain SSRF vulnerability in legacy RSS Reader and SearXNG components that bypass SSRF protection introduced in v1.9.3. RSSReaderComponent calls requests.getself.rssurl directly on user input without validateurlforssrf check, completely bypassing protection...

8.2CVSS5.9AI score0.0021EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.10 views

RockyLinux 9 : kernel (RLSA-2026:27789)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:27789 advisory. kernel: can: isotp: fix tx.buf use-after-free in isotpsendmsg CVE-2026-31474 kernel: mptcp: fix slab-use-after-free in inetlookupestablished...

9.8CVSS7.1AI score0.004EPSS
Exploits9References35
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: iavf: Fixed off-by-one issues in iavfconfigrssreg There are off-by-one bugs when configuring the RSS hash key and lookup table, causing out-of-bounds reads to memory 1 and out-of-bounds writes to device registers. Before commi...

5.5CVSS6AI score0.00114EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/22 10:59 a.m.5 views

kernel: bnxt_en: Fix RSS context delete logic

A flaw was found in the bnxten driver of the Linux kernel. An issue in the RSS Receive Side Scaling context deletion logic can lead to a leak of VNICs Virtual Network Interface Controllers in the firmware. This can cause subsequent attempts to create new VNICs to fail, resulting in the loss of...

7.8CVSS7AI score0.00138EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: idpf: Fix RSS LUT NULL pointer crash on early ethtool operations The RSS LUT is not initialized until the interface comes up, causing the following NULL pointer crash when ethtool operations like rxhash on/off are performed befor...

5.5CVSS5.8AI score0.00115EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bnxten: A memory out-of-bounds issue was fixed in bnxtfillhwrsstbl. A recent commit modified the code in bnxtreserverings to set the default RSS indirection table to the default value only when the number of RX rings is changing...

5.5CVSS5.8AI score0.0018EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: idpf: Fixed the issue where the RSS LUT NULL pointer dereference occurred after a soft reset. During a soft reset, the RSS LUT is freed and not restored unless the interface is active. If an ethtool command that accesses the R...

5.5CVSS5.4AI score0.00115EPSS
Exploits0References1
OSV
OSV
added 2026/06/19 12:0 a.m.5 views

ALSA-2026:27288 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: isotp: fix tx.buf use-after-free in isotpsendmsg CVE-2026-31474 kernel: mptcp: fix slab-use-after-free in inetlookupestablished CVE-2026-31669 kernel: rxrpc: Fix RxGK token loading t...

9.8CVSS6.6AI score0.004EPSS
Exploits9References32
Rows per page
Query Builder