Lucene search
K

1478 matches found

Patchstack
Patchstack
added 2026/05/27 2:55 p.m.13 views

WordPress Timetable and Event Schedule by MotoPress plugin <= 2.4.16 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin Timetable and Event Schedule versions = 2.4.16...

4.3CVSS5.8AI score0.00218EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/27 2:16 a.m.18 views

CVE-2026-7493

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to denial of service in all versions up to, and including, 1.6.11.5. This is due to a publicly accessible REST API endpoint /wp-json/ssa/v1/async that calls PHP's sleep function on a...

5.3CVSS0.0035EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.16 views

PT-2026-44098

Name of the Vulnerable Software and Affected Versions Gladinet Triofox Cloud Server Agent affected versions not specified Description Improper handling of remote HTTP messages in the GladServerAgentService.exe, which listens on TCP port 7878, allows unauthenticated attackers to potentially gain...

9.8CVSS5.9AI score0.00305EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/26 7:46 p.m.37 views

CVE-2026-48593 Unbounded range expansion in cron describe causes memory exhaustion in oban_web

Uncontrolled Resource Consumption vulnerability in oban-bg obanweb 'Elixir.Oban.Web.CronExpr' modules allows memory exhaustion via unbounded cron range expansion. An attacker with access to schedule cron jobs can submit a malicious cron expression such as "0 0 1-100000000 ". When a user with...

5.9CVSS0.00341EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/24 2:30 p.m.11 views

EUVD-2026-31544

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. The impacted element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument mode can lead to os command injection. It is possible to...

10CVSS7.1AI score0.0209EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iouring: A schedule point was added in ioaddbuffers. Looping 65535 times and making kmalloc calls can trigger soft lockups, especially with DEBUG features like KASAN. 253.536212 watchdog: BUG: Soft lockup – CPU64 stuck for 26...

3.3CVSS5.8AI score0.0016EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: BPF: Added schedule points in batch operations. SYZbot reported various soft lockups caused by BPF batch operations. INFO: Task kworker/1:1:27 was blocked for more than 140 seconds. INFO: Task hung during the rcubarrier...

3.3CVSS6AI score0.00201EPSS
Exploits0References2
NVD
NVD
added 2026/05/19 2:16 p.m.15 views

CVE-2025-40903

A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim views the affected...

5.9CVSS0.00194EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 1:22 p.m.13 views

CVE-2025-40903 HTML injection in Schedule Restore Archive in Guardian/CMC before 26.1.0

A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim views the affected...

5.9CVSS5.8AI score0.00194EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/19 1:22 p.m.10 views

EUVD-2025-209896

A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim views the affected...

5.9CVSS5.8AI score0.00194EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 1:22 p.m.6 views

CVE-2025-40903

A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim views the affected...

5.9CVSS5.8AI score0.00194EPSS
Exploits0References2
CVE
CVE
added 2026/05/19 1:22 p.m.20 views

CVE-2025-40903

Summary (technical details from sources): CVE-2025-40903 affects Guardian/CMC prior to version 26.1.0, in the Schedule Restore Archive function. A stored HTML injection flaw arises from improper validation of an input parameter in a restore schedule defined by an authenticated administrator. When...

5.9CVSS5.8AI score0.00194EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2026/05/19 1:22 p.m.38 views

CVE-2025-40903 HTML injection in Schedule Restore Archive in Guardian/CMC before 26.1.0

A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim views the affected...

5.9CVSS0.00194EPSS
Exploits0References1
NOZOMI
NOZOMI
added 2026/05/19 12:0 a.m.23 views

HTML injection in Schedule Restore Archive in Guardian/CMC before 26.1.0

Summary A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. Impact An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim view...

5.9CVSS5.8AI score0.00194EPSS
Exploits0Affected Software2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.12 views

PT-2026-41890

A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim views the affected...

5.9CVSS5.8AI score0.00194EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 10:24 p.m.40 views

CVE-2026-43680

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operating system commands on the underlying host. This issue is fixed in FileMaker Cloud 2.22.0.5...

0.00461EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 10:24 p.m.19 views

CVE-2026-43680

CVE-2026-43680 describes a remote code execution in Claris FileMaker Cloud where an Admin Console user could bypass a front-end restriction on OS Script schedule types and run arbitrary OS commands on the host. Documented impact suggests total compromise with HIGH confidentiality, integrity, and ...

7.2CVSS6.1AI score0.00461EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/12 10:24 p.m.7 views

CVE-2026-43680

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operating system commands on the underlying host. This issue is fixed in FileMaker Cloud 2.22.0.5...

6.1AI score0.00461EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 10:22 p.m.13 views

CVE-2026-43878

WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/Meet/iframe.php echoes the attacker-controlled user and pass query parameters unescaped into a JavaScript double-quoted string literal inside a block. An attacker who sends a victim to a crafted URL can bre...

6.1CVSS0.00225EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/11 8:35 p.m.9 views

CVE-2026-43878 WWBN AVideo: Reflected XSS in plugin/Meet/iframe.php via Unescaped `user`/`pass` Parameters Reflected into JavaScript String Literal

WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/Meet/iframe.php echoes the attacker-controlled user and pass query parameters unescaped into a JavaScript double-quoted string literal inside a block. An attacker who sends a victim to a crafted URL can bre...

6.1CVSS6AI score0.00225EPSS
Exploits0References2
Rows per page
Query Builder