Lucene search
K

8 matches found

EUVD
EUVD
added 2026/06/24 5:33 a.m.9 views

EUVD-2026-38681

The 24liveblog - live blog tool plugin for WordPress is vulnerable to Exposure of Sensitive Information in versions up to, and including, 2.2. This is due to the lb24blockenqueuescripts function being hooked to enqueueblockeditorassets and, for any non-administrator user, falling back to loading...

4.3CVSS5.8AI score0.0021EPSS
Exploits0References3
NVD
NVD
added 2026/05/20 5:16 a.m.40 views

CVE-2026-5075

The All in One SEO plugin for WordPress is vulnerable to Sensitive Information Exposure via 'internalOptions' localized script data in versions up to, and including, 4.9.7 due to sensitive internal option data being passed to wplocalizescript in post editor contexts without effective masking for...

4.3CVSS0.00285EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/20 3:28 a.m.43 views

CVE-2026-5075 All in One SEO <= 4.9.7 - Authenticated (Contributor+) Sensitive Information Exposure via 'internalOptions' Localized Script Data

The All in One SEO plugin for WordPress is vulnerable to Sensitive Information Exposure via 'internalOptions' localized script data in versions up to, and including, 4.9.7 due to sensitive internal option data being passed to wplocalizescript in post editor contexts without effective masking for...

4.3CVSS0.00285EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/20 3:28 a.m.15 views

CVE-2026-5075

The All in One SEO plugin for WordPress is vulnerable to Sensitive Information Exposure via 'internalOptions' localized script data in versions up to, and including, 4.9.7 due to sensitive internal option data being passed to wplocalizescript in post editor contexts without effective masking for...

4.3CVSS5.8AI score0.00285EPSS
Exploits0References3
OSV
OSV
added 2026/04/22 6:31 p.m.14 views

GHSA-M2PG-C7M6-77PJ uutils coreutils has an Improper Input Validation Issue in its cut Utility

A logic error in the cut utility of uutils coreutils causes the program to incorrectly interpret the literal two-byte string '' two single quotes as an empty delimiter. The implementation mistakenly maps this string to the NUL character for both the -d delimiter and --output-delimiter options. Th...

5.5CVSS5.8AI score0.00157EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/04/08 6:1 p.m.20 views

CVE-2026-34718 Zammad improperly neutralizes of script-related HTML tags in ticket articles

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the HTML sanitizer for ticket articles was missing proper sanitization of data: ... URI schemes, resulting in storing such malicious content in the database of the Zammad instance. The Zammad GUI is...

5.3CVSS0.00149EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-1999-0833

Malware in sbrugna...

7.2CVSS6.4AI score0.00348EPSS
Exploits0References2
Spring Security Advisories
Spring Security Advisories
added 2014/01/14 12:0 a.m.8 views

Possible XSS when using Spring MVC

The JavaScriptUtils.javaScriptEscape method did not escape all characters that are sensitive within either a JS single quoted string, JS double quoted string, or HTML script data context. In most cases this will result in an unexploitable parse error but in some cases it could result in an XSS...

5.4CVSS6.5AI score0.03198EPSS
Exploits0References2
Rows per page
Query Builder