Lucene search
+L

160 matches found

NVD
NVD
added 4 days ago3 views

CVE-2026-47423

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. In 3.4.4, DOMPurify allowed selectedcontent by default, allowing browsers to re-clone an XSS payload after sanitization so that unsanitized markup inside is returned. This issue is fixed in version 3.4.5...

8.2CVSS0.00278EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/10 8:30 a.m.36 views

CVE-2026-15026 Import and export users and customers <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via email_template_selected AJAX Action

The Import and export users and customers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.0 via the emailtemplateselected. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the...

4.3CVSS0.00223EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/07/10 8:30 a.m.7 views

CVE-2026-15026

The Import and export users and customers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.0 via the emailtemplateselected. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the...

4.3CVSS6.2AI score0.00223EPSS
Exploits0References9
CVE
CVE
added 2026/07/04 7:45 p.m.22 views

CVE-2026-14649

The CVE-2026-14649 entry concerns code-projects Online Voting System 1.0. The vulnerability is in the test_input function of /saveVote.php, where manipulating the arguments voterName, voterEmail, voterID, or selectedCandidate leads to SQL injection. The flaw is exploitable remotely over the netwo...

7.5CVSS7AI score0.00269EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/04 7:45 p.m.10 views

EUVD-2026-41693

A vulnerability was detected in code-projects Online Voting System 1.0. Impacted is the function testinput of the file /saveVote.php. Performing a manipulation of the argument voterName/voterEmail/voterID/selectedCandidate results in sql injection. The attack can be initiated remotely...

7.5CVSS7AI score0.00269EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/04 7:45 p.m.9 views

CVE-2026-14649

A vulnerability was detected in code-projects Online Voting System 1.0. Impacted is the function testinput of the file /saveVote.php. Performing a manipulation of the argument voterName/voterEmail/voterID/selectedCandidate results in sql injection. The attack can be initiated remotely...

7.5CVSS7AI score0.00269EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2026/06/25 11:17 p.m.11 views

CVE-2026-40083

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+implode in managers.php. At line 756 of managers.php, the application assigns $selecteditems by calling...

7.2CVSS0.00279EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 10:39 p.m.7 views

CVE-2026-40083

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+implode in managers.php. At line 756 of managers.php, the application assigns $selecteditems by calling...

7.2CVSS6AI score0.00279EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 10:39 p.m.7 views

CVE-2026-40083

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+implode in managers.php. At line 756 of managers.php, the application assigns $selecteditems by calling...

7.2CVSS5.9AI score0.00279EPSS
Exploits1
Cvelist
Cvelist
added 2026/06/25 10:39 p.m.44 views

CVE-2026-40083 Cacti: SQL Injection in managers.php

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+implode in managers.php. At line 756 of managers.php, the application assigns $selecteditems by calling...

7.2CVSS0.00279EPSS
Exploits1References2
OSV
OSV
added 2026/06/24 7:14 a.m.4 views

CVE-2026-52926 batman-adv: clear current gateway during teardown

In the Linux kernel, the following vulnerability has been resolved: batman-adv: clear current gateway during teardown batadvgwnodefree removes the gateway list entries during mesh teardown, but it does not clear the currently selected gateway. This leaves stale gateway state behind across cleanup...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References11
Jenkins Security Advisories
Jenkins Security Advisories
added 2026/06/24 12:0 a.m.10 views

CSRF vulnerability and missing permission check in zdevops

zdevops 1.1.3.50.ve350c9b450b1 and earlier does not perform a permission check in an HTTP endpoint implementing a connection test. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

4.2CVSS5.8AI score0.0014EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/09 1:16 p.m.12 views

CVE-2016-20065

Product Catalog 8 1.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the selectedCategory parameter. Attackers can submit POST requests to the admin-ajax.php endpoint with the...

8.8CVSS0.0027EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/09 11:48 a.m.26 views

CVE-2016-20065 Product Catalog 8 1.2 Plugin WordPress SQL Injection

Product Catalog 8 1.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the selectedCategory parameter. Attackers can submit POST requests to the admin-ajax.php endpoint with the...

8.8CVSS0.0027EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/01 2:7 p.m.9 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the HTML allowlist in dist/purify.cjs.js and related build artifacts. An attacker can inject a selectedcontent element into...

8.2CVSS6.2AI score0.00278EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/27 4:12 a.m.8 views

SUSE CVE-2023-51448

Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection SQLi vulnerability within the SNMP Notification Receivers feature in the file 'managers.php'. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTT...

8.8CVSS7.4AI score0.09022EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/04/27 6:6 p.m.3 views

dompurify: DOMPurify: Cross-site scripting vulnerability allows information disclosure

A flaw was found in DOMPurify, a DOM-only cross-site scripting XSS sanitizer. Due to the default allowance of selectedcontent, a remote attacker could craft a malicious payload that, after initial sanitization, could be re-cloned by browsers, leading to the execution of unsanitized markup. This...

8.2CVSS6.1AI score0.00278EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.3 views

CVE-2026-32850

MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the SelectedIndex paramete...

5.1CVSS6AI score0.00307EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/23 7:6 p.m.4 views

CVE-2026-32850 MailEnable < 10.55 Reflected XSS via ManageShares.aspx SelectedIndex Parameter

MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the SelectedIndex paramete...

5.1CVSS6AI score0.00307EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/17 2:7 p.m.12 views

Uncontrolled recursion DoS in JustHTML() via deeply nested HTML

Summary justhtml through 1.9.1 allows denial of service via deeply nested HTML. During parsing, JustHTML.init always reaches TreeBuilder.finish, which unconditionally calls populateselectedcontent. That function recursively traverses the DOM via findelements / findelement without a depth bound,...

5.8AI score
Exploits0References3Affected Software1
Rows per page
Query Builder