Lucene search
K

190 matches found

Debian CVE
Debian CVE
added 2026/03/26 7:40 p.m.3 views

CVE-2026-32287

Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true"...

7.5CVSS6AI score0.00519EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/03/26 7:40 p.m.4 views

CVE-2026-32287

Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true"...

5.8AI score0.00519EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.10 views

PT-2026-28438

Name of the Vulnerable Software and Affected Versions versions prior to 2026-32287 Description Boolean XPath expressions that evaluate to true can cause an infinite loop within the logicalQuery.Select function, resulting in 100% CPU utilization. This condition can be initiated by top-level...

9.8CVSS5.9AI score0.00519EPSS
Exploits1References276
RedhatCVE
RedhatCVE
added 2026/01/29 9:24 a.m.10 views

CVE-2025-12709

The Interactions – Create Interactive Experiences in the Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via event selectors in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6AI score0.00218EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/28 6:43 a.m.34 views

CVE-2025-12709 Interactions – Create Interactive Experiences in the Block Editor <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Interactions – Create Interactive Experiences in the Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via event selectors in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00218EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.17 views

WordPress Plugin Interactions: Cross-Site Script Vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

6.4CVSS5.7AI score0.00218EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 9 : redis:7 (AXSA:2025-9608:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9608:01 advisory. redis: Redis' Lua library commands may lead to remote code execution CVE-2024-46981 redis: Redis allows denial-of-service due to malformed ACL...

9.8CVSS9.2AI score0.07934EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 9 : redis:7 (AXSA:2024-9438:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9438:01 advisory. redis: Redis SORTRO may bypass ACL configuration CVE-2023-41053 redis: possible bypass of Unix socket permissions on startup CVE-2023-45145 redis:...

8.8CVSS8.6AI score0.04488EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/01/09 11:22 a.m.4 views

CVE-2021-22101

Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of ServiceDoS vulnerability allowing unauthenticated attackers to cause denial of service by using REST HTTP requests with labelselectors on multiple V3 endpoints by generating an enormous SQL query...

7.5CVSS7.5AI score0.00972EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:45 a.m.9 views

CVE-2022-0969

The Image optimization & Lazy Load by Optimole WordPress plugin before 3.3.2 does not sanitise and escape its "Lazyload background images for selectors" settings, which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfilteredhtml capability i...

4.8CVSS6.2AI score0.0073EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:53 a.m.7 views

CVE-2020-10242

An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks...

6.1CVSS6AI score0.0096EPSS
Exploits0References1
Veracode
Veracode
added 2025/12/11 7:17 a.m.8 views

Incomplete Filtering

validator is vulnerable to Incomplete Filtering.The vulnerability is due to improper handling of Unicode variation selectors \uFE0F, \uFE0E, where these characters are not counted toward string length, allowing attackers to submit inputs far longer than intended and potentially causing data...

8.7CVSS7.2AI score0.00454EPSS
Exploits2References4Affected Software1
GithubExploit
GithubExploit
added 2025/12/11 3:10 a.m.450 views

Exploit for CVE-2025-12758

CVE-2025-12758: Validator.js isLength Unicode Variation Sele...

8.7CVSS6.8AI score0.00454EPSS
Exploits2
Snyk
Snyk
added 2025/12/02 6:50 a.m.1 views

Malicious Package

Overview chain-selectors is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
EUVD
EUVD
added 2025/11/29 5:20 p.m.4 views

EUVD-2025-199912

Malicious code in chain-selectors npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/29 5:20 p.m.8 views

Malicious code in chain-selectors (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fb7c7965dde4649d4adda7307f395134f22ed654c9a20b2c7dc9ea1b0c1dad9 The package chain-selectors was found to contain malicious code. Source: ghsa-malware 5632dc92ff1221e72c077781c43c1482a1a40fd5c703f95dd209890a4aa7941...

7AI score
Exploits0References1
OSV
OSV
added 2025/11/29 5:20 p.m.6 views

MAL-2025-191487 Malicious code in chain-selectors (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fb7c7965dde4649d4adda7307f395134f22ed654c9a20b2c7dc9ea1b0c1dad9 The package chain-selectors was found to contain malicious code. Source: ghsa-malware 5632dc92ff1221e72c077781c43c1482a1a40fd5c703f95dd209890a4aa7941...

7AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/28 6:3 a.m.7 views

CVE-2025-12758

Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength function that does not take into account Unicode variation selectors \uFE0F, \uFE0E appearing in a sequence which lead to improper string length...

8.7CVSS7.1AI score0.00454EPSS
Exploits2References1
EUVD
EUVD
added 2025/11/27 6:31 a.m.5 views

EUVD-2025-199795

Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength function that does not take into account Unicode variation selectors \uFE0F, \uFE0E appearing in a sequence which lead to improper string length...

8.7CVSS6.6AI score0.00454EPSS
Exploits2References4
OSV
OSV
added 2025/11/27 6:31 a.m.7 views

GHSA-VGHF-HV5Q-VC2G Validator is Vulnerable to Incomplete Filtering of One or More Instances of Special Elements

Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength function that does not take into account Unicode variation selectors \uFE0F, \uFE0E appearing in a sequence which lead to improper string length...

8.7CVSS7.1AI score0.00454EPSS
Exploits2References7
Rows per page
Query Builder