Lucene search
K

351 matches found

EUVD
EUVD
added 2026/05/05 3:31 a.m.7 views

EUVD-2026-27171

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'separatorIconSVG' parameter in versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6AI score0.00152EPSS
Exploits0References3
NVD
NVD
added 2026/05/05 3:15 a.m.15 views

CVE-2026-2868

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'separatorIconSVG' parameter in versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00152EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/05 2:26 a.m.41 views

CVE-2026-2868 Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem <= 3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'separatorIconSVG'

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'separatorIconSVG' parameter in versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00152EPSS
Exploits0References2
CVE
CVE
added 2026/05/05 2:26 a.m.13 views

CVE-2026-2868

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress (versions up to 3.5.3) is vulnerable to Stored Cross-Site Scripting via the 'separatorIconSVG' parameter due to insufficient input sanitization and output escaping. Authenticated attackers with contributor-leve...

6.4CVSS6AI score0.00152EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.14 views

PT-2026-36950

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'separatorIconSVG' parameter in versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6AI score0.00152EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.13 views

WordPress plugin Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.7AI score0.00152EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/01 8:20 p.m.6 views

CVE-2026-31710

A flaw was found in the Linux kernel's Server Message Block SMB client. When mounting SMB1 UNIX shares, the system may incorrectly handle directory separators. This issue arises because flags related to POSIX Access Control Lists ACLs and paths are not properly updated, leading to the use of an...

5.5CVSS5.8AI score0.001EPSS
Exploits0References4
NVD
NVD
added 2026/05/01 2:16 p.m.8 views

CVE-2026-31710

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix dir separator in SMB1 UNIX mounts When calling cifsmountgettcon with SMB1 UNIX mounts, @cifssb-mntcifsflags needs to be read or updated only after calling resetcifsunixcaps, otherwise it might end up with missing...

5.5CVSS0.001EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/01 1:56 p.m.3 views

CVE-2026-31710

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix dir separator in SMB1 UNIX mounts When calling cifsmountgettcon with SMB1 UNIX mounts, @cifssb-mntcifsflags needs to be read or updated only after calling resetcifsunixcaps, otherwise it might end up with missing...

5.7AI score0.001EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/05/01 1:56 p.m.7 views

CVE-2026-31710

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix dir separator in SMB1 UNIX mounts When calling cifsmountgettcon with SMB1 UNIX mounts, @cifssb-mntcifsflags needs to be read or updated only after calling resetcifsunixcaps, otherwise it might end up with missing...

5.5CVSS5.7AI score0.001EPSS
Exploits0
Oracle linux
Oracle linux
added 2026/04/29 12:0 a.m.9 views

sudo security update

1.9.5p2-1.0.1.el810.5 - Fixes sudo -s unclosed sessions when usepty option used Orabug: 36952911 1.9.5p2-1.5 RHEL 8.10.0.Z ERRATUM - CVE-2026-35535 - Privilege escalation due to failure in privilege drop calls Resolves: RHEL-166060 1.9.5p2-1.3 RHEL 8.10.0.Z ERRATUM - sudo passes SHELL environment...

7.4CVSS5.2AI score0.03239EPSS
Exploits12
Hacker One
Hacker One
added 2026/04/21 10:11 p.m.7 views

Node.js: Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat

Vulnerability description not provided...

7.7CVSS5.8AI score0.00674EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/04/20 11:26 p.m.4 views

SUSE CVE-2026-32624

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in its logon processing. In environments where domainuserseparator is configured in xrdp.ini, an unauthenticated remote attacker can send a crafted, excessively long username and domain...

6.3CVSS6AI score0.00408EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/20 6:31 a.m.5 views

CVE-2026-32624

A flaw was found in xrdp, an open-source Remote Desktop Protocol RDP server. An unauthenticated remote attacker can trigger a heap-based buffer overflow by sending a crafted, excessively long username and domain name. This vulnerability exists when the domainuserseparator is explicitly configured...

6.5CVSS6AI score0.00408EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/18 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-32624

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in its logon processing. In environments where...

6.5CVSS6.1AI score0.00408EPSS
Exploits0References3
OSV
OSV
added 2026/04/17 8:16 p.m.3 views

DEBIAN-CVE-2026-32624

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in its logon processing. In environments where domainuserseparator is configured in xrdp.ini, an unauthenticated remote attacker can send a crafted, excessively long username and domain...

6.5CVSS5.9AI score0.00408EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/17 7:58 p.m.24 views

CVE-2026-32624 xrdp: Heap buffer overflow in xrdp_sec_process_logon_info() via incorrect g_strncat length calculation

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in its logon processing. In environments where domainuserseparator is configured in xrdp.ini, an unauthenticated remote attacker can send a crafted, excessively long username and domain...

6.3CVSS0.00408EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/17 7:58 p.m.8 views

CVE-2026-32624 xrdp: Heap buffer overflow in xrdp_sec_process_logon_info() via incorrect g_strncat length calculation

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in its logon processing. In environments where domainuserseparator is configured in xrdp.ini, an unauthenticated remote attacker can send a crafted, excessively long username and domain...

6.3CVSS6AI score0.00408EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/17 7:58 p.m.5 views

EUVD-2026-23506

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in its logon processing. In environments where domainuserseparator is configured in xrdp.ini, an unauthenticated remote attacker can send a crafted, excessively long username and domain...

6.3CVSS6AI score0.00408EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/04/17 7:58 p.m.5 views

CVE-2026-32624

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in its logon processing. In environments where domainuserseparator is configured in xrdp.ini, an unauthenticated remote attacker can send a crafted, excessively long username and domain...

6.5CVSS5.9AI score0.00408EPSS
Exploits0
Rows per page
Query Builder