Lucene search
K

3866 matches found

Positive Technologies
Positive Technologies
added 2026/02/21 12:0 a.m.4 views

PT-2026-21355

Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description A flaw exists in the TeX filter administrative settings due to inadequate input sanitization, potentially leading to command injection. This issue affects systems with the TeX filter enabled a...

7.2CVSS5.9AI score0.02202EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/02/21 12:0 a.m.7 views

Tenda A21 安全漏洞

The Tenda A21 is a wireless signal extender produced by the Chinese company Tenda. Version 1.0.0.0 of the Tenda A21 contains a security vulnerability. This vulnerability stems from the formfastsettingwifiset function in the/goform/fastsettingwifiset file, where there is a stack buffer overflow du...

9CVSS7.5AI score0.00568EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.6 views

CVE-2026-2282

The Slidorion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS5.7AI score0.00237EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 12:0 a.m.8 views

CVE-2026-26747

Monica 4.1.2 is affected by a Host Header Poisoning issue caused by improper handling of the HTTP Host header in app/Providers/AppServiceProvider.php, compounded by the default app.force_url being unset/false. The app constructs absolute URLs (e.g., password reset links) using the user-supplied H...

9.1CVSS5.7AI score0.00391EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/02/19 8:25 p.m.8 views

CVE-2026-26193

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.44, aanually modifying chat history allows setting the embeds property on a response message, the content of which is loaded into an iFrame with a sandbox that has allow-scripts...

7.3CVSS0.00198EPSS
Exploits1References2
CVE
CVE
added 2026/02/19 9:26 a.m.15 views

CVE-2026-2716

CVE-2026-2716 concerns the WordPress plugin Client Testimonial Slider (WP). It describes a Stored Cross-Site Scripting (XSS) vulnerability via the Testimonial Heading setting, affecting all versions up to and including 2.0. The root cause is insufficient input sanitization and output escaping, en...

4.4CVSS5.7AI score0.00189EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/19 9:26 a.m.3 views

CVE-2026-2716 Client Testimonial Slider <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Testimonial Heading' Setting

The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Testimonial Heading' setting in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS5.7AI score0.00189EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/19 8:59 a.m.6 views

CVE-2026-26046

A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled and ImageMagick is installed, a maliciously crafted setting value entered by an administrator coul...

7.2CVSS5.5AI score0.02202EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/02/19 12:20 a.m.9 views

WordPress Client Testimonial Slider plugin <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Testimonial Heading' Setting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'Testimonial Heading' Setting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Client Testimonial Slider versions = 2.0...

4.4CVSS5.5AI score0.00189EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/02/18 10:49 p.m.27 views

CVE-2026-25548 InvoicePlane Vulnerable to Remote Code Execution via Local File Inclusion and Log Poisoning

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A critical Remote Code Execution RCE vulnerability exists in InvoicePlane 1.7.0 through a chained Local File Inclusion LFI and Log Poisoning attack. An authenticated administrator can execute...

9.1CVSS0.00774EPSS
Exploits2References2
OSV
OSV
added 2026/02/18 10:7 p.m.3 views

GHSA-GQX7-99JW-6FPR LibreNMS affected by reflected xss via email field

Summary reflected xss via email field Details 1. visit http://127.0.0.1/settings/alerting/email 2. in the email address input but this payload 3. notice the alert PoC - video attached with the report https://github.com/user-attachments/assets/c1b443f5-85c6-4545-b04f-def06d82b42e Impact can lead t...

5.3CVSS5.5AI score0.00291EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/02/18 6:42 a.m.3 views

CVE-2026-2281 Private Comment <= 0.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Label Text Setting

The Private Comment plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Label text' setting in all versions up to, and including, 0.0.4. This is due to insufficient input sanitization and output escaping on the plugin's label text option. This makes it possible for...

4.4CVSS5.7AI score0.00244EPSS
Exploits0References4
CVE
CVE
added 2026/02/18 6:42 a.m.14 views

CVE-2026-2281

CVE-2026-2281 affects the WordPress plugin Private Comment . It is a Stored Cross-Site Scripting (XSS) via the “Label text” setting, in all versions up to 0.0.4. Attack requires authenticated Administrator+ access and applies on multisite installations or where unfiltered_html is disabled. The vu...

4.4CVSS5.7AI score0.00244EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/02/18 12:12 a.m.8 views

WordPress Private Comment plugin <= 0.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Label Text Setting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Label Text Setting vulnerability discovered by Supoj Polsawas sp0x5ec in WordPress Plugin Private Comment versions = 0.0.4...

4.4CVSS5.5AI score0.00244EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.7 views

PT-2026-20314

The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'download path' configuration parameter. This is due to insufficient validation of the download path setting, which allows directory traversal sequences to bypass the WP...

2.7CVSS5.7AI score0.00718EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/02/16 12:25 a.m.6 views

SUSE CVE-2026-23183

In the Linux kernel, the following vulnerability has been resolved: cgroup/dmem: fix NULL pointer dereference when setting max An issue was triggered: BUG: kernel NULL pointer dereference, address: 0000000000000000 PF: supervisor read access in kernel mode PF: errorcode0x0000 - not-present page P...

5.2AI score0.00155EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/16 12:0 a.m.3 views

CVE-2025-65715

An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace...

6.1AI score0.00322EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/16 12:0 a.m.29 views

CVE-2025-65715

An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace...

0.00322EPSS
Exploits1References2
NVD
NVD
added 2026/02/14 5:15 p.m.5 views

CVE-2026-23183

In the Linux kernel, the following vulnerability has been resolved: cgroup/dmem: fix NULL pointer dereference when setting max An issue was triggered: BUG: kernel NULL pointer dereference, address: 0000000000000000 PF: supervisor read access in kernel mode PF: errorcode0x0000 - not-present page P...

0.00155EPSS
Exploits0References2
OSV
OSV
added 2026/02/14 5:15 p.m.3 views

UBUNTU-CVE-2026-23181

In the Linux kernel, the following vulnerability has been resolved: btrfs: sync read disk super and set block size When the user performs a btrfs mount, the block device is not set correctly. The user sets the block size of the block device to 0x4000 by executing the BLKBSZSET command. Since the...

5.9AI score0.00156EPSS
Exploits0References5
Rows per page
Query Builder