Lucene search
K

41 matches found

Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-12108 Highlighting Code Block <= 2.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'font_family' Setting

The Highlighting Code Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS0.00208EPSS
Exploits0References8
OSV
OSV
added 2026/07/06 8:10 p.m.2 views

OPENSUSE-SU-2026:21210-1 Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues - CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers. - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251453. -...

10CVSS7AI score0.91969EPSS
Exploits3References31
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-17969

Malware in sbrugna...

7.5CVSS7.5AI score0.00346EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-11455

Malware in sbrugna...

6.1CVSS6.2AI score0.00399EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-1787

Malware in sbrugna...

7.8CVSS7.7AI score0.00567EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2009-1675

Malware in sbrugna...

2.1CVSS6.4AI score0.00379EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-23238

Malware in sbrugna...

6.1CVSS6.1AI score0.00662EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-7526

Malware in sbrugna...

6.5CVSS6.6AI score0.01433EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-0813

Malicious code in bioql PyPI...

6.5CVSS4.8AI score0.00311EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-42526

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00346EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-45600

Malicious code in bioql PyPI...

5.5CVSS5.6AI score0.00282EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-26614

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00548EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-24713

Malicious code in bioql PyPI...

4.8CVSS5.2AI score0.00994EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-42711

Malicious code in bioql PyPI...

8.2CVSS8.2AI score0.0037EPSS
Exploits0References1
CVE
CVE
added 2025/05/29 12:0 a.m.56 views

CVE-2025-45474

CVE-2025-45474 affects maccms10 v2025.1000.4047, with a Server-Side Request Forgery (SSRF) vulnerability in Email Settings. The connected sources corroborate SSRF as the issue and note limited public remediation: a temporary workaround is to restrict access to Email Settings until a patch is avai...

7.3CVSS6.6AI score0.00319EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 10:13 a.m.9 views

CVE-2024-1746

The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.4CVSS5.6AI score0.00442EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:28 a.m.9 views

CVE-2024-6225

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.5 and 7.5.1 for the Pro version due to insufficient input sanitization and output escaping. This makes it possib...

4.8CVSS5.8AI score0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:31 a.m.9 views

CVE-2023-3964

An issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for users to access composer packages on public projects that have package registry disable...

4.3CVSS6.5AI score0.00456EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:34 a.m.7 views

CVE-2022-4393

The ImageLinks Interactive Image Builder for WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5.4CVSS5.8AI score0.00471EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:30 a.m.8 views

CVE-2022-4442

The Custom Post Types and Custom Fields creator WordPress plugin before 2.3.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, i...

4.8CVSS5.8AI score0.0047EPSS
Exploits2References1
Rows per page
Query Builder