Lucene search
+L

71 matches found

NVD
NVD
added 2026/06/19 6:17 a.m.19 views

CVE-2026-12157

The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block in versions up to, and including, 4.5.3. This is due to insufficient...

6.4CVSS0.00212EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/19 4:31 a.m.12 views

EUVD-2026-37982

The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block in versions up to, and including, 4.5.3. This is due to insufficient...

6.4CVSS6AI score0.00212EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:31 a.m.6 views

CVE-2026-12157

The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block in versions up to, and including, 4.5.3. This is due to insufficient...

6.4CVSS6AI score0.00212EPSS
Exploits0References7
CVE
CVE
added 2026/06/19 4:31 a.m.27 views

CVE-2026-12157

CVE-2026-12157 affects the WordPress plugin BetterDocs (Knowledge Base Docs & FAQ Solution for Elementor & Block Editor). Versions up to 4.5.3 are vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block. Root cause: CategorySlate...

6.4CVSS6AI score0.00212EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/19 4:31 a.m.33 views

CVE-2026-12157 BetterDocs <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'blockId' Block Attribute

The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block in versions up to, and including, 4.5.3. This is due to insufficient...

6.4CVSS0.00212EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.25 views

PT-2026-50837

Name of the Vulnerable Software and Affected Versions BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor versions prior to 4.5.4 Description Stored Cross-Site Scripting occurs via the blockId attribute of the 'betterdocs/category-slate-layout' Gutenberg block. The issue...

6.4CVSS6AI score0.00212EPSS
Exploits0References13
Snyk
Snyk
added 2026/06/18 1:7 p.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the url field in Slate link or image nodes during rich-text rendering and parsing. An attacker can execute arbitrary JavaScript in the context of the user's browser by crafting content with malicious URL...

5.4CVSS5.9AI score0.00239EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/18 1:7 p.m.4 views

Cross-site Scripting (XSS)

Overview tinacms is a headless content management system with support for Markdown, MDX, JSON, YAML, and more. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the url field in Slate link or image nodes during rich-text rendering and parsing. An attacker can execut...

5.4CVSS5.9AI score0.00239EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/18 1:7 p.m.8 views

TinaCMS rich-text (slatejson) rendering does not sanitize link/image URLs, allowing stored XSS via dangerous URL schemes

TinaCMS rich-text parsing and the default link/image renderers did not sanitize the url field on Slate link/image nodes. Content containing javascript: or data:text/html URLs — including case-variant, whitespace-padded, and control-character-obfuscated forms — is rendered into href/src and execut...

4.8CVSS5.2AI score0.00239EPSS
Exploits0References3Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.19 views

PT-2026-50737

Name of the Vulnerable Software and Affected Versions @tinacms/mdx versions prior to 2.1.7 tinacms versions prior to 3.9.3 Description Rich-text parsing and the default link/image renderers fail to sanitize the url field on Slate link/image nodes. This allows content containing javascript: or...

4.8CVSS5.6AI score0.00239EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.13 views

CVE-2026-24067

Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by obtaining the client's process identifier and...

8.4CVSS5.4AI score0.00131EPSS
Exploits1References1
NVD
NVD
added 2026/06/10 12:16 p.m.16 views

CVE-2026-24067

Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by obtaining the client's process identifier and...

8.4CVSS0.00131EPSS
Exploits1References2
NVD
NVD
added 2026/06/10 12:16 p.m.16 views

CVE-2026-24066

Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by checking only the subject.OU value of the...

8.4CVSS0.00122EPSS
Exploits1References2
CVE
CVE
added 2026/06/10 11:49 a.m.32 views

CVE-2026-24067

Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool (com.slatedigital.connect.privileged.helper.tool) that exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The root cause is a PID-based client validation that is vulnerable to a time-of-check time-of-u...

8.4CVSS5.4AI score0.00131EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/10 11:49 a.m.46 views

CVE-2026-24067 Slate Digital Connect macOS XPC PID validation privilege escalation

Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by obtaining the client's process identifier and...

0.00131EPSS
Exploits1References1
CVE
CVE
added 2026/06/10 11:43 a.m.91 views

CVE-2026-24066

Slate Digital Connect 1.37.0 for macOS exposes a privileged helper tool (com.slatedigital.connect.privileged.helper.tool) that serves an XPC service (com.slatedigital.connect.privileged.helper.tool2). The root cause is that the helper validates connecting XPC clients by checking only the subject....

8.4CVSS5.4AI score0.00122EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/10 11:43 a.m.45 views

CVE-2026-24066 Slate Digital Connect macOS XPC certificate validation privilege escalation

Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by checking only the subject.OU value of the...

0.00122EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

Slate Digital Connect 安全漏洞

Slate Digital Connect is an audio plugin management and licensing client developed by Slate Digital. Version 1.37.0 of Slate Digital Connect contains a security vulnerability. This vulnerability stems from the XPC service verifying the client only based on the subject.OU value of the client’s...

8.4CVSS5.4AI score0.00122EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Slate Digital Connect 安全漏洞

Slate Digital Connect is an audio plugin management and licensing client developed by Slate Digital. Version 1.37.0 of Slate Digital Connect contains a security vulnerability. This vulnerability stems from a check-time and usage-time race condition in the PID-based client authentication process. ...

8.4CVSS5.3AI score0.00131EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.17 views

PT-2026-48401

Name of the Vulnerable Software and Affected Versions Slate Digital Connect version 1.37.0 Description The software installs a privileged helper tool, 'com.slatedigital.connect.privileged.helper.tool', which exposes the XPC service 'com.slatedigital.connect.privileged.helper.tool2'. The helper...

8.4CVSS5.1AI score0.00131EPSS
Exploits1References7
Rows per page
Query Builder