Lucene search
+L

367 matches found

Nuclei
Nuclei
added 12 hours ago49 views

SlideDeck 1 Lite Content Slider - Cross-Site Scripting

SlideDeck 1 Lite Content Slider WordPress plugin = 1.4.8 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13224 inf...

6.1CVSS8AI score0.00572EPSS
Exploits1References1
OSV
OSV
added 4 days ago3 views

CVE-2026-58487 HedgeDoc: Stored HTML injection via email local-part

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to version 1.11.0, due to unsafe handling of the local-part of registered email addresses, HedgeDoc was vulnerable to stored HTML Injection through its publish and slide views. An attacker could register a...

5.1CVSS6.2AI score0.00358EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-58487 HedgeDoc: Stored HTML injection via email local-part

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to version 1.11.0, due to unsafe handling of the local-part of registered email addresses, HedgeDoc was vulnerable to stored HTML Injection through its publish and slide views. An attacker could register a...

5.1CVSS0.00358EPSS
Exploits0References1
Fedora
Fedora
added 2026/06/17 8:44 a.m.9 views

[SECURITY] Fedora 44 Update: openslide-4.0.0-14.fc44

The OpenSlide library allows programs to access virtual slide files regardless of the underlying image format...

5.3AI score
Exploits0
Fedora
Fedora
added 2026/06/17 8:26 a.m.9 views

[SECURITY] Fedora 43 Update: openslide-4.0.0-14.fc43

The OpenSlide library allows programs to access virtual slide files regardless of the underlying image format...

5.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.9 views

CVE-2026-7596

A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py of the component Slide Generator. Such manipulation leads to cross site scripting. The attack may ...

5.3CVSS3.6AI score0.00377EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/18 9:31 p.m.12 views

Summarize contains a path traversal vulnerability

Summarize prior to 0.15.0 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbitrary directories by supplying an absolute path or directory traversal sequence in the slidesDir request parameter. Attackers can exploit...

7.1CVSS5.9AI score0.00396EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2026/05/18 6:52 p.m.18 views

CVE-2026-45242

The CVE-2026-45242 vulnerability affects the Summarize tool prior to version 0.15.1, exposing a path traversal flaw in the /v1/summarize daemon endpoint. An authenticated user can supply an absolute path or directory traversal sequence in the slidesDir parameter, allowing writes of slide_*.png an...

7.1CVSS5.9AI score0.00396EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.10 views

Summarize 安全漏洞

Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.15.1 contain security vulnerabilities. These vulnerabilities stem from a path traversal issue in the /v1/summarize daemon’s endpoints. This issue could allow authenticated users t...

7.1CVSS5.8AI score0.00396EPSS
Exploits1References1
NVD
NVD
added 2026/05/01 9:16 p.m.6 views

CVE-2026-7596

A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py of the component Slide Generator. Such manipulation leads to cross site scripting. The attack may ...

5.3CVSS0.00377EPSS
Exploits0References6
OSV
OSV
added 2026/05/01 9:0 p.m.2 views

CVE-2026-7596 nextlevelbuilder ui-ux-pro-max-skill Slide Generator generate-slide.py data.get cross site scripting

A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py of the component Slide Generator. Such manipulation leads to cross site scripting. The attack may ...

5.3CVSS3.9AI score0.00377EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/01 9:0 p.m.5 views

EUVD-2026-26720

A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py of the component Slide Generator. Such manipulation leads to cross site scripting. The attack may ...

5.3CVSS4AI score0.00377EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/01 9:0 p.m.9 views

CVE-2026-7596

A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py of the component Slide Generator. Such manipulation leads to cross site scripting. The attack may ...

5.3CVSS4AI score0.00377EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/05/01 9:0 p.m.33 views

CVE-2026-7596 nextlevelbuilder ui-ux-pro-max-skill Slide Generator generate-slide.py data.get cross site scripting

A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py of the component Slide Generator. Such manipulation leads to cross site scripting. The attack may ...

5.3CVSS0.00377EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/01 9:0 p.m.6 views

CVE-2026-7596 nextlevelbuilder ui-ux-pro-max-skill Slide Generator generate-slide.py data.get cross site scripting

A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py of the component Slide Generator. Such manipulation leads to cross site scripting. The attack may ...

5.3CVSS4AI score0.00377EPSS
Exploits0References6
CVE
CVE
added 2026/05/01 9:0 p.m.26 views

CVE-2026-7596

CVE-2026-7596 affects the Nextlevelbuilder product family “ui-ux-pro-max-skill” up to version 2.5.0. The issue is in the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py within the Slide Generator component, enabling a cross-site scripting (XSS) vulnerability. ...

5.3CVSS4AI score0.00377EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.8 views

PT-2026-36548

Name of the Vulnerable Software and Affected Versions nextlevelbuilder ui-ux-pro-max-skill versions prior to 2.5.1 Description A remote cross-site scripting issue exists in the Slide Generator component. The problem occurs within the data.get function of the...

5.3CVSS5.7AI score0.00377EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.11 views

UI UX Pro Max 跨站脚本漏洞

UI UX Pro Max is Next Level Builder open source a cross-platform UI/UX intelligent design system generation tool. UI UX Pro Max 2.5.0 and earlier versions have a cross-site scripting vulnerability that originates from improper manipulation of the data.get function in the...

5.3CVSS5.5AI score0.00377EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/22 7:45 a.m.33 views

CVE-2026-5767 SlideShowPro SC <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'album' Shortcode Attribute

The SlideShowPro SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slideShowProSC shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00227EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/05 10:55 a.m.12 views

CVE-2026-0738

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sucarousel shortcode in all versions up to, and including, 7.4.8. This is due to insufficient input sanitization and output escaping in the 'suslidelink' attachment meta field...

6.4CVSS6.1AI score0.00346EPSS
Exploits0References1
Rows per page
Query Builder