Lucene search
K

579 matches found

Nuclei
Nuclei
added 15 hours ago38 views

Java-springboot-codebase 1.1 - Arbitrary File Read

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized...

8.7CVSS7.1AI score0.03847EPSS
Exploits14References5
Nuclei
Nuclei
added yesterday100 views

WordPress Woody Ad Snippets <2.2.5 - Cross-Site Scripting/Remote Code Execution

WordPress Woody Ad Snippets prior to 2.2.5 is susceptible to cross-site scripting and remote code execution via admin/includes/class.import.snippet.php, which allows unauthenticated options import as demonstrated by storing a cross-site scripting payload for remote code execution. id:...

8.8CVSS7.4AI score0.20813EPSS
Exploits2References5
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-39123

SiYuan: Stored XSS to RCE via CSS-snippet breakout in renderSnippet...

9.9CVSS6.1AI score0.00307EPSS
Exploits0References2
NVD
NVD
added 6 days ago8 views

CVE-2026-59832

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /snippets/filepath route handler serveSnippets in kernel/server/serve.go joins a single-decoded request path with the snippets directory without subpath containment or sensitive-path checks, allowing an authenticat...

7.7CVSS0.00316EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-59832

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /snippets/filepath route handler serveSnippets in kernel/server/serve.go joins a single-decoded request path with the snippets directory without subpath containment or sensitive-path checks, allowing an authenticat...

7.7CVSS6AI score0.00316EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-59832 SiYuan: Authenticated path traversal in /snippets/ static handler (serveSnippets) leaks conf/conf.json secrets and siyuan.db

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /snippets/filepath route handler serveSnippets in kernel/server/serve.go joins a single-decoded request path with the snippets directory without subpath containment or sensitive-path checks, allowing an authenticat...

7.7CVSS0.00316EPSS
Exploits0References3
CVE
CVE
added 6 days ago9 views

CVE-2026-59832

SiYuan before 3.7.1 is affected by an authenticated path traversal in the /snippets/*filepath route (serveSnippets) where the handler in kernel/server/serve.go joins a single-decoded path with the snippets directory without subpath containment or sensitive-path checks, allowing requests like /sni...

7.7CVSS6AI score0.00316EPSS
Exploits0References3
OSV
OSV
added 6 days ago5 views

CVE-2026-59832 SiYuan: Authenticated path traversal in /snippets/ static handler (serveSnippets) leaks conf/conf.json secrets and siyuan.db

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /snippets/filepath route handler serveSnippets in kernel/server/serve.go joins a single-decoded request path with the snippets directory without subpath containment or sensitive-path checks, allowing an authenticat...

7.7CVSS6.1AI score0.00316EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-57007

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.1 Description An authenticated user can read workspace secrets and the document database. This occurs because the /snippets/filepath endpoint uses the serveSnippets function in kernel/server/serve.go, which joins a...

7.7CVSS6.1AI score0.00316EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/25 1:12 p.m.5 views

CVE-2026-56049

Contributor Remote Code Execution RCE in Post Snippets = 4.0.19 versions...

8.5CVSS5.9AI score0.00351EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 1:12 p.m.5 views

EUVD-2026-39380

Contributor Remote Code Execution RCE in Post Snippets = 4.0.19 versions...

8.5CVSS5.9AI score0.00351EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:12 p.m.14 views

CVE-2026-56049

CVE-2026-56049 affects WordPress Post Snippets plugin and is a Remote Code Execution vulnerability in versions

8.5CVSS5.9AI score0.00351EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 1:12 p.m.34 views

CVE-2026-56049 WordPress Post Snippets plugin <= 4.0.19 - Remote Code Execution (RCE) vulnerability

Contributor Remote Code Execution RCE in Post Snippets = 4.0.19 versions...

8.5CVSS0.00351EPSS
Exploits0References1
NCSC
NCSC
added 2026/06/25 11:26 a.m.10 views

Vulnerabilities are handled in GitLab Community Edition and Enterprise Edition

GitLab Inc. has identified several vulnerabilities in GitLab Enterprise Edition EE and other versions of GitLab, particularly in releases from version 8.3 to 19.1.1, with a focus on versions around 18.11.6, 19.0.3, and 19.1.1. These vulnerabilities affect various components of GitLab, including t...

8.7CVSS5.8AI score0.00328EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.24 views

PT-2026-52431

Name of the Vulnerable Software and Affected Versions Post Snippets versions prior to 4.0.20 Description Remote attackers with contributor-level permissions can execute arbitrary code on the server. Recommendations Update Post Snippets to version 4.0.20 or later...

8.5CVSS6.2AI score0.00351EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.13 views

CVE-2026-7430

The Post Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.0.19. This is due to insufficient output escaping of imported snippet content when rendering JavaScript variables in the post editor. Specifically, the jqueryUiDialog method...

4.4CVSS5.9AI score0.00244EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.10 views

CVE-2026-5748

The Text Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ts shortcode in all versions up to, and including, 0.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

6.4CVSS5.7AI score0.00227EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.11 views

CVE-2026-8832

The WPCode - Insert Headers and Footers + Custom Code Snippets - WordPress Code Manager plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.3.5 This is due to the 'wpcode' custom post type being registered without a custom capabilitytype or capability...

8.8CVSS5.7AI score0.01214EPSS
Exploits2References1
NVD
NVD
added 2026/05/29 4:17 a.m.19 views

CVE-2026-7430

The Post Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.0.19. This is due to insufficient output escaping of imported snippet content when rendering JavaScript variables in the post editor. Specifically, the jqueryUiDialog method...

4.4CVSS0.00244EPSS
Exploits0References8
CVE
CVE
added 2026/05/29 2:27 a.m.25 views

CVE-2026-7430

The CVE-2026-7430 affects the Post Snippets WordPress plugin (versions up to and including 4.0.19). The root cause is insufficient output escaping when importing snippets, where content is embedded directly into JavaScript strings in WPEditor.php (jqueryUiDialog) and bypasses wp_magic_quotes(), e...

4.4CVSS6.1AI score0.00244EPSS
Exploits0References8
Rows per page
Query Builder