Lucene search
K

55 matches found

GithubExploit
GithubExploit
added 2026/04/24 10:15 a.m.130 views

Exploit for CVE-2026-3844

CVE-2026-3844 Breeze Cache ≤ 2.4.4 - Unauthenticated Arbitrary...

9.8CVSS6.1AI score0.36512EPSS
Exploits8
RedhatCVE
RedhatCVE
added 2026/04/13 7:23 p.m.4 views

CVE-2026-5217

The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.2. This is due to insufficient input sanitization and output escaping on the user-supplied 's'...

7.2CVSS6AI score0.00438EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/13 11:1 a.m.5 views

WordPress Optimole plugin <= 4.2.2 - Unauthenticated Stored Cross-Site Scripting via Srcset Descriptor Parameter vulnerability

Unauthenticated Stored Cross-Site Scripting via Srcset Descriptor Parameter vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin Optimole versions = 4.2.2...

7.2CVSS5.8AI score0.00438EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/11 3:30 a.m.2 views

EUVD-2026-21662

The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.2. This is due to insufficient input sanitization and output escaping on the user-supplied 's'...

7.2CVSS6AI score0.00438EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/04/11 1:24 a.m.3 views

CVE-2026-5217 Optimole <= 4.2.2 - Unauthenticated Stored Cross-Site Scripting via Srcset Descriptor Parameter

The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.2. This is due to insufficient input sanitization and output escaping on the user-supplied 's'...

7.2CVSS6AI score0.00438EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/11 1:24 a.m.30 views

CVE-2026-5217 Optimole <= 4.2.2 - Unauthenticated Stored Cross-Site Scripting via Srcset Descriptor Parameter

The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.2. This is due to insufficient input sanitization and output escaping on the user-supplied 's'...

7.2CVSS0.00438EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/04/11 1:24 a.m.3 views

CVE-2026-5217

The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.2. This is due to insufficient input sanitization and output escaping on the user-supplied 's'...

7.2CVSS6AI score0.00438EPSS
Exploits0References8
CVE
CVE
added 2026/04/11 1:24 a.m.16 views

CVE-2026-5217

The CVE covers the WordPress plugin Optimole (versions up to 4.2.2). It is vulnerable to an unauthenticated stored XSS via the srcset descriptor parameter (s) in the REST endpoint /wp-json/optimole/v1/optimizations. Root cause: insufficient input sanitization and output escaping, where sanitize_t...

7.2CVSS6AI score0.00438EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/11 12:0 a.m.5 views

PT-2026-32091

The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.2. This is due to insufficient input sanitization and output escaping on the user-supplied 's'...

7.2CVSS6AI score0.00438EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-45501

Malicious code in bioql PyPI...

7.1CVSS8.7AI score0.00275EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-8372

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a...

4.8CVSS6.3AI score0.00574EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-8373

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper sanitization of the value of the srcset attribute in HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can...

4.8CVSS6.2AI score0.00599EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/02/05 3:26 a.m.4 views

CVE-2024-51702

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ben.moody SrcSet Responsive Images for WordPress truenorth-srcset allows Reflected XSS.This issue affects SrcSet Responsive Images for WordPress: from n/a through = 1.4...

7.1CVSS7.2AI score0.00275EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2025/02/03 8:47 a.m.2 views

Security update for wget

This update for wget fixes the following issues: CVE-2024-38428: Fix mishandled semicolons in the userinfo subcomponent of a URI. bsc1226419 Update to GNU wget 1.24.5: Fix how subdomain matches are checked for HSTS. Wget will now also parse the srcset attribute in HTML tags Support reading...

6.2CVSS7.1AI score0.00672EPSS
Exploits0References4
OSV
OSV
added 2025/02/03 8:47 a.m.5 views

SUSE-SU-2025:20010-1 Security update for wget

This update for wget fixes the following issues: - CVE-2024-38428: Fix mishandled semicolons in the userinfo subcomponent of a URI. bsc1226419 - Update to GNU wget 1.24.5: Fix how subdomain matches are checked for HSTS. Wget will now also parse the srcset attribute in HTML tags Support reading...

9.1CVSS7.3AI score0.00672EPSS
Exploits0References3
NVD
NVD
added 2024/11/09 1:15 p.m.26 views

CVE-2024-51702

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ben.moody SrcSet Responsive Images for WordPress truenorth-srcset allows Reflected XSS.This issue affects SrcSet Responsive Images for WordPress: from n/a through = 1.4...

7.1CVSS0.00275EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/09 12:34 p.m.13 views

CVE-2024-51702 WordPress SrcSet Responsive Images for WordPress plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ben.moody SrcSet Responsive Images for WordPress truenorth-srcset allows Reflected XSS.This issue affects SrcSet Responsive Images for WordPress: from n/a through = 1.4...

7.1CVSS7.2AI score0.00275EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/09 12:34 p.m.20 views

CVE-2024-51702 WordPress SrcSet Responsive Images for WordPress plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ben.moody SrcSet Responsive Images for WordPress truenorth-srcset allows Reflected XSS.This issue affects SrcSet Responsive Images for WordPress: from n/a through = 1.4...

7.1CVSS0.00275EPSS
Exploits0References1
CVE
CVE
added 2024/11/09 12:34 p.m.42 views

CVE-2024-51702

CVE-2024-51702: SrcSet Responsive Images for WordPress is affected by a Reflected XSS (Improp er Neutralization of Input During Web Page Generation) in the plugin’s input handling. Affected version: SrcSet Responsive Images for WordPress up to 1.4. Exploitation details and remediation/version fix...

7.1CVSS7.2AI score0.00275EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/09 12:0 a.m.2 views

PT-2024-34849 · WordPress · Srcset Responsive Images

Name of the Vulnerable Software and Affected Versions: SrcSet Responsive Images for WordPress versions 1.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS attacks...

7.1CVSS5.8AI score0.00275EPSS
Exploits0References5
Rows per page
Query Builder