Lucene search
+L

2928 matches found

redhatcve
redhatcve
added 2026/06/05 7:19 p.m.11 views

CVE-2026-5231

The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utmsource' parameter in all versions up to, and including, 14.16.4. This is due to insufficient input sanitization and output escaping. The plugin's referral parser copies the raw utmsource value into the...

7.2CVSS5.7AI score0.00476EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:13 p.m.10 views

CVE-2026-48839

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VeronaLabs WP Statistics allows DOM-Based XSS. This issue affects WP Statistics: from n/a through 14.16.6...

7.1CVSS5.4AI score0.00212EPSS
Exploits0References1
euvd
euvd
added 2026/06/04 12:30 a.m.19 views

EUVD-2026-34188

Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...

8.2CVSS5.8AI score0.00344EPSS
Exploits0References3
nvd
nvd
added 2026/06/03 6:16 p.m.17 views

CVE-2026-36603

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 exposes 15 of 18 UPnP IGD actions without authentication on port 1900, including AddPortMapping and GetExternalIPAddress. UPnP is enabled by default through the admin interface, allowing any unauthenticated LAN device to create arbitrary...

8.1CVSS0.00211EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/06/03 12:0 a.m.10 views

Mercusys AC12G 安全漏洞

The Mercusys AC12G is a Gigabit wireless router produced by the Chinese company Mercusys. The Mercusys AC12G EU V1 AC12G EU V1 version has security vulnerabilities. These vulnerabilities stem from unvalidated UPnP IGD operations, which may allow unauthenticated LAN devices to create arbitrary por...

8.1CVSS5.5AI score0.00211EPSS
Exploits0References1
euvd
euvd
added 2026/06/03 12:0 a.m.20 views

EUVD-2026-34142

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 exposes 15 of 18 UPnP IGD actions without authentication on port 1900, including AddPortMapping and GetExternalIPAddress. UPnP is enabled by default through the admin interface, allowing any unauthenticated LAN device to create arbitrary...

5.9AI score0.00211EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/03 12:0 a.m.10 views

CVE-2026-36603

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 exposes 15 of 18 UPnP IGD actions without authentication on port 1900, including AddPortMapping and GetExternalIPAddress. UPnP is enabled by default through the admin interface, allowing any unauthenticated LAN device to create arbitrary...

5.9AI score0.00211EPSS
Exploits0References1
wordfence
wordfence
added 2026/06/02 4:36 p.m.12 views

Attackers Actively Exploiting Critical Vulnerability in Burst Statistics Plugin

On May 13th, 2026, we publicly disclosed a critical Authentication Bypass vulnerability in Burst Statistics, a WordPress plugin with 200,000 active installations. This vulnerability can be leveraged by unauthenticated attackers, with knowledge of an administrator username, to impersonate that...

9.8CVSS5.8AI score0.14608EPSS
Exploits11
nvd
nvd
added 2026/06/01 3:16 p.m.18 views

CVE-2026-48839

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VeronaLabs WP Statistics allows DOM-Based XSS. This issue affects WP Statistics: from n/a through 14.16.6...

7.1CVSS0.00212EPSS
Exploits0References1
euvd
euvd
added 2026/06/01 2:43 p.m.15 views

EUVD-2026-33652

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VeronaLabs WP Statistics allows DOM-Based XSS. This issue affects WP Statistics: from n/a through 14.16.6...

7.1CVSS5.8AI score0.00212EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/01 2:43 p.m.16 views

CVE-2026-48839 WordPress WP Statistics plugin <= 14.16.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VeronaLabs WP Statistics allows DOM-Based XSS. This issue affects WP Statistics: from n/a through 14.16.6...

7.1CVSS5.8AI score0.00212EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/01 2:43 p.m.16 views

CVE-2026-48839

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VeronaLabs WP Statistics allows DOM-Based XSS. This issue affects WP Statistics: from n/a through 14.16.6...

7.1CVSS5.8AI score0.00212EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/01 2:43 p.m.33 views

CVE-2026-48839 WordPress WP Statistics plugin <= 14.16.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VeronaLabs WP Statistics allows DOM-Based XSS. This issue affects WP Statistics: from n/a through 14.16.6...

7.1CVSS0.00212EPSS
Exploits0References1
cve
cve
added 2026/06/01 2:43 p.m.38 views

CVE-2026-48839

CVE-2026-48839 affects the WordPress WP Statistics plugin

7.1CVSS5.8AI score0.00212EPSS
Exploits0References1
patchstack
patchstack
added 2026/06/01 9:43 a.m.12 views

WordPress WP Statistics plugin <= 14.16.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin WP Statistics versions = 14.16.6...

7.1CVSS5.8AI score0.00212EPSS
Exploits0Affected Software1
cnnvd
cnnvd
added 2026/06/01 12:0 a.m.12 views

WordPress plugin WP Statistics 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5.1AI score0.00212EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/01 12:0 a.m.24 views

PT-2026-45438

Name of the Vulnerable Software and Affected Versions VeronaLabs WP Statistics versions prior to 14.16.6 Description Improper neutralization of input during web page generation allows for DOM-Based Cross-Site Scripting XSS, a flaw where the application contains client-side JavaScript that process...

7.1CVSS5.8AI score0.00212EPSS
Exploits0References4
fedora
fedora
added 2026/05/31 12:57 a.m.18 views

[SECURITY] Fedora 44 Update: netatalk-4.4.3-1.fc44

Netatalk is a freely-available Open Source AFP file server. A NIX/BSD system running Netatalk is capable of serving many Macintosh clients simultaneously as an AppleShare file server AFP. In addition to the AFP file server daemon, the following utility programs are also included: ad - AppleDouble...

9.9CVSS5.8AI score0.00516EPSS
Exploits0
redhatcve
redhatcve
added 2026/05/28 8:13 p.m.12 views

CVE-2026-45009

phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access...

5.3CVSS5.8AI score0.00168EPSS
Exploits0References1
wizblog
wizblog
added 2026/05/28 1:34 p.m.16 views

State of Post Quantum Cryptography

Discussion of PQC relevant statistics that we see across our customers and other data sources...

5.8AI score
Exploits0
Rows per page
Query Builder