Lucene search
K

712 matches found

NVD
NVD
added last week6 views

CVE-2026-14896

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...

4.2CVSS0.0016EPSS
Exploits0References1
Cvelist
Cvelist
added last week32 views

CVE-2026-14896 Nomad vulnerable to cross-namespace host volume claim deletion

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...

4.2CVSS0.0016EPSS
Exploits0References1
CVE
CVE
added last week8 views

CVE-2026-14896

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature, potentially allowing an operator with host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. Root cau...

4.2CVSS6AI score0.0016EPSS
Exploits0References1
EUVD
EUVD
added last week6 views

EUVD-2026-42392

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...

4.2CVSS6AI score0.0016EPSS
Exploits0References1
HashiCorp Security Advisories
HashiCorp Security Advisories
added last week9 views

Nomad vulnerable to cross-namespace host volume claim deletion

Summary HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace...

4.2CVSS6.1AI score0.0016EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/07/06 8:27 p.m.4 views

GHSA-MP2F-45PM-3CG9 Decompress: Archive extraction can create files and links outside of the target directory

Impact When extracting an archive to a directory, a crafted archive can read or write files outside that directory. The flaw is in the code that writes the parsed entries, so it affects every format decompress handles: tar, tar.gz, tar.bz2, and zip by default, plus any others added through the...

9.1CVSS6AI score
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: octeontx2-af: Workarounds for stalls caused by disabling sticky operations. It is known that the sticky mode of the NIX SQ manager can cause stalls when multiple SQs share an SMQ and transmit concurrently. Additionally, PSE ma...

7.5CVSS6.2AI score0.00387EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.9 views

CVE-2026-6397

The Sticky plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the cvmh-sticky shortcode readmoretext attribute in versions up to and including 2.5.6. This is due to insufficient input sanitization and output escaping in the cvmhstickyfrontrender function — the readmoretext...

6.4CVSS5.7AI score0.00245EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Containerd

Containerd is a container runtime. A bug was discovered in containerd versions prior to 1.4.8 and 1.5.4, where pulling and extracting a specially crafted container image could result in changes to Unix file permissions for existing files in the host’s filesystem. Changes to file permissions could...

6.8CVSS6.3AI score0.01608EPSS
Exploits2References2
NVD
NVD
added 2026/05/20 2:16 a.m.12 views

CVE-2026-6397

The Sticky plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the cvmh-sticky shortcode readmoretext attribute in versions up to and including 2.5.6. This is due to insufficient input sanitization and output escaping in the cvmhstickyfrontrender function — the readmoretext...

6.4CVSS0.00245EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/20 1:25 a.m.11 views

EUVD-2026-31017

The Sticky plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the cvmh-sticky shortcode readmoretext attribute in versions up to and including 2.5.6. This is due to insufficient input sanitization and output escaping in the cvmhstickyfrontrender function — the readmoretext...

6.4CVSS6AI score0.00245EPSS
Exploits0References5
CVE
CVE
added 2026/05/20 1:25 a.m.20 views

CVE-2026-6397

The WordPress Sticky plugin is affected up to version 2.5.6. In cvmh_sticky_front_render(), the readmoretext attribute from the cvmh-sticky shortcode is passed through apply_filters() and directly concatenated into HTML without escaping, enabling Stored Cross-Site Scripting. Exploitation requires...

6.4CVSS6AI score0.00245EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:25 a.m.6 views

CVE-2026-6397

The Sticky plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the cvmh-sticky shortcode readmoretext attribute in versions up to and including 2.5.6. This is due to insufficient input sanitization and output escaping in the cvmhstickyfrontrender function — the readmoretext...

6.4CVSS6AI score0.00245EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.44 views

CVE-2026-6397 Sticky <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'readmoretext' Shortcode Attribute

The Sticky plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the cvmh-sticky shortcode readmoretext attribute in versions up to and including 2.5.6. This is due to insufficient input sanitization and output escaping in the cvmhstickyfrontrender function — the readmoretext...

6.4CVSS0.00245EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/20 1:25 a.m.6 views

CVE-2026-6397 Sticky <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'readmoretext' Shortcode Attribute

The Sticky plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the cvmh-sticky shortcode readmoretext attribute in versions up to and including 2.5.6. This is due to insufficient input sanitization and output escaping in the cvmhstickyfrontrender function — the readmoretext...

6.4CVSS6AI score0.00245EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.8 views

WordPress plugin Sticky 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.00245EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/05/19 7:46 p.m.6 views

@142vip/fairy-cli (>=0.0.3-alpha.19 <=0.0.3-alpha.28), @better-builds/turbo-tools (>=6.0.0 <=7.4.4-beta.2) +14 more potentially affected by CVE-2026-45772 via turbo (>=1.3.1 <=2.9.12)

turbo NPM version =1.3.1, =0.0.3-alpha.19, =6.0.0, =0.1.0, =0.1.0, =1.0.0, =3.0.1, =0.0.0-20220725115922, =0.0.234, =0.3.0, =1.5.1, =0.3.2, =0.5.0, =1.1.0, =1.4.1 - incmix-ui-components =0.0.1 and more Source cves: CVE-2026-45772 Source advisory: OSV:GHSA-3QCW-2RHX-2726...

9.8CVSS5.4AI score0.00386EPSS
Exploits0
Patchstack
Patchstack
added 2026/05/19 12:4 p.m.12 views

WordPress Sticky plugin <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Sticky versions = 2.5.6...

6.4CVSS5.8AI score0.00245EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/16 4:16 p.m.9 views

CVE-2021-47972

Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can paste large payloads of repeated characters into note fields to trigger application crashes and mak...

8.7CVSS0.00284EPSS
Exploits0References2
NVD
NVD
added 2026/05/16 4:16 p.m.23 views

CVE-2021-47973

Sticky Notes Widget 3.0.6 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note to trigger ...

8.7CVSS0.00284EPSS
Exploits0References2
Rows per page
Query Builder