CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

151 matches found

EUVD-2026-33885

The ZeM STL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the zemstl shortcode in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'url', 'color', and 'bgcolor'...

6.4CVSS6AI score0.00056EPSS

Exploits0References9

Cvelist•added 2 days ago•31 views

CVE-2026-4081 ZeM STL <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS0.00056EPSS

Exploits0References9

ATTACKERKB•added 2 days ago•5 views

CVE-2026-4081

6.4CVSS6AI score0.00056EPSS

Exploits0References10

Vulnrichment•added 2 days ago•4 views

CVE-2026-4081 ZeM STL <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS6AI score0.00056EPSS

Exploits0References9

CVE•added 2 days ago•8 views

CVE-2026-4081

The CVE concerns the ZeM STL plugin for WordPress, affected in all versions up to 1.0. The vulnerability is a Stored Cross-Site Scripting (XSS) via the [zemstl] shortcode caused by insufficient input sanitization and output escaping of user-supplied shortcode attributes, specifically 'url' , 'col...

6.4CVSS6AI score0.00056EPSS

Exploits0References9

Positive Technologies•added 2 days ago•6 views

PT-2026-45708

Name of the Vulnerable Software and Affected Versions ZeM STL plugin for WordPress versions prior to 1.1 Description Stored Cross-Site Scripting is possible via the zemstl shortcode due to insufficient input sanitization and output escaping of user-supplied attributes. Specifically, the url, colo...

6.4CVSS6AI score0.00056EPSS

Exploits0References11

Patchstack•added 3 days ago•7 views

WordPress ZeM STL plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin ZeM STL versions = 1.0...

6.4CVSS5.8AI score0.00056EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/05/05 2:20 a.m.•3 views

CVE-2026-7429

SSCMS v7.4.0 contains a reflected cross-site scripting vulnerability in the STL processing endpoint that allows attackers to execute arbitrary JavaScript by crafting malicious STL template payloads that are decrypted and returned without proper sanitization. Attackers can exploit improper output...

4.6CVSS5.9AI score0.00033EPSS

Exploits0References1

RedhatCVE•added 2026/05/04 8:21 p.m.•2 views

CVE-2026-7435

SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. Attackers can craft encrypted payloads submitted to the /api/stl/actions/dynamic endpoint to execute...

8.6CVSS6.2AI score0.00164EPSS

Exploits0References1

Tenable Nessus•added 2026/05/02 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-42476

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Two heap-based out-of-bounds read vulnerabilities in the STL ASCII file parser in Open CASCADE Technology OCCT V800rc5 exist in RWStlReader::ReadAscii because...

7.1CVSS5.8AI score0.00014EPSS

Exploits0References3

NVD•added 2026/05/01 3:16 p.m.•1 views

CVE-2026-42476

Two heap-based out-of-bounds read vulnerabilities in the STL ASCII file parser in Open CASCADE Technology OCCT V800rc5 exist in RWStlReader::ReadAscii because buffers returned by StandardReadLineBuffer::ReadLine are not properly length-validated before strncasecmp or direct byte access...

7.1CVSS0.00014EPSS

Exploits0References1

OSV•added 2026/05/01 3:16 p.m.•2 views

DEBIAN-CVE-2026-42476

7.1CVSS5.8AI score0.00014EPSS

Exploits0References1

UbuntuCve•added 2026/05/01 3:16 p.m.•0 views

CVE-2026-42476

7.1CVSS5.8AI score0.00014EPSS

Exploits0References2

CNNVD•added 2026/05/01 12:0 a.m.•4 views

Open Cascade OCCT 缓冲区错误漏洞

Open Cascade OCCT is a 3D modeling and geometry computation kernel from the French company Open Cascade. A buffer error vulnerability exists in Open Cascade OCCT version V800rc5, which stems from two heap-based out-of-bounds reads in the RWStlReader::ReadAscii function in the STL ASCII file parse...

7.1CVSS6AI score0.00014EPSS

Exploits0References1

EUVD•added 2026/05/01 12:0 a.m.•3 views

EUVD-2026-26599

7.1CVSS5.8AI score0.00014EPSS

Exploits0References1

Vulnrichment•added 2026/05/01 12:0 a.m.•0 views

CVE-2026-42476

5.8AI score0.00014EPSS

Exploits0References1

Positive Technologies•added 2026/05/01 12:0 a.m.•5 views

PT-2026-36475

Two heap-based out-of-bounds read vulnerabilities in the STL ASCII file parser in Open CASCADE Technology OCCT V8 0 0 rc5 exist in RWStl Reader::ReadAscii because buffers returned by Standard ReadLineBuffer::ReadLine are not properly length-validated before strncasecmp or direct byte access...

7.1CVSS5.8AI score0.00014EPSS

Exploits0References2

NVD•added 2026/04/30 9:16 p.m.•4 views

CVE-2026-7435

8.6CVSS0.00164EPSS

Exploits0References3

NVD•added 2026/04/30 8:16 p.m.•2 views

CVE-2026-7429

4.6CVSS0.00033EPSS

Exploits0References3

CVE•added 2026/04/30 7:45 p.m.•3 views

CVE-2026-7429

CVE-2026-7429 affects SSCMS v7.4.0 and describes a reflected cross‑site scripting flaw in the STL processing endpoint. The vulnerability arises from improper output encoding in the /api/stl/actions/dynamic endpoint, where malicious STL template payloads can be decrypted and returned without sanit...

4.6CVSS5.3AI score0.00033EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by