Lucene search
K

462 matches found

Nuclei
Nuclei
added yesterday60 views

Jeg Elementor Kit < 2.5.7 - Unauthenticated Settings Update

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...

8.6CVSS6.9AI score0.01594EPSS
Exploits1References4
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42909

In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible...

3.5CVSS6.1AI score0.00135EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.15 views

PT-2026-55517

Name of the Vulnerable Software and Affected Versions Zakra versions prior to 4.2.1 Description The Zakra theme for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the theme registers three post meta fields—zakra menu item color, zakra menu item hover color, and zakra...

6.4CVSS6.1AI score0.00187EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/01 7:53 a.m.41 views

CVE-2026-10096 Qi Blocks <= 1.4.9 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Style Modification via 'page_id' Parameter

The Qi Blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.4.9 via the 'pageid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with author-level access and above, t...

4.3CVSS0.00196EPSS
Exploits0References5
CVE
CVE
added 2026/07/01 7:53 a.m.14 views

CVE-2026-10096

The Qi Blocks WordPress plugin is vulnerable to Insecure Direct Object Reference in all versions up to and including 1.4.9 via the page_id parameter. Authenticated users with author-level access can modify stored Qi Blocks styles on arbitrary posts, templates, or widgets, including site-wide surf...

4.3CVSS5.9AI score0.00196EPSS
Exploits0References5
OSV
OSV
added 2026/06/30 11:16 p.m.3 views

DEBIAN-CVE-2026-13836

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

6.1CVSS6AI score0.0022EPSS
Exploits0References1
Fedora
Fedora
added 2026/06/27 1:12 a.m.7 views

[SECURITY] Fedora 44 Update: nginx-mod-fancyindex-0.6.0-6.fc44

The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...

9.2CVSS6.9AI score0.03552EPSS
Exploits4
NVD
NVD
added 2026/06/26 8:17 p.m.7 views

CVE-2026-44696

OpenProject is open-source, web-based project management software. Prior to 17.4.0, OpenProject's rich text markdown rendering pipeline uses Sanitize::Config::RELAXED:css for inline style sanitization. This configuration permits essentially all CSS properties in style attributes on permitted HTML...

5.7CVSS0.00211EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:30 p.m.6 views

CVE-2026-44696

OpenProject is open-source, web-based project management software. Prior to 17.4.0, OpenProject's rich text markdown rendering pipeline uses Sanitize::Config::RELAXED:css for inline style sanitization. This configuration permits essentially all CSS properties in style attributes on permitted HTML...

5.7CVSS5.8AI score0.00211EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52899

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.4.0 Description The rich text rendering pipeline uses an overly permissive configuration for inline style sanitization. This allows authenticated users with write access to formattable text fields, such as work...

5.7CVSS5.8AI score0.00211EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/12 9:0 p.m.9 views

Improper Encoding or Escaping of Output

Overview fabric is an Object model for HTML5 canvas, and SVG-to-canvas parser. Backed by jsdom and node-canvas. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the toSVG and getSvgStyles/getSvgSpanStyles paths in the gradient, object, and text SVG...

6.1CVSS5.5AI score0.00194EPSS
Exploits1References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:24 p.m.15 views

Malicious code in commons-ui-styles (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b9fb701d18bde61d1dc783f0575a4d83bc0eba2653bd0832d0fc26bc9e85b48 [email protected] is an empty placeholder package index.js exports , description/author blank, version bumped to 99.9.1 — the classic...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/09 5:24 p.m.11 views

MAL-2026-5437 Malicious code in commons-ui-styles (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b9fb701d18bde61d1dc783f0575a4d83bc0eba2653bd0832d0fc26bc9e85b48 [email protected] is an empty placeholder package index.js exports , description/author blank, version bumped to 99.9.1 — the classic...

6.1AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.10 views

CVE-2026-6703

The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticat...

4.3CVSS5.4AI score0.0023EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 11:5 p.m.8 views

CVE-2026-11156

Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.5AI score0.00152EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/06/04 12:0 a.m.14 views

Exploring the Connection between Coding Habits and Cognitive Styles in Malware Developers

Malware research primarily studies the results, the methods, and the impact. Even from an offensive security perspective, what is examined is the method, not the development strategy of the offender. This study investigates the behavioral signatures and coding patterns embedded in the malware...

5.4AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/30 2:7 a.m.18 views

SUSE CVE-2026-41159

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration...

5.3CVSS5.8AI score0.00398EPSS
Exploits0References3
CVE
CVE
added 2026/05/25 7:11 p.m.76 views

CVE-2026-48843

Roundcube Webmail 1.6.x (1.6.14–1.6.16) and 1.7.x before 1.7.1 expose an issue where insufficient CSS sanitization in HTML email messages can cause SSRF or information disclosure, for example via stylesheet links pointing to local network hosts. This stems from an insufficient fix for CVE-2026-35...

7.2CVSS5.8AI score0.0036EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Firefox and Thunderbird

When saving a page as a PDF, certain font styles might lead to a potential “use-after-free” crash. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...

8.8CVSS6.8AI score0.00587EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.7 views

CVE-2026-6378

The Maxi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp-json/maxi-blocks/v1.0/style-card REST API endpoint in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping of the scstyles parameter. This makes it possible...

6.4CVSS6AI score0.00234EPSS
Exploits0References1
Rows per page
Query Builder