Lucene search
+L

41 matches found

NVD
NVD
added 2026/07/01 11:16 a.m.9 views

CVE-2026-10095

The WP Photo Album Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'subtext' parameter in all versions up to, and including, 9.1.13.005 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00241EPSS
Exploits0References11
CVE
CVE
added 2026/07/01 9:32 a.m.14 views

CVE-2026-10095

CVE-2026-10095 affects the WP Photo Album Plus plugin for WordPress. The flaw is a Stored Cross-Site Scripting (XSS) via the subtext parameter in all versions up to and including 9.1.13.005, caused by insufficient input sanitization and output escaping. An authenticated attacker with contributor-...

6.4CVSS5.9AI score0.00241EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/07/01 9:32 a.m.8 views

CVE-2026-10095

The WP Photo Album Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'subtext' parameter in all versions up to, and including, 9.1.13.005 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.9AI score0.00241EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2008-6253

Malware in sbrugna...

4.3CVSS6.4AI score0.01223EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2006-3043

Malware in sbrugna...

6.5CVSS6.4AI score0.01048EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2020/09/03 8:35 p.m.6 views

3nit-components (>=0.0.2 <=0.0.4), 3nit-utils (>=0.3.0 <=0.23.0) +1572 more potentially affected by unknown CVE via subtext (>=1.1.1 <=6.0.12)

subtext NPM version =1.1.1, =0.0.2, =0.3.0, =1.0.0, =1.16.0, =1.16.0, =1.16.0, =1.0.0, =0.0.1, =0.1.0, =0.9.0, =1.0.7, =0.0.1, =1.0.8, =11.1.27-alpha.4606607431 and more Source cves: unknown CVE Source advisory: OSV:GHSA-2MVQ-XP48-4C77...

5.7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2020/09/03 8:35 p.m.25 views

Denial of Service in subtext

All versions of subtext are vulnerable to Denial of Service DoS. The package fails to enforce the maxBytes configuration for payloads with chunked encoding that are written to the file system. This allows attackers to send requests with arbitrary payload sizes, which may exhaust system resources...

4.8AI score
Exploits0References3Affected Software1
OSV
OSV
added 2020/09/03 8:35 p.m.10 views

GHSA-2MVQ-XP48-4C77 Denial of Service in subtext

All versions of subtext are vulnerable to Denial of Service DoS. The package fails to enforce the maxBytes configuration for payloads with chunked encoding that are written to the file system. This allows attackers to send requests with arbitrary payload sizes, which may exhaust system resources...

7.2AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2020/09/03 8:33 p.m.28 views

Denial of Service in @commercial/subtext

Versions of @commercial/subtext prior to 5.1.1 are vulnerable to Denial of Service DoS. The package fails to enforce the maxBytes configuration for payloads with chunked encoding that are written to the file system. This allows attackers to send requests with arbitrary payload sizes, which may...

4.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/03 8:32 p.m.23 views

Denial of Service in @hapi/subtext

Versions of @hapi/subtext prior to 6.1.2 are vulnerable to Denial of Service DoS. The package fails to enforce the maxBytes configuration for payloads with chunked encoding that are written to the file system. This allows attackers to send requests with arbitrary payload sizes, which may exhaust...

4.8AI score
Exploits0References3Affected Software1
OSV
OSV
added 2020/09/03 8:32 p.m.6 views

GHSA-4RGJ-8MQ3-HGGJ Denial of Service in @hapi/subtext

Versions of @hapi/subtext prior to 6.1.2 are vulnerable to Denial of Service DoS. The package fails to enforce the maxBytes configuration for payloads with chunked encoding that are written to the file system. This allows attackers to send requests with arbitrary payload sizes, which may exhaust...

7.2AI score
Exploits0References2
OSV
OSV
added 2020/09/03 3:49 p.m.12 views

GHSA-36C4-4R89-6WHG Prototype Pollution in @commercial/subtext

Versions of @commercial/subtext prior to 5.1.2 are vulnerable to Prototype Pollution. A multipart payload can be constructed in a way that one of the parts’ content can be set as the entire payload object’s prototype. If this prototype contains data, it may bypass other validation rules which...

7AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2020/09/03 3:47 p.m.30 views

Prototype Pollution in @hapi/subtext

Versions of @hapi/pez prior to 4.1.2 or 5.0.1 are vulnerable to Prototype Pollution. A multipart payload can be constructed in a way that one of the parts’ content can be set as the entire payload object’s prototype. If this prototype contains data, it may bypass other validation rules which...

6.8AI score
Exploits0References2Affected Software1
OSV
OSV
added 2020/09/03 3:47 p.m.12 views

GHSA-G9CG-H3JM-CWRC Prototype Pollution in @hapi/subtext

Versions of @hapi/pez prior to 4.1.2 or 5.0.1 are vulnerable to Prototype Pollution. A multipart payload can be constructed in a way that one of the parts’ content can be set as the entire payload object’s prototype. If this prototype contains data, it may bypass other validation rules which...

6.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2020/09/03 3:47 p.m.27 views

Prototype Pollution in pez

All versions of pez are vulnerable to Prototype Pollution. A multipart payload can be constructed in a way that one of the parts’ content can be set as the entire payload object’s prototype. If this prototype contains data, it may bypass other validation rules which enforce access and privacy. If...

6.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2020/09/03 3:47 p.m.11 views

GHSA-G64Q-3VG8-8F93 Prototype Pollution in pez

All versions of pez are vulnerable to Prototype Pollution. A multipart payload can be constructed in a way that one of the parts’ content can be set as the entire payload object’s prototype. If this prototype contains data, it may bypass other validation rules which enforce access and privacy. If...

6.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2020/09/03 3:46 p.m.12 views

Denial of Service in content

Versions of content are vulnerable to Denial of Service. The Content-Encoding HTTP header parser has a vulnerability which will cause the function to throw a system error if the header contains some invalid values. Because hapi rethrows system errors as opposed to catching expected application...

7AI score
Exploits0References3Affected Software1
OSV
OSV
added 2020/09/03 3:46 p.m.14 views

GHSA-CVFM-XJC8-F2VM Denial of Service in @commercial/subtext

Version 5.1.1 of @commercial/subtext is vulnerable to Denial of Service. The Content-Encoding HTTP header parser has a vulnerability which will cause the function to throw a system error if the header contains some invalid values. Because hapi rethrows system errors as opposed to catching expecte...

7AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2020/09/03 3:46 p.m.22 views

Denial of Service in @hapi/content

Versions of @hapi/content prior to 4.1.1 and 5.0.1 are vulnerable to Denial of Service. The Content-Encoding HTTP header parser has a vulnerability which will cause the function to throw a system error if the header contains some invalid values. Because hapi rethrows system errors as opposed to...

7AI score
Exploits0References2Affected Software1
OSV
OSV
added 2020/09/03 3:46 p.m.11 views

GHSA-3WQH-H42R-X8FQ Denial of Service in @hapi/content

Versions of @hapi/content prior to 4.1.1 and 5.0.1 are vulnerable to Denial of Service. The Content-Encoding HTTP header parser has a vulnerability which will cause the function to throw a system error if the header contains some invalid values. Because hapi rethrows system errors as opposed to...

7AI score
Exploits0References1
Rows per page
Query Builder