Lucene search
K

800 matches found

CVE
CVE
added 2026/05/02 5:29 a.m.51 views

CVE-2026-5109

The Gravity Forms WordPress plugin (versions up to and including 2.10.0) is vulnerable to Stored Cross-Site Scripting via the Product Option field. The root cause is insufficient validation and output escaping: the state validation accepts wp_kses()-sanitized values that match legitimate options ...

7.2CVSS6AI score0.00245EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/02 5:29 a.m.8 views

EUVD-2026-26741

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient validation and output escaping of Product Option field values. The vulnerability exists because the state validation function accepts submitted...

7.2CVSS6AI score0.00245EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.12 views

PT-2026-36573

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient validation and output escaping of Product Option field values. The vulnerability exists because the state validation function accepts submitted...

7.2CVSS6AI score0.00245EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/29 7:24 p.m.38 views

CVE-2018-25298 Merge PACS 7.0 Cross-Site Request Forgery via merge-viewer

Merge PACS 7.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms targeting the merge-viewer endpoint. Attackers can submit POST requests to /servlet/actions/merge-viewer/summary with login credentials to hija...

6.9CVSS0.00138EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.12 views

Merative Merge PACS 跨站请求伪造漏洞

Merative Merge PACS is a medical imaging archiving and communication system developed by the American company Merative. Version 7.0 of Merative Merge PACS contains a cross-site request forgeing vulnerability. This vulnerability stems from cross-site request forgery, allowing attackers to execute...

6.9CVSS5.8AI score0.00138EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.7 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013561)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013561 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on summary info As Wenqing Liu reported in bugzilla:...

5.7AI score0.00206EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010955)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010955 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on summary info As Wenqing Liu reported in bugzilla:...

5.9AI score0.00206EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/04/16 3:59 p.m.119 views

cve-deep-dives

CVE Deep-Dives In-depth technical analyses of significant v...

10CVSS7AI score0.99999EPSS
Exploits365
RedhatCVE
RedhatCVE
added 2026/03/27 5:9 p.m.4 views

CVE-2026-2389

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.4.2. This is due to the revertdivstosummary function replacing " HTML entities with literal double-quote characters " in post content without...

4.9CVSS6AI score0.00222EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.7 views

Git MCP Server 操作系统命令注入漏洞

Git MCP Server is an MCP server developed by Casey Hand individually. Git MCP Server has a vulnerability related to operating system command injection. This vulnerability stems from the use of the childprocess.exec function in the file gitUtils.ts, which contains commands like...

5.3CVSS6.1AI score0.00697EPSS
Exploits0References7
NVD
NVD
added 2026/03/16 2:19 p.m.4 views

CVE-2026-3022

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/hospitalization/generate-hospitalization-summary'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose o...

7.1CVSS0.00215EPSS
Exploits0References1
CVE
CVE
added 2026/03/16 10:11 a.m.15 views

CVE-2026-3022

The CVE-2026-3022 entry concerns the Wakyma web application. A NoSQL injection (NoSQLi) vulnerability exists in the endpoint vets.wakyma.com/hospitalization/generate-hospitalization-summary, where an authenticated user can modify a POST request to inject NoSQL commands and potentially access cust...

7.1CVSS5.9AI score0.00215EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/11 12:12 a.m.29 views

GHSA-2XC6-348P-C2X6 Sylius affected by IDOR in Cart and Checkout LiveComponents

Impact An authenticated Insecure Direct Object Reference IDOR vulnerability exists in multiple shop LiveComponents due to unvalidated resource IDs accepted via LiveArg parameters. Unlike props, which are protected by LiveComponent's @checksum, args are fully user-controlled - any action that...

7.1CVSS5.9AI score0.0029EPSS
Exploits0References3
Veracode
Veracode
added 2026/03/05 8:55 a.m.8 views

Missing Authorization

github.com/treeverse/lakefs is vulnerable to Missing Authorization. The vulnerability is due to lack of authentication checks on the /api/v1/usage-report/summary endpoint, which allows an attacker to access aggregate API usage information without authorization...

5.3CVSS5.8AI score0.00274EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/22 12:20 a.m.6 views

CVE-2025-57681

The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability. The vulnerability is exploited via a specially crafted paylo...

5.4CVSS5.7AI score0.00187EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.6 views

Azure Linux 3.0 Security Update: kernel (CVE-2025-38194)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38194 advisory. - In the Linux kernel, the following vulnerability has been resolved: jffs2: check that raw node were...

5.5CVSS5.4AI score0.00181EPSS
Exploits0References2
OSV
OSV
added 2026/01/21 5:16 p.m.4 views

CVE-2025-57681

The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability. The vulnerability is exploited via a specially crafted paylo...

5.4CVSS5.9AI score0.00187EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/01/21 12:0 a.m.2 views

CVE-2025-57681

The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability. The vulnerability is exploited via a specially crafted paylo...

5.4CVSS5.6AI score0.00187EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/21 12:0 a.m.18 views

CVE-2025-57681

The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability. The vulnerability is exploited via a specially crafted paylo...

0.00187EPSS
Exploits1References2
CVE
CVE
added 2026/01/21 12:0 a.m.12 views

CVE-2025-57681

The CVE-2025-57681 entry covers a Cross-Site Scripting (XSS) vulnerability in the WorklogPRO - Timesheets for Jira plugin for Jira Data Center. Concrete details from connected sources show: affected software and versions (WorklogPRO - Timesheets for Jira ≤ before 4.23.6-jira10 and ≤ before 4.23.5...

5.4CVSS5.7AI score0.00187EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder