Lucene search
K

2777 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

A use-after-free flaw was discovered in hfsplusputsuper in fs/hfsplus/super.c within the Linux kernel. This flaw could allow a local user to cause a denial of service problem...

5.5CVSS6.7AI score0.002EPSS
Exploits0References2
Veracode
Veracode
added 2026/05/16 5:48 a.m.14 views

Improper Access Control

getgrav/grav-plugin-api is vulnerable to Improper Access Control. The vulnerability is due to an insecure direct object reference and flawed permission update logic in UsersController::update, which allows an attacker to escalate privileges to Super Administrator and gain full system access...

8.8CVSS5.8AI score0.0035EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/05/15 10:16 p.m.28 views

CVE-2026-45665

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Banner component due to an improper sanitization order specifically, DOMPurify is executed before the marked library. Th...

8.1CVSS0.00322EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 9:42 p.m.7 views

CVE-2026-45665

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Banner component due to an improper sanitization order specifically, DOMPurify is executed before the marked library. Th...

8.1CVSS5.8AI score0.00322EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/05/15 9:42 p.m.20 views

EUVD-2026-30664

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Banner component due to an improper sanitization order specifically, DOMPurify is executed before the marked library. Th...

8.1CVSS5.8AI score0.00322EPSS
Exploits1References1
NVD
NVD
added 2026/05/15 7:16 p.m.16 views

CVE-2021-47965

WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation. Attackers can upload arbitrary files through the filemanager upload endpoint to achieve remote co...

9.8CVSS0.00576EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/15 6:36 p.m.12 views

EUVD-2021-34820

WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation. Attackers can upload arbitrary files through the filemanager upload endpoint to achieve remote co...

9.8CVSS6.5AI score0.00576EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/15 6:36 p.m.34 views

CVE-2021-47965 WordPress Plugin WP Super Edit 2.5.4 Unrestricted File Upload

WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation. Attackers can upload arbitrary files through the filemanager upload endpoint to achieve remote co...

9.8CVSS0.00576EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/15 6:36 p.m.10 views

CVE-2021-47965 WordPress Plugin WP Super Edit 2.5.4 Unrestricted File Upload

WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation. Attackers can upload arbitrary files through the filemanager upload endpoint to achieve remote co...

9.8CVSS6.5AI score0.00576EPSS
Exploits0References4
CVE
CVE
added 2026/05/15 6:36 p.m.18 views

CVE-2021-47965

CVE-2021-47965 affects WordPress plugin WP Super Edit (versions up to 2.5.4) and involves an unrestricted file upload in the FCKeditor component. The vulnerability allows uploading arbitrary files via the filemanager upload endpoint, enabling remote code execution and complete system compromise. ...

9.8CVSS6.5AI score0.00576EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/15 6:36 p.m.6 views

CVE-2021-47965

WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation. Attackers can upload arbitrary files through the filemanager upload endpoint to achieve remote co...

9.8CVSS6.5AI score0.00576EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

WordPress plugin WP Super Edit 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.8CVSS5.9AI score0.00576EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

Open WebUI 跨站脚本漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.8.0 had a cross-site scripting vulnerability. This vulnerability stemmed from improper cleanup order in the Banner component, leading to storage-based cross-site...

8.1CVSS5.6AI score0.00322EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.13 views

PT-2026-41344

Name of the Vulnerable Software and Affected Versions WP Super Edit versions 2.5.4 and earlier Description The FCKeditor component contains an unrestricted file upload flaw. Attackers can upload arbitrary and dangerous file types without validation through the 'filemanager upload' endpoint, which...

9.8CVSS6.5AI score0.00576EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.6 views

Zabbix 7.0.x < 7.0.24 / 7.4.x < 7.4.8 XSS (ZBX-27758)

The version of Zabbix Server installed on the remote host is prior to 7.0.24, 7.4.8. It is, therefore, affected by a stored cross-site scripting XSS vulnerability. An authenticated non-super administrator can create a maintenance period with a JavaScript payload that is executed by any user that...

7.3CVSS5.7AI score0.00285EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/14 8:27 p.m.11 views

Open WebUI has Stored XSS in Banner Component via Improper Sanitization Order

Summary A Stored Cross-Site Scripting XSS vulnerability exists in the Banner component due to an improper sanitization order specifically, DOMPurify is executed before the marked library. This vulnerability allows a compromised or malicious administrator to plant a malicious payload in the global...

8.1CVSS5.8AI score0.00322EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/14 8:27 p.m.57 views

GHSA-CQP4-QQVG-3787 Open WebUI has Stored XSS in Banner Component via Improper Sanitization Order

Summary A Stored Cross-Site Scripting XSS vulnerability exists in the Banner component due to an improper sanitization order specifically, DOMPurify is executed before the marked library. This vulnerability allows a compromised or malicious administrator to plant a malicious payload in the global...

8.1CVSS5.8AI score0.00322EPSS
Exploits1References4
NVD
NVD
added 2026/05/14 3:16 p.m.50 views

CVE-2026-41937

Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows superadmin users to execute arbitrary PHP code by uploading a malicious plugin ZIP file. Attackers can craft a ZIP containing a plugin.php with a valid Slug header and a...

8.6CVSS0.00403EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/14 2:30 p.m.8 views

CVE-2026-41937

Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows superadmin users to execute arbitrary PHP code by uploading a malicious plugin ZIP file. Attackers can craft a ZIP containing a plugin.php with a valid Slug header and a...

8.6CVSS6.2AI score0.00403EPSS
Exploits0References4
CVE
CVE
added 2026/05/14 2:30 p.m.21 views

CVE-2026-41937

Summary: CVE-2026-41937 affects Vvveb prior to 1.0.8.3. An unrestricted file upload in the plugin upload endpoint lets super_admin users craft a ZIP (plugin.php with a valid Slug header and public/index.php) that executes arbitrary PHP code as the web server user when accessed at the plugin’s pub...

8.6CVSS6.2AI score0.00403EPSS
Exploits0References3
Rows per page
Query Builder