Lucene search
K

227 matches found

NVD
NVD
added 2 days ago10 views

CVE-2026-12114

The Team Members – Multi Language Supported Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

4.4CVSS0.00212EPSS
Exploits0References8
CVE
CVE
added 2 days ago12 views

CVE-2026-12114

The CVE-2026-12114 entry concerns the WordPress plugin “Team Members – Multi Language Supported Team”. The vulnerability is a Stored Cross-Site Scripting flaw in admin settings present in all versions up to 8.7, caused by insufficient input sanitization and output escaping. It affects multisite i...

4.4CVSS5.9AI score0.00212EPSS
Exploits0References8
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-40249

The Team Members – Multi Language Supported Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

4.4CVSS5.9AI score0.00212EPSS
Exploits0References8
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-12114 Team Members <= 8.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'custom_css' Parameter

The Team Members – Multi Language Supported Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

4.4CVSS0.00212EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2 days ago11 views

CVE-2026-12114

The Team Members – Multi Language Supported Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

4.4CVSS5.9AI score0.00212EPSS
Exploits0References9
Patchstack
Patchstack
added 3 days ago5 views

WordPress Team Members – Multi Language Supported Team Plugin plugin <= 8.7 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by AveronSec - Averon Security in WordPress Plugin Team Member versions = 8.7...

4.4CVSS5.8AI score0.00212EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/12 3:46 p.m.12 views

CVE-2026-3433 Mattermost fails to scope role_updated websocket events to authorized team and channel members

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 fail to restrict roleupdated websocket event broadcasts to members of the affected team or channel which allows an authenticated attacker with guest-level access to observe permission scheme change...

4.3CVSS5.3AI score0.0018EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.8 views

cPanel 安全漏洞

cPanel is a web-based automated hosting platform developed by the cPanel company in the United States. This platform is primarily used for automating the management of websites and servers. cPanel has security vulnerabilities, which stem from improper permission authorization checks by team...

7.1CVSS5.8AI score0.00227EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/01 9:16 a.m.11 views

WordPress Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More plugin <= 2.5.8 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WordPress Team Members – GS Plugins versions = 2.5.8...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/01 9:16 a.m.7 views

WordPress Team Members Showcase plugin <= 3.3.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Team Members versions = 3.3.0...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.7 views

Hoppscotch 跨站脚本漏洞

Hoppscotch is an open-source API development environment created by Hoppscotch. Versions of Hoppscotch prior to 2026.3.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the display names in tooltips created by team members, which had a storage-based cross-site...

5.4CVSS5.6AI score0.00141EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/02/02 8:38 p.m.5 views

WordPress Elementor Addons by Livemesh plugin <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Members Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Team Members Widget vulnerability discovered by Nikolas - mdr in WordPress Plugin Livemesh Addons for Elementor versions = 8.3.4...

6.4CVSS8.3AI score0.00427EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 7:24 p.m.7 views

WordPress Beaver Builder Addons by WPZOOM plugin <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Members Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Team Members Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Beaver Builder Addons by WPZOOM versions = 1.3.4...

6.4CVSS8.3AI score0.00423EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 11:59 a.m.8 views

CVE-2018-19621

server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team...

6.5CVSS6.8AI score0.00447EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/06 6:5 p.m.5 views

CVE-2025-59955

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-beta.420.8 have an information disclosure vulnerability in the /api/v1/teams/teamid/members and /api/v1/teams/current/members API endpoints allows...

7.1CVSS6.2AI score0.00252EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/05 5:46 p.m.27 views

CVE-2025-59955 Coolify leaksensitive information `email_change_code` in `/api/v1/teams/{team_id | current}/members` API endpoint

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-beta.420.8 have an information disclosure vulnerability in the /api/v1/teams/teamid/members and /api/v1/teams/current/members API endpoints allows...

7.1CVSS0.00252EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/01/05 5:46 p.m.3 views

CVE-2025-59955 Coolify leaksensitive information `email_change_code` in `/api/v1/teams/{team_id | current}/members` API endpoint

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-beta.420.8 have an information disclosure vulnerability in the /api/v1/teams/teamid/members and /api/v1/teams/current/members API endpoints allows...

7.1CVSS5.8AI score0.00252EPSS
Exploits1References1
EUVD
EUVD
added 2026/01/05 5:46 p.m.3 views

EUVD-2025-206247

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-beta.420.8 have an information disclosure vulnerability in the /api/v1/teams/teamid/members and /api/v1/teams/current/members API endpoints allows...

7.1CVSS5.7AI score0.00252EPSS
Exploits1References1
CVE
CVE
added 2026/01/05 5:46 p.m.12 views

CVE-2025-59955

Coolify (versions ≤ 4.0.0-beta.420.8) has an information disclosure in /api/v1/teams/{team_id}/members and /api/v1/teams/current/members, allowing authenticated team members to access the email_change_code of other users on the same team. This code is intended for single-use email-change verifica...

7.1CVSS5.8AI score0.00252EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.5 views

PT-2026-1315

Name of the Vulnerable Software and Affected Versions Coolify versions prior to and including 4.0.0-beta.420.8 Description Coolify is a self-hostable tool for managing servers, applications, and databases. The /api/v1/teams/team id/members and /api/v1/teams/current/members API endpoints allow...

7.1CVSS6.3AI score0.00252EPSS
Exploits1References4
Rows per page
Query Builder