Lucene search
K

648 matches found

CNNVD
CNNVD
added 2026/01/27 12:0 a.m.6 views

OpenSSL security vulnerabilities

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

5.5CVSS5.8AI score0.00176EPSS
Exploits1References3
NVD
NVD
added 2026/01/23 3:16 p.m.7 views

CVE-2026-24600

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Review penci-review allows Stored XSS.This issue affects Penci Review: from n/a through = 3.5...

6.5CVSS0.00198EPSS
Exploits0References1
NVD
NVD
added 2026/01/22 5:15 p.m.5 views

CVE-2025-27005

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup HTML5 Video Player lbg-vp2-html5-bottom allows Reflected XSS.This issue affects HTML5 Video Player: from n/a through = 5.3.5...

7.1CVSS0.0018EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:51 p.m.3 views

CVE-2025-32123

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup HTML5 Video Player with Playlist & Multiple Skins lbg-vp2-html5-rightside allows Reflected XSS.This issue affects HTML5 Video Player with Playlist & Multiple Skins: from n/a through =...

6.1CVSS5.3AI score0.00263EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:51 p.m.4 views

CVE-2025-27005

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup HTML5 Video Player lbg-vp2-html5-bottom allows Reflected XSS.This issue affects HTML5 Video Player: from n/a through = 5.3.5...

6.1CVSS5.3AI score0.0018EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.8 views

WordPress plugin lbg-vp2-html5-rightside has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.1CVSS5.7AI score0.00263EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/20 8:22 p.m.3 views

CVE-2026-23847

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 are vulnerable to reflected cross-site scripting in /api/icon/getDynamicIcon due to unsanitized SVG input. The endpoint generates SVG images for text icons type=8. The content query parameter is inserted directly into the S...

6.1CVSS5AI score0.00263EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : php:7.4 (AXSA:2022-3573:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3573:01 advisory. php: Local privilege escalation via PHP-FPM CVE-2021-21703 php: SSRF bypass in FILTERVALIDATEURL CVE-2021-21705 Tenable has extracted the preceding...

7.8CVSS5.6AI score0.01945EPSS
Exploits2References3
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.4 views

TeamSpeak 安全漏洞

TeamSpeak is a voice software from the American company TeamSpeak. A security vulnerability exists in TeamSpeak version 3.5.6, which stems from insecure file permissions and could lead to a local attacker replacing executable files...

8.5CVSS5.8AI score0.00194EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/09 12:38 p.m.8 views

CVE-2023-50441

Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.2021.2 ANSSI qualification submission or ZONECENTRAL for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which...

5.5CVSS7AI score0.00241EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/08 1:13 p.m.8 views

WordPress HTML5 Video Player with Playlist & Multiple Skins plugin <= 5.3.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin HTML5 Video Player with Playlist & Multiple Skins versions = 5.3.5...

6.1CVSS6.1AI score0.00263EPSS
Exploits0Affected Software1
CVE
CVE
added 2025/12/31 12:51 p.m.10 views

CVE-2025-62743

CVE-2025-62743 affects MyBookTable Bookstore (Stormhill) up to version 3.5.6. It is an authenticated Stored Cross-Site Scripting vulnerability (Contributor+ level). Patch status: Unpatched in the connected Wordfence entry; no remediation details provided. Exploitation details are not described in...

6.5CVSS5.9AI score0.0013EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/31 12:0 a.m.6 views

libcoap 安全漏洞

libcoap is a C implementation of a lightweight application protocol open-sourced by obgm. A security vulnerability exists in libcoap version 4.3.5 and earlier, which stems from a stack buffer overflow during address parsing and could lead to a crash or remote code execution...

9.8CVSS6.5AI score0.00637EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/27 12:0 a.m.4 views

SiYuan 安全漏洞

SiYuan is a privacy-first personal knowledge management system from SiYuan Open Source. A security vulnerability exists in SiYuan 3.5.1 and prior versions that stems from the use of hard-coded encryption keys for session storage, which could lead to session hijacking...

8.1CVSS6.5AI score0.00197EPSS
Exploits1References2
EUVD
EUVD
added 2025/12/16 7:21 a.m.4 views

EUVD-2025-203523

The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the runcallback function in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to generate form...

5.3CVSS4.9AI score0.00189EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.4 views

jshERP 安全漏洞

jshERP Huaxia ERP is a homegrown ERP system by the individual developer of China's Ji Sheng Hua. A security vulnerability exists in jshERP v3.5 and earlier versions, which stems from a stored cross-site scripting vulnerability in the /msg/add endpoint...

4.6CVSS5.8AI score0.00145EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2025/12/09 1:16 a.m.7 views

CVE-2022-50635

In the Linux kernel, the following vulnerability has been resolved: powerpc/kprobes: Fix null pointer reference in archpreparekprobe I found a null pointer reference in archpreparekprobe: echo 'p cmdlineprocshow' kprobeevents echo 'p cmdlineprocshow+16' kprobeevents Kernel attempted to read user...

6.3AI score0.00171EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.4 views

PT-2025-49996

Cross-Site Request Forgery CSRF vulnerability in apasionados DoFollow Case by Case dofollow-case-by-case allows Cross Site Request Forgery.This issue affects DoFollow Case by Case: from n/a through = 3.5.1...

6.9AI score0.00107EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/08 6:30 p.m.4 views

EUVD-2025-201786

A memory disclosure vulnerability exists in libcoap's OSCORE configuration parser in libcoap before release-4.3.5-patches. An out-of-bounds read may occur when parsing certain configuration values, allowing an attacker to infer or read memory beyond string boundaries in the .rodata section. This...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References3
Fedora
Fedora
added 2025/12/05 2:11 a.m.7 views

[SECURITY] Fedora 43 Update: libcoap-4.3.5a-1.fc43

The Constrained Application Protocol CoAP is a specialized web transfer protocol for use with constrained nodes and constrained networks in the Inter net of Things. The protocol is designed for machine-to-machine M2M applications such as smart energy and building automation. libcoap implements a...

9.8CVSS7AI score0.00415EPSS
Exploits0
Rows per page
Query Builder