Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

310 matches found

NVD
NVDadded 2 days ago8 views

CVE-2026-2382

The FPW Category Thumbnails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'fpwfsgetfile' AJAX action in all versions up to, and including, 1.9.5. This is due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.0003EPSS
Exploits0References4
Patchstack
Patchstackadded 2 days ago9 views

WordPress FPW Category Thumbnails plugin <= 1.9.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin FPW Category Thumbnails versions = 1.9.5...

6.4CVSS5.8AI score0.0003EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2 days ago5 views

EUVD-2026-33887

The FPW Category Thumbnails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'fpwfsgetfile' AJAX action in all versions up to, and including, 1.9.5. This is due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6AI score0.0003EPSS
Exploits0References4
Cvelist
Cvelistadded 2 days ago33 views

CVE-2026-2382 FPW Category Thumbnails <= 1.9.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'id' Parameter

The FPW Category Thumbnails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'fpwfsgetfile' AJAX action in all versions up to, and including, 1.9.5. This is due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.0003EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2 days ago4 views

CVE-2026-2382

The FPW Category Thumbnails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'fpwfsgetfile' AJAX action in all versions up to, and including, 1.9.5. This is due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6AI score0.0003EPSS
Exploits0References5
CVE
CVEadded 2 days ago6 views

CVE-2026-2382

The FPW Category Thumbnails plugin for WordPress is affected by a Stored Cross-Site Scripting (Stored XSS) issue in all versions up to and including 1.9.5. The vulnerability arises from insufficient input sanitization and output escaping in the id parameter of the fpw_fs_get_file AJAX action, all...

6.4CVSS6AI score0.0003EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2 days ago2 views

CVE-2026-2382 FPW Category Thumbnails <= 1.9.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'id' Parameter

The FPW Category Thumbnails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'fpwfsgetfile' AJAX action in all versions up to, and including, 1.9.5. This is due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6AI score0.0003EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2 days ago4 views

PT-2026-45702

The FPW Category Thumbnails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'fpw fs get file' AJAX action in all versions up to, and including, 1.9.5. This is due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6AI score0.0003EPSS
Exploits0References5
CNNVD
CNNVDadded 6 days ago5 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to version 29 contain security vulnerabilities. These vulnerabilities allow unauthorized remote attackers to read arbitrary image files on a disk that can be accessed by PHP...

6.9CVSS5.9AI score0.0006EPSS
Exploits1References1
NVD
NVDadded 2026/05/27 7:16 a.m.9 views

CVE-2026-8899

The Auto Thumbnail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'thumbnails' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on the shortcode's 'width' and 'height' attributes in the athnthumbnail...

6.4CVSS0.00032EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/27 5:31 a.m.5 views

CVE-2026-8899 Auto Thumbnails <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Auto Thumbnail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'thumbnails' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on the shortcode's 'width' and 'height' attributes in the athnthumbnail...

6.4CVSS6AI score0.00032EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/27 5:31 a.m.27 views

CVE-2026-8899 Auto Thumbnails <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Auto Thumbnail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'thumbnails' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on the shortcode's 'width' and 'height' attributes in the athnthumbnail...

6.4CVSS0.00032EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/27 5:31 a.m.6 views

EUVD-2026-32093

The Auto Thumbnail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'thumbnails' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on the shortcode's 'width' and 'height' attributes in the athnthumbnail...

6.4CVSS6AI score0.00032EPSS
Exploits0References3
CVE
CVEadded 2026/05/27 5:31 a.m.11 views

CVE-2026-8899

The CVE-2026-8899 entry concerns the WordPress Auto Thumbnail plugin (versions up to 1.0). Affected component is the athn_thumbnails() function handling the thumbnails shortcode; width and height attributes are unsafely concatenated into an HTML tag, leading to Stored Cross-Site Scripting. Explo...

6.4CVSS6AI score0.00032EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/27 12:0 a.m.6 views

PT-2026-43531

The Auto Thumbnail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'thumbnails' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on the shortcode's 'width' and 'height' attributes in the athn thumbnai...

6.4CVSS6AI score0.00032EPSS
Exploits0References4
Patchstack
Patchstackadded 2026/05/26 5:24 p.m.4 views

WordPress Auto Thumbnails plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Auto Thumbnails versions = 1.0...

6.4CVSS5.8AI score0.00032EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2026/05/19 5:44 p.m.6 views

CLSA-2026-1779212665 php: Fix of 14 CVEs

CVE-2018-5711: fix infinite loop in gdImageCreateFromGifCtx - CVE-2018-5712: remove file name from phar stub error output XSS - CVE-2018-10545: do not set PRSETDUMPABLE in php-fpm workers by default - CVE-2018-10546: fail iconvmimedecode on invalid multibyte sequences - CVE-2018-10547: escape...

7.5CVSS6.8AI score0.89192EPSS
Exploits7References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/19 12:0 a.m.8 views

Malicious code in @antv/thumbnails (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/19 12:0 a.m.8 views

Malicious code in @antv/thumbnails-component (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
vulnersOsv
vulnersOsvadded 2026/05/19 12:0 a.m.4 views

@antv/auto-chart (>=2.0.0 <=2.1.0-alpha.0), @antv/thumbnails-component (>=2.0.0 <=2.0.0-alpha.2) potentially affected by unknown CVE via @antv/thumbnails (=2.0.0)

@antv/thumbnails NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/thumbnails and may be impacted: - @antv/auto-chart =2.0.0, =2.0.0, =2.0.0-alpha.2 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4088...

5.8AI score
Exploits0
Rows per page
Query Builder