Lucene search
K

5718 matches found

Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.18 views

PT-2026-48554

Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice...

5.4CVSS5.6AI score0.00141EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 8:49 p.m.31 views

CVE-2026-25557

CVE-2026-25557 affects Evoluted PHP Directory Listing Script

5.4CVSS5.5AI score0.00187EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 8:49 p.m.10 views

CVE-2026-25557 Evoluted PHP Directory Listing Script 4.0.5 Reflected XSS via dir parameter

Evoluted PHP Directory Listing Script through 4.0.5 contains a reflected cross-site scripting vulnerability in index.php where the dir parameter value is reflected without HTML encoding inside the HTML title element and inside anchor href attributes in the breadcrumb navigation. Attackers can...

5.4CVSS5.5AI score0.00187EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 7:15 p.m.11 views

CVE-2026-47106 Ellucian Banner Self-Service Stored XSS via getFacultyMeetingTimes API

Ellucian Banner Self-Service before the April T2 release 2025-04-23 contains a stored cross-site scripting vulnerability in the course search functionality that allows authenticated Banner ERP users to inject malicious payloads into faculty and course fields by exploiting missing HTML encoding...

5.4CVSS5.6AI score0.00196EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 a.m.14 views

CVE-2026-11491

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/Allnotice of the component Notice Board Management. Such manipulation of the argument Notice Title with the input as part of POST leads to cross site scripting. It...

4.8CVSS3.7AI score0.00223EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:16 a.m.19 views

CVE-2026-8841

The Extra Settings for RocketChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rocketchat' shortcode's 'title' attribute in versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping in the rxstgshortcode function, which...

6.4CVSS0.00181EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 3:41 a.m.8 views

CVE-2026-8841 Extra Settings for RocketChat <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Extra Settings for RocketChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rocketchat' shortcode's 'title' attribute in versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping in the rxstgshortcode function, which...

6.4CVSS5.7AI score0.00181EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 3:41 a.m.12 views

EUVD-2026-35298

The Extra Settings for RocketChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rocketchat' shortcode's 'title' attribute in versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping in the rxstgshortcode function, which...

6.4CVSS5.7AI score0.00181EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 3:41 a.m.34 views

CVE-2026-8841 Extra Settings for RocketChat <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Extra Settings for RocketChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rocketchat' shortcode's 'title' attribute in versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping in the rxstgshortcode function, which...

6.4CVSS0.00181EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/09 2:58 a.m.14 views

CVE-2026-11461

A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolvesessionbytitle of the file hermesstate.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotel...

6.5CVSS6.1AI score0.00225EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Evoluted PHP Directory Listing Script 跨站脚本漏洞

Evoluted PHP Directory Listing Script is a PHP-based directory indexing and file browsing script developed by the British company Evoluted. Versions of Evoluted PHP Directory Listing Script 4.0.5 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the dir...

5.4CVSS5.2AI score0.00187EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-47673

Name of the Vulnerable Software and Affected Versions Extra Settings for RocketChat versions prior to 0.2 Description The Extra Settings for RocketChat plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the rxstg shortcode function fails to properly sanitize...

6.4CVSS5.5AI score0.00181EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/08 5:15 a.m.47 views

CVE-2026-11491 CodeAstro Human Resource Management System Notice Board Management All_notice cross site scripting

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/Allnotice of the component Notice Board Management. Such manipulation of the argument Notice Title with the input as part of POST leads to cross site scripting. It...

4.8CVSS0.00223EPSS
Exploits0References6
CVE
CVE
added 2026/06/08 5:15 a.m.43 views

CVE-2026-11491

CodeAstro Human Resource Management System 1.0 is affected in the Notice Board Management component, file /notice/All_notice. The vulnerability is a cross-site scripting flaw triggered by manipulating the Notice Title with an input like in a POST. This allows remote exploitation with a publicly ...

4.8CVSS3.7AI score0.00223EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/08 5:15 a.m.11 views

CVE-2026-11491

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/Allnotice of the component Notice Board Management. Such manipulation of the argument Notice Title with the input as part of POST leads to cross site scripting. It...

4.8CVSS3.7AI score0.00223EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/06/08 12:30 a.m.19 views

EUVD-2026-34992

A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolvesessionbytitle of the file hermesstate.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotel...

6.5CVSS5.1AI score0.00225EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.21 views

PT-2026-47253

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/All notice of the component Notice Board Management. Such manipulation of the argument Notice Title with the input as part of POST leads to cross site scripting. I...

4.8CVSS3.8AI score0.00223EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.12 views

CodeAstro Human Resource Management System 跨站脚本漏洞

The CodeAstro Human Resource Management System is a human resource management system developed by CodeAstro Corporation. Version 1.0 of the CodeAstro Human Resource Management System has a cross-site scripting vulnerability. This vulnerability stems from incorrect handling of the Notice Title...

4.8CVSS4.3AI score0.00223EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/07 9:45 p.m.37 views

CVE-2026-11461 NousResearch hermes-agent resume Endpoint hermes_state.py resolve_session_by_title authorization

A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolvesessionbytitle of the file hermesstate.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotel...

6.5CVSS0.00225EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/07 9:45 p.m.11 views

CVE-2026-11461 NousResearch hermes-agent resume Endpoint hermes_state.py resolve_session_by_title authorization

A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolvesessionbytitle of the file hermesstate.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotel...

6.5CVSS6.1AI score0.00225EPSS
Exploits0References6
Rows per page
Query Builder