Lucene search
K

1066 matches found

CVE
CVE
added yesterday7 views

CVE-2026-12385

CVE-2026-12385 affects the Smart Slider 3 WordPress plugin up to version 3.5.1.37. The issue is a Sensitive Information Exposure via the keyword parameter, enabling authenticated attackers with contributor-level access and above to extract titles and full content excerpts from private, draft, pen...

4.3CVSS6.1AI score
Exploits0References7
NVD
NVD
added yesterday7 views

CVE-2026-14906

Pages with malicious titles could potentially allow saved PDF content to overwrite PDF files or bundled content within the Firefox for iOS application sandbox. This vulnerability was fixed in Firefox for iOS 152.4...

5.3CVSS
Exploits0References2
CVE
CVE
added yesterday16 views

CVE-2026-14906

The vulnerability CVE-2026-14906 affects Firefox for iOS. Pages with malicious titles could cause saved webpages-as-PDF content to overwrite existing PDF files or bundled content within the Firefox for iOS app sandbox. Affected component is the PDF-saving process; root cause details are not expli...

5.3CVSS6.1AI score
Exploits0References2
NVD
NVD
added 4 days ago6 views

CVE-2026-61492

In JetBrains YouTrack before 2026.2.17394 stored XSS via article titles in digest emails was possible...

6.1CVSS0.0039EPSS
Exploits0References1
CVE
CVE
added 4 days ago12 views

CVE-2026-61492

The provided connected documents identify a concrete vulnerability in JetBrains YouTrack: stored XSS via article titles in digest emails, affecting versions prior to 2026.2.17394. The exact root cause is not detailed beyond this description, and there are no explicit exploit details or remediatio...

6.1CVSS6.1AI score0.0039EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42915

In JetBrains YouTrack before 2026.2.17394 stored XSS via article titles in digest emails was possible...

6.1CVSS6.1AI score0.0039EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-61492

In JetBrains YouTrack before 2026.2.17394 stored XSS via article titles in digest emails was possible...

3.5CVSS0.0039EPSS
Exploits0References1
NVD
NVD
added 4 days ago10 views

CVE-2026-15026

The Import and export users and customers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.0 via the emailtemplateselected. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the...

4.3CVSS0.00223EPSS
Exploits0References8
CVE
CVE
added 4 days ago9 views

CVE-2026-15026

The CVE concerns the WordPress plugin “Import and export users and customers” (versions

4.3CVSS6.2AI score0.00223EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-15026

The Import and export users and customers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.0 via the emailtemplateselected. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the...

4.3CVSS6.2AI score0.00223EPSS
Exploits0References9
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-15026 Import and export users and customers <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via email_template_selected AJAX Action

The Import and export users and customers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.0 via the emailtemplateselected. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the...

4.3CVSS0.00223EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 4 days ago8 views

CVE-2026-58459

A flaw was found in gpsd, a service application that monitors one or more GPSes or AIS receivers. The gpsprof utility is vulnerable to a command injection. An attacker who can control the GPS device subtype value can embed malicious commands within the gnuplot plot title. When a user processes a...

9.6CVSS6.4AI score0.00726EPSS
Exploits1References8
NVD
NVD
added 4 days ago11 views

CVE-2026-15298

The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versions up to, and including, 1.14.14. This is due to insufficient input sanitization when processing Telegram API responses containing attacker-controlled chat titles. This makes it possible for...

7.2CVSS0.00314EPSS
Exploits0References8
CVE
CVE
added 4 days ago7 views

CVE-2026-15298

The TelSender WordPress plugin (

7.2CVSS6AI score0.00314EPSS
Exploits0References8
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42805

The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versions up to, and including, 1.14.14. This is due to insufficient input sanitization when processing Telegram API responses containing attacker-controlled chat titles. This makes it possible for...

7.2CVSS6AI score0.00314EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-15298

The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versions up to, and including, 1.14.14. This is due to insufficient input sanitization when processing Telegram API responses containing attacker-controlled chat titles. This makes it possible for...

7.2CVSS6AI score0.00314EPSS
Exploits0References9
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-15298 TelSender <= 1.14.14 - Unauthenticated Stored Cross-Site Scripting via Telegram Chat Title

The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versions up to, and including, 1.14.14. This is due to insufficient input sanitization when processing Telegram API responses containing attacker-controlled chat titles. This makes it possible for...

7.2CVSS0.00314EPSS
Exploits0References8
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-42739

Cotonti Siena 0.9.26 and earlier contains a stored cross-site scripting vulnerability that allows authenticated users with PFS access to inject arbitrary script payloads by supplying malicious HTML in the ntitle parameter processed through the TXT filter in pfs.main.php. Attackers can create a...

5.4CVSS6AI score0.00136EPSS
Exploits0References2
CVE
CVE
added 5 days ago11 views

CVE-2026-58144

Cotonti Siena

5.4CVSS6AI score0.00136EPSS
Exploits0References1
NVD
NVD
added 5 days ago6 views

CVE-2026-49274

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites using the pages field with roles that have the pages.access permission disabled allowed authenticated users to provide an inaccessible parent page or site to the page picker backend and confirm arbitrary page...

5.3CVSS0.00275EPSS
Exploits0References7
Rows per page
Query Builder