Lucene search
K

48 matches found

NVD
NVD
added 2026/04/21 11:16 p.m.3 views

CVE-2026-41061

WWBN AVideo is an open source video platform. In versions 29.0 and below, the isValidDuration regex at objects/video.php:918 uses /^0-91,2:0-91,2:0-91,2/ without a $ end anchor, allowing arbitrary HTML/JavaScript to be appended after a valid duration prefix. The crafted duration is stored in the...

5.4CVSS0.00173EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/21 10:49 p.m.3 views

CVE-2026-41061

WWBN AVideo is an open source video platform. In versions 29.0 and below, the isValidDuration regex at objects/video.php:918 uses /^0-91,2:0-91,2:0-91,2/ without a $ end anchor, allowing arbitrary HTML/JavaScript to be appended after a valid duration prefix. The crafted duration is stored in the...

5.4CVSS5.4AI score0.00173EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 11:22 p.m.11 views

WWBN AVideo has Stored XSS via Unanchored Duration Regex in Video Encoder Receiver

Summary The isValidDuration regex at objects/video.php:918 uses /^0-91,2:0-91,2:0-91,2/ without a $ end anchor, allowing arbitrary HTML/JavaScript to be appended after a valid duration prefix. The crafted duration is stored in the database and rendered without HTML escaping via echo...

5.4CVSS6AI score0.00173EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2026/04/14 11:36 a.m.5 views

WordPress Trending/Popular Post Slider and Widget plugin <= 1.8.6 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin Trending/Popular Post Slider and Widget versions = 1.8.6...

5.8AI score
Exploits0References1Affected Software1
NVD
NVD
added 2026/01/23 5:15 p.m.12 views

CVE-2018-25132

MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the trending widget...

6.1CVSS0.00203EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/23 4:47 p.m.29 views

CVE-2018-25132 MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting

MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the trending widget...

6.1CVSS0.00203EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/23 4:47 p.m.4 views

CVE-2018-25132 MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting

MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the trending widget...

6.1CVSS5.2AI score0.00203EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/01/23 4:47 p.m.2 views

CVE-2018-25132

MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the trending widget...

6.1CVSS5.9AI score0.00203EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/01/23 4:47 p.m.12 views

CVE-2018-25132

CVE-2018-25132 affects the MyBB Trending Widget Plugin 1.2. The vulnerability is a cross-site scripting (XSS) flaw that lets an attacker inject malicious scripts via thread titles. These payloads execute when other users view the trending widget. The provided documents consistently describe the i...

6.1CVSS5.2AI score0.00203EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.9 views

PT-2026-4502

MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the trending widget...

6.1CVSS5.2AI score0.00203EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 1:7 a.m.4 views

CVE-2022-46846

Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Trending/Popular Post Slider and Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trending/Popular Post Slider and Widget: from n/a through 1.5.7...

5.3CVSS8.6AI score0.00513EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:45 a.m.12 views

CVE-2011-3859

Cross-site scripting XSS vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter...

4.3CVSS6AI score0.03134EPSS
Exploits1References1
Information Security Automation
Information Security Automation
added 2025/02/18 5:28 p.m.27 views

New episode “In The Trend of VM” (#11): vulnerabilities that became trending in December and the final report on trending vulnerabilities for 2024

New episode "In The Trend of VM" 11: vulnerabilities that became trending in December and the final report on trending vulnerabilities for 2024. I made this episode exclusively for the Telegram channel @avleonovcom "Vulnerability Management and More". Video on YouTube, LinkedIn Post on Habr rus...

9.5CVSS7.8AI score0.78198EPSS
Exploits24
Information Security Automation
Information Security Automation
added 2025/01/20 3:2 p.m.33 views

I have finalized the list of trending vulnerabilities for 2024 according to Positive Technologies

I have finalized the list of trending vulnerabilities for 2024 according to Positive Technologies. Last year, 74 vulnerabilities were classified as trending to compare the scale, just over 40,000 were added to NVD in 2024. All trending vulnerabilities are found in Western commercial products and...

9.8CVSS9AI score0.99999EPSS
Exploits82
Information Security Automation
Information Security Automation
added 2025/01/09 2:28 p.m.10 views

Aggregators of actively discussed vulnerabilities

Aggregators of actively discussed vulnerabilities. Alexander Redchits updated his list of services that highlight TOP CVE vulnerabilities and uploaded it with descriptions to teletype in Russian. Now there are 11 of them: 1. Intruder's Top CVE Trends & Expert Vulnerability Insights 2. Cytidel Top...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2024/11/26 11:30 a.m.6 views

Intruder Launches Intel: A Free Vulnerability Intelligence Platform For Staying Ahead of the Latest Threats

When CVEs go viral, separating critical vulnerabilities from the noise is essential to protecting your organization. That's why Intruder, a leader in attack surface management, built Intel now known ascvemon - a free vulnerability intelligence platform designed to help you act fast and prioritize...

7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2024/03/05 6:43 p.m.81 views

February 2024: Vulremi, Vuldetta, PT VM Course relaunch, PT TrendVulns digests, Ivanti, Fortinet, MSPT, Linux PW

February 2024: Vulremi, Vuldetta, PT VM Course relaunch, PT TrendVulns digests, Ivanti, Fortinet, MSPT, Linux PW. Hello everyone! In this episode, I will talk about the February updates of my open source projects, also about projects at my main job at Positive Technologies and interesting...

10CVSS9AI score0.99999EPSS
Exploits111
Trend Micro Simply Security
Trend Micro Simply Security
added 2023/11/27 12:0 a.m.9 views

Cloud Security Predictions at AWS re:Invent 2023

Heading to AWS re:Invent 2023? Don’t miss out on our talk with Melinda Marks, ESG Practice Director for Cybersecurity, about cloud detection and response CDR and what’s trending in cloud security...

7.3AI score
Exploits0
Patchstack
Patchstack
added 2023/08/16 12:0 a.m.14 views

WordPress Trending/Popular Post Slider and Widget Plugin <= 1.6 is vulnerable to Broken Access Control

Software Trending/Popular Post Slider and Widget Type Plugin Vulnerable versions = 1.6 Fixed in 1.6.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40200 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID acc8c9e2dda4 Credits Abdi...

5.8AI score0.00188EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/08/09 12:0 a.m.2 views

WordPress plugin Trending/Popular Post Slider and Widget 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

5.3CVSS8.3AI score0.00513EPSS
Exploits0References2
Rows per page
Query Builder