Lucene search
K

6 matches found

EUVD
EUVD
added 2026/06/05 6:44 p.m.13 views

EUVD-2026-34891

HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting XSS vulnerability exists in versions prior to 26.0.0 due to improper sanitization of elements. The application allows javascript: URIs in the src attribute, which are executed when a malicious page ...

9.3CVSS5.5AI score0.0023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/01 4:3 p.m.16 views

CVE-2026-7459

The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated Subscriber+ account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints reacttoevent / unreacttoevent. The endpoints register getitemspermissionschec...

7.5CVSS5.8AI score0.00593EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.12 views

TencentOS Server 3: python3.11 (TSSA-2026:0375)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0375 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

9.1CVSS7AI score0.00579EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/12 5:19 p.m.43 views

CVE-2026-34642 After Effects | Heap-based Buffer Overflow (CWE-122)

After Effects versions 26.0, 25.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00187EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/23 1:51 p.m.23 views

CVE-2026-33351 AVideo has Unauthenticated SSRF via `webSiteRootURL` Parameter in saveDVR.json.php, Chaining to Verification Bypass

WWBN AVideo is an open source video platform. Prior to version 26.0, a Server-Side Request Forgery SSRF vulnerability exists in plugin/Live/standAloneFiles/saveDVR.json.php. When the AVideo Live plugin is deployed in standalone mode the intended configuration for this file, the...

9.1CVSS0.00431EPSS
Exploits1References2
EUVD
EUVD
added 2026/01/05 3:32 a.m.6 views

EUVD-2026-0914

A flaw has been found in bg5sbk MiniCMS up to 1.8. Impacted is the function deletepage of the file /minicms/mc-admin/page.php of the component File Recovery Request Handler. This manipulation causes improper authentication. The attack is possible to be carried out remotely. The exploit has been...

6.9CVSS6.3AI score0.00636EPSS
Exploits1References5
Rows per page
Query Builder