Lucene search
K

30 matches found

OSV
OSV
added 2026/05/29 1:35 p.m.9 views

OESA-2026-2500 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via...

7.5CVSS5.7AI score0.00428EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/22 7:50 a.m.8 views

CVE-2026-7636 Slider by Soliloquy <= 2.8.1 - Authenticated (Subscriber+) Information Disclosure via REST API Endpoint

The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 via the mapmetacap. This makes it possible for authenticated attackers, with subscriber-level access and above, to extra...

4.3CVSS5.8AI score0.00236EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/22 7:50 a.m.10 views

EUVD-2026-31416

The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 via the mapmetacap. This makes it possible for authenticated attackers, with subscriber-level access and above, to extra...

4.3CVSS5.8AI score0.00236EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2026/05/10 7:16 a.m.11 views

CVE-2026-45186

In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input...

7.5CVSS5.7AI score0.00428EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/23 7:15 p.m.23 views

CVE-2026-33548 MantisBT has Stored HTML Injection / XSS when displaying Tags in Timeline

Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, improper escaping of tag names retrieved from History in Timeline myviewpage.php allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript, when displaying a tag that has...

8.6CVSS0.00196EPSS
Exploits0References2
OSV
OSV
added 2026/03/17 9:31 p.m.5 views

GHSA-J3MH-QMJJ-XP83 Ray Dashboard is vulnerable to path traversal through its static file handling mechanism

A path traversal vulnerability was identified in Ray Dashboard default port 8265 in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences e.g., ../ to access files outside the...

8.7CVSS7.7AI score0.00929EPSS
Exploits1References5
CVE
CVE
added 2026/03/17 7:33 p.m.11 views

CVE-2026-32981

Ray Dashboard on port 8265 has a path traversal flaw in versions prior to 2.8.1 due to improper validation/sanitization of user-supplied paths in the static file handling, allowing access to files outside the static directory and causing local file disclosure. Reported with high severity (CVSS 3....

8.7CVSS5.8AI score0.00929EPSS
Exploits1References11Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-30838

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - league/commonmark is a PHP Markdown parser. Prior to version 2.8.1, the DisallowedRawHtml extension can be bypassed by inserting a newline, tab, or other ASCII...

6.1CVSS5.6AI score0.00217EPSS
Exploits0References3
CVE
CVE
added 2026/03/07 4:0 p.m.20 views

CVE-2026-30838

CVE-2026-30838 affects league/commonmark, a PHP Markdown parser. Prior to version 2.8.1, the DisallowedRawHtml extension can be bypassed by inserting ASCII whitespace between a disallowed HTML tag name and the closing &gt;, e.g., , enabling a cross-site scripting (XSS) vector for applications tha...

6.1CVSS5.7AI score0.00217EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/03/04 7:30 p.m.14 views

CVE-2026-28427

CVE-2026-28427 affects OpenDeck (Linux software for the Elgato Stream Deck). Prior to version 2.8.1, the service listening on port 57118 serves static plugin files but does not sanitize path components properly. An attacker can use ../ sequences in the request path to traverse outside the intende...

7.5CVSS6AI score0.00431EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2026/02/03 11:59 a.m.8 views

WordPress ShopLentor plugin <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin ShopLentor versions = 2.8.1...

6.4CVSS5.3AI score0.0032EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/01/02 2:51 p.m.14 views

CVE-2025-62857

CVE-2025-62857 affects QuMagie with a cross-site scripting (XSS) vulnerability. Affected versions are prior to 2.8.1; remediation is to upgrade to QuMagie 2.8.1 or later. Multiple sources (NVD, Red Hat, CVE lists, CNVD, EUVD, PT Security) corroborate the issue and fix. The provided documents do n...

6.2CVSS5.4AI score0.00183EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/11/24 7:16 a.m.4 views

CVE-2025-13588

A vulnerability was found in lKinderBueno Streamity Xtream IPTV Player up to 2.8. The impacted element is an unknown function of the file public/proxy.php. Performing manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit has been made public and...

6.5CVSS0.00218EPSS
Exploits0References6
OSV
OSV
added 2025/11/24 7:16 a.m.3 views

CVE-2025-13588

A vulnerability was found in lKinderBueno Streamity Xtream IPTV Player up to 2.8. The impacted element is an unknown function of the file public/proxy.php. Performing manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit has been made public and...

5.3CVSS6.7AI score
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 8:21 a.m.6 views

CVE-2024-1960

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Special Offer Day Widget Banner Link in all versions up to, and including, 2.8.1 due to insufficient input...

6.4CVSS5.4AI score0.00521EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:45 a.m.5 views

CVE-2023-0293

The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to chan...

4.3CVSS5.3AI score0.00568EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:43 a.m.8 views

CVE-2023-50839

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.1...

9.8CVSS8.9AI score0.02041EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 4:10 a.m.4 views

CVE-2024-54219

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in thehp AIO Contact aio-contact.This issue affects AIO Contact: from n/a through = 2.8.1...

7.1CVSS7.2AI score0.00347EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/12/05 7:15 a.m.5 views

CVE-2023-43472

An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API...

7.5CVSS5.8AI score0.36582EPSS
Exploits1References3
OSV
OSV
added 2023/11/16 5:15 p.m.3 views

CVE-2023-6019

A command injection existed in Ray's cpuprofile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here:...

9.8CVSS5.9AI score
Exploits0References1
Rows per page
Query Builder