Lucene search
K

527 matches found

OSV
OSV
added 2026/03/31 10:52 p.m.4 views

GHSA-677C-XV24-CRGX baserCMS is Vulnerable to Cross-site Scripting

baserCMS has DOM-based cross-site scripting in tag creation. Target baserCMS 5.2.2 and earlier versions Vulnerability Malicious JavaScript may be executed when creating a tag. Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more...

7.1CVSS7AI score0.00258EPSS
Exploits0References5
OSV
OSV
added 2026/03/31 10:43 p.m.3 views

GHSA-6HPG-8RX3-CWGV baserCMS has OS command injection vulnerability in installer

baserCMS has an OS command injection vulnerability in the installer. Target baserCMS 5.2.2 and earlier versions Vulnerability If baserCMS is placed on a server but not installed, malicious commands may be executed. Countermeasures Update to the latest version of baserCMS Please refer to the...

9.2CVSS7.1AI score0.02059EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/31 10:43 p.m.6 views

baserCMS has OS command injection vulnerability in installer

baserCMS has an OS command injection vulnerability in the installer. Target baserCMS 5.2.2 and earlier versions Vulnerability If baserCMS is placed on a server but not installed, malicious commands may be executed. Countermeasures Update to the latest version of baserCMS Please refer to the...

9.8CVSS7.1AI score0.02059EPSS
Exploits0References5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 7:2 a.m.14 views

Security Bulletin: IBM Edge Data Collector uses django-4.2.27-py3-none-any.whl which is vulnerable to CVE-2025-13473, CVE-2025-14550, CVE-2026-1207, CVE-2026-1285, CVE-2026-1287, CVE-2026-1312.

Summary IBM Edge Data Collector uses django-4.2.27-py3-none-any.whl which is vulnerable to CVE-2025-13473, CVE-2025-14550, CVE-2026-1207, CVE-2026-1285, CVE-2026-1287, CVE-2026-1312. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-13473...

8.5CVSS7.3AI score0.09436EPSS
Exploits2Affected Software1
CVE
CVE
added 2026/03/29 5:53 p.m.13 views

CVE-2026-0558

The CVE-2026-0558 issue affects parisneo/lollms up to 2.2.0, where the /api/files/extract-text endpoint accepts file uploads without authentication, lacking the Depends(get_current_active_user) check. This exposes unauthenticated users to DoS via resource exhaustion and potential information disc...

9.8CVSS7AI score0.0043EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/03/29 12:0 a.m.7 views

LoLLMs 安全漏洞

LoLLMs is a large language and multimodal system personally developed by Saifeddine ALOUI. Versions of LoLLMs prior to 2.2.0 contained security vulnerabilities; these vulnerabilities stemmed from the RespondRequest function not implementing proper authorization checks, which could lead to insecur...

8.3CVSS7.2AI score0.00268EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/26 5:3 p.m.4 views

CVE-2026-25452

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPDO Remoji remoji allows Stored XSS.This issue affects Remoji: from n/a through = 2.2...

7.1CVSS5.8AI score0.00175EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.7 views

CVE-2026-28073

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tips and Tricks HQ WP eMember allows Reflected XSS.This issue affects WP eMember: from n/a through v10.2.2...

7.1CVSS5.2AI score0.00149EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 6:31 p.m.3 views

EUVD-2026-15543

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Reflected XSS.This issue affects WP Telegram Widget and Join Link: from n/a through = 2.2.13...

7.1CVSS5.8AI score0.00175EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.5 views

CVE-2026-25458 WordPress Moments theme <= 2.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Moments moments allows PHP Local File Inclusion.This issue affects Moments: from n/a through = 2.2...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 2:19 p.m.4 views

CVE-2026-23514 Kiteworks Core before 9.2.2 is vulnerable to Improper Ownership Management

Kiteworks is a private data network PDN. Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows authenticated users to access unauthorized content. Upgrade Kiteworks Core to version 9.2.2 or later to receive a patch...

8.8CVSS5.8AI score0.0104EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/24 3:44 p.m.5 views

CVE-2026-33678

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, TaskAttachment.ReadOne queries attachments by ID only WHERE id = ?, ignoring the task ID from the URL path. The permission check in CanRead validates access to the task specified in the URL, but ReadOne loads ...

8.1CVSS5.8AI score0.00265EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/24 3:36 p.m.13 views

CVE-2026-33677

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, the GET /api/v1/projects/:project/webhooks endpoint returns webhook BasicAuth credentials basicauthuser and basicauthpassword in plaintext to any user with read access to the project. While the existing code...

6.5CVSS5.9AI score0.00297EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/24 3:18 p.m.4 views

CVE-2026-33473 Vikunja has TOTP Reuse During Validity Window

Vikunja is an open-source self-hosted task management platform. Starting in version 0.13 and prior to version 2.2.1, any user that has enabled 2FA can have their TOTP reused during the standard 30 second validity window. Version 2.2.1 patches the issue...

5.7CVSS5.8AI score0.00258EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.8 views

PT-2026-27442

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the renderer process without contextIsolation or sandbox. This means any cross-site scripting XSS vulnerability in...

6.5CVSS6.4AI score0.00385EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/03/23 1:12 p.m.6 views

WordPress Review Schema plugin <= 2.2.6 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Doan Dinh Van in WordPress Plugin Review Schema versions = 2.2.6...

6.5CVSS5.8AI score0.0027EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/23 12:37 p.m.6 views

WordPress Gyan Elements plugin <= 2.2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Gyan Elements versions = 2.2.1...

7.1CVSS5.8AI score0.00175EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/03/23 6:16 a.m.6 views

CVE-2025-10734

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the syncedData function. This makes it possible for unauthenticated...

5.3CVSS0.00219EPSS
Exploits0References2
CVE
CVE
added 2026/03/20 2:23 a.m.13 views

CVE-2026-32889

Tinytag (Python) version 2.2.0 is affected by a Denial of Service via a non-terminating SYLT frame parsing loop when processing attacker-supplied MP3s. The root cause is in _parse_synced_lyrics/_find_string_end_pos where an absent string terminator can cause the parser to reset its offset and nev...

6.5CVSS5.7AI score0.0041EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.9 views

WordPress plugin WP eMember 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5.7AI score0.00149EPSS
Exploits0References1
Rows per page
Query Builder