Lucene search
+L

595 matches found

OSV
OSV
added 2026/06/17 6:35 p.m.7 views

GHSA-52MM-H59V-F3C7 earmark: Stored XSS via unescaped HTML attribute values

Improper Neutralization of Script in Attributes in a Web Page vulnerability in pragdave earmark allows stored cross-site scripting via unescaped HTML attribute values. 'Elixir.Earmark.Transform':makeatt1/2 in lib/earmark/transform.ex splices attribute values verbatim between two literal " bytes: ...

4.8CVSS5.1AI score0.00133EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/17 4:42 p.m.13 views

CVE-2026-48591 Stored XSS via unescaped HTML attribute values in earmark

Improper Neutralization of Script in Attributes in a Web Page vulnerability in pragdave earmark allows stored cross-site scripting via unescaped HTML attribute values. 'Elixir.Earmark.Transform':makeatt1/2 in lib/earmark/transform.ex splices attribute values verbatim between two literal " bytes: ...

4.8CVSS5AI score0.00133EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-39577

Unauthenticated PHP Object Injection in Playroom = 1.4.1 versions...

5.5CVSS0.00205EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.11 views

CVE-2026-27429

Unauthenticated PHP Object Injection in Nifty = 1.4.1 versions...

9.8CVSS0.00556EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.27 views

CVE-2025-69111 WordPress Reisen theme <= 1.4.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Reisen = 1.4.1 versions...

9.8CVSS0.00386EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:57 p.m.17 views

CVE-2026-27429

CVE-2026-27429 concerns the WordPress Nifty theme (versions

9.8CVSS5.3AI score0.00556EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 10:16 a.m.14 views

CVE-2026-40809

Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.4.1...

6.5CVSS0.00196EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 9:5 a.m.15 views

CVE-2026-40809

CVE-2026-40809 concerns the WordPress Metro Magazine theme (versions

6.5CVSS5.2AI score0.00196EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 12:0 p.m.27 views

RUSTSEC-2026-0175 `onering` 1.4.1 was removed from crates.io for malicious code

A new version of the onering crate was published with code that attempted to exfiltrate both metadata and code from the project it was included within. One malicious version was published on 2026-06-10, approximately six hours before removal. This crate has no dependencies on crates.io, and there...

5.6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.13 views

CVE-2026-10567

A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the component ModuleFormController. The manipulation of the argument Description leads to cross site...

5.1CVSS3.7AI score0.00237EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.11 views

CVE-2026-3279

The Enable jQuery Migrate Helper plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the downgradejqueryversion function in all versions up to, and including, 1.4.1. This is due to the function only verifying a nonce without checking user...

6.5CVSS5.4AI score0.00277EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 2:0 a.m.13 views

EUVD-2026-33875

A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the component ModuleFormController. The manipulation of the argument Description leads to cross site...

5.1CVSS4.1AI score0.00237EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.7 views

CordysCRM 代码注入漏洞

FIT2CLOUD CordysCRM is a customer relationship management system developed by FIT2CLOUD. Versions of CordysCRM 1.4.1 and earlier contain a code injection vulnerability. This vulnerability stems from a issue with the Save function in the ModuleFormController component’s file...

5.1CVSS4.9AI score0.00237EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/05/27 6:46 a.m.66 views

CVE-2026-3279 Enable jQuery Migrate Helper <= 1.4.1 - Missing Authorization to Authenticated (Subscriber+) jQuery Version Downgrade

The Enable jQuery Migrate Helper plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the downgradejqueryversion function in all versions up to, and including, 1.4.1. This is due to the function only verifying a nonce without checking user...

6.5CVSS0.00277EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/05/26 7:51 a.m.10 views

WordPress Reisen theme <= 1.4.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Reisen versions = 1.4.1...

5.8AI score0.00386EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/05/08 2:16 p.m.21 views

CVE-2026-41512

ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerability via JavaScript injection in BrowserAutomation::PlaywrightService. This issue has been patched in version 1.4.1...

9.9CVSS0.00587EPSS
Exploits1References2
CVE
CVE
added 2026/05/08 1:52 p.m.28 views

CVE-2026-41512

ai-scanner (built on NVIDIA garak) contains a remote code execution vulnerability in versions 1.0.0 up to before 1.4.1, caused by JavaScript injection in BrowserAutomation::PlaywrightService. A patch is available in v1.4.1. CVSSv3.1 metrics in the entry indicate a CRITICAL base score (9.9) with n...

9.9CVSS6.4AI score0.00587EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/08 1:52 p.m.8 views

CVE-2026-41512

ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerability via JavaScript injection in BrowserAutomation::PlaywrightService. This issue has been patched in version 1.4.1...

9.9CVSS6.4AI score0.00587EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/05/08 1:52 p.m.36 views

CVE-2026-41512 Remote code execution via JavaScript injection in `BrowserAutomation::PlaywrightService`

ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerability via JavaScript injection in BrowserAutomation::PlaywrightService. This issue has been patched in version 1.4.1...

9.9CVSS0.00587EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/25 12:0 a.m.15 views

Fedora 44 : pie (2026-7acc0ad1fc)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-7acc0ad1fc advisory. Version 1.4.1 - Update bundled Composer to 2.9.7 ---- Version 1.4.0 New features! - Prompt to install missing system dependencies - Prompt to install build...

5.6AI score
Exploits0References1
Rows per page
Query Builder