Lucene search
K

232 matches found

NVD
NVD
added 3 days ago3 views

CVE-2026-57381

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Property Hive PropertyHive propertyhive allows Reflected XSS.This issue affects PropertyHive: from n/a through = 2.2.3...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 3 days ago5 views

CVE-2026-57381

The CVE describes a Reflected Cross-Site Scripting vulnerability in the WordPress PropertyHive plugin (PropertyHive) for versions

7.1CVSS6.1AI score0.0018EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/07 2:51 p.m.6 views

WordPress PropertyHive plugin <= 2.2.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by manop55555 in WordPress Plugin PropertyHive versions = 2.2.3...

7.1CVSS5.9AI score0.0018EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/05/29 12:0 a.m.9 views

OPENSUSE-SU-2026:10891-1 gsasl-2.2.3-1.1 on GA media

These are all security issues fixed in the gsasl-2.2.3-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.8AI score0.00455EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.16 views

GNU SASL 代码问题漏洞

GNU SASL is a simple authentication and security layer framework from the GNU community in the United States, which implements several common SASL mechanisms. Versions of GNU SASL prior to 2.2.3 had code vulnerabilities; these vulnerabilities stemmed from a null pointer dereferencing in the...

7.5CVSS5.9AI score0.00455EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.9 views

Unity Linux 20.1070e Security Update: mutt (UTSA-2026-016745)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016745 advisory. Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line Tenable has extracted the preceding...

5.3CVSS5.8AI score0.01711EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2026/04/13 7:24 p.m.9 views

CVE-2026-39477

Missing Authorization vulnerability in Brainstorm Force CartFlows cartflows allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CartFlows: from n/a through = 2.2.3...

4.3CVSS5.8AI score0.00216EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 8:30 a.m.23 views

CVE-2026-39477

CVE-2026-39477 refers to a missing authorization vulnerability in the WordPress plugin CartFlows (Brainstorm Force), affecting CartFlows versions up to 2.2.3. The root cause is an incorrectly configured access-control mechanism that allows exploitation of access levels. CVSS 3.1 base metrics indi...

4.3CVSS5.9AI score0.00216EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.9 views

PT-2026-31119

CVE-2026-39477 Missing Authorization vulnerability in Brainstorm Force CartFlows cartflows allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects… https://t.co/FFNPsLRGYp...

5.8AI score0.00216EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.7 views

CVE-2026-31822

Sylius is an Open Source eCommerce Framework on Symfony. A cross-site scripting XSS vulnerability exists in the shop checkout login form handled by the ApiLoginController Stimulus controller. When a login attempt fails, AuthenticationFailureHandler returns a JSON response whose message field is...

6.1CVSS5.6AI score0.00179EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/25 12:26 a.m.6 views

SUSE CVE-2026-28683

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, if a malicious authenticated user uploads SVG and creates a hotlink for it, they can achieve stored XSS. This issue has been patched in version 2.2.3...

8.7CVSS5.7AI score0.00189EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/13 9:31 p.m.6 views

EUVD-2026-11955

Missing Authorization vulnerability in linknacional Payment Gateway Pix For GiveWP payment-gateway-pix-for-givewp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway Pix For GiveWP: from n/a through = 2.2.3...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/13 11:42 a.m.3 views

CVE-2026-32425 WordPress Payment Gateway Pix For GiveWP plugin <= 2.2.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in linknacional Payment Gateway Pix For GiveWP payment-gateway-pix-for-givewp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway Pix For GiveWP: from n/a through = 2.2.3...

5.8AI score0.00214EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/13 11:42 a.m.25 views

CVE-2026-32425 WordPress Payment Gateway Pix For GiveWP plugin <= 2.2.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in linknacional Payment Gateway Pix For GiveWP payment-gateway-pix-for-givewp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway Pix For GiveWP: from n/a through = 2.2.3...

5.3CVSS0.00214EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/11 12:12 a.m.5 views

Authorization Bypass Through User-Controlled Key

Overview sylius/sylius is a platform for PHP, based on Symfony framework. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via unvalidated resource IDs accepted through LiveArg parameters in multiple LiveComponents. An attacker can access...

7.1CVSS5.9AI score0.0029EPSS
Exploits0References2
OSV
OSV
added 2026/03/10 9:27 p.m.7 views

CVE-2026-31822 Sylius has a XSS vulnerability in checkout login form

Sylius is an Open Source eCommerce Framework on Symfony. A cross-site scripting XSS vulnerability exists in the shop checkout login form handled by the ApiLoginController Stimulus controller. When a login attempt fails, AuthenticationFailureHandler returns a JSON response whose message field is...

5.3CVSS5.6AI score0.00179EPSS
Exploits0References3
OSV
OSV
added 2026/03/10 6:28 p.m.6 views

GO-2026-4615 Gokapi has privilege escalation with auth token in github.com/forceu/gokapi

Gokapi has privilege escalation with auth token in github.com/forceu/gokapi. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...

5CVSS5.8AI score0.00137EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.11 views

Sylius 输入验证错误漏洞

Sylius is an open-source e-commerce platform developed by the Polish company Sylius, based on the Symfony framework. Sylius has a vulnerability related to input validation. This vulnerability arises from multiple controllers directly using the HTTP Referer header for redirection, which can lead t...

6.9CVSS5.8AI score0.00172EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.14 views

Sylius 安全漏洞

Sylius is an open-source e-commerce platform developed by the Polish company Sylius, based on the Symfony framework. There is a security vulnerability in Sylius. This vulnerability stems from the lack of validation for ownership in the POST /api/v2/shop/orders/tokenValue/items endpoint. As a...

6.9CVSS5.8AI score0.00182EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.13 views

Sylius 安全漏洞

Sylius is an open-source e-commerce platform developed by the Polish company Sylius, based on the Symfony framework. There is a security vulnerability in Sylius, which stems from unvalidated resource IDs in multiple stores using LiveComponents. This vulnerability may lead to insecure direct objec...

7.1CVSS5.8AI score0.0029EPSS
Exploits0References1
Rows per page
Query Builder