Lucene search
K

455 matches found

EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42786

The WP Hotel Booking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'checkindate' and 'checkoutdate' parameters in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...

6.1CVSS6.1AI score0.00254EPSS
Exploits0References9
CVE
CVE
added 2026/07/07 9:2 p.m.11 views

CVE-2026-55408

Summary : CVE-2026-55408 affects Koodo Reader

8.4CVSS6.8AI score0.00188EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 12:17 p.m.3 views

CVE-2026-57366

Unauthenticated Cross Site Scripting XSS in WPAdverts = 2.3.1 versions...

7.1CVSS0.00191EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 6:0 a.m.24 views

CVE-2026-9822

The CVE-2026-9822 entry concerns the WP Hotel Booking WordPress plugin prior to version 2.3.1. Root cause: missing capability checks in several AJAX handlers. Impact: authenticated users with Subscriber-level access can read other users’ booking line items, enumerate active coupons, and read pric...

6.5CVSS5.8AI score0.00201EPSS
Exploits0References1
NVD
NVD
added 2026/06/02 8:16 p.m.22 views

CVE-2019-25721

Dräger Infinity M300 patient worn monitors with software version VG2.3.1 and earlier contain a network-based denial of service vulnerability that allows network-adjacent attackers to repeatedly trigger device reboots by sending malicious requests over the Infinity Network. Attackers can exploit...

7.1CVSS0.00187EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 5:29 p.m.14 views

EUVD-2019-20157

Dräger Infinity M300 patient worn monitors with software version VG2.3.1 and earlier contain a network-based denial of service vulnerability that allows network-adjacent attackers to repeatedly trigger device reboots by sending malicious requests over the Infinity Network. Attackers can exploit...

7.1CVSS5.8AI score0.00187EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.10 views

Unity Linux 20.1060e / 20.1070e Security Update: wildfly-security-manager (UTSA-2026-016673)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016673 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...

5.9CVSS7AI score0.99999EPSS
Exploits20References4
Cvelist
Cvelist
added 2026/05/21 7:29 p.m.38 views

CVE-2026-4843 GSheet For Woo Importer <= 2.3.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Reset

The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the processajaxrestoreaction function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS0.00192EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/08 10:51 p.m.11 views

CVE-2026-42451 Grimmory: Stored XSS via Malicious EPUB Enables Session Token Theft

Grimmory is a self-hosted digital library. Prior to version 2.3.1, a stored cross-site scripting XSS vulnerability in Grimmory's browser-based EPUB reader allows an attacker to embed arbitrary JavaScript in a crafted EPUB file. When a victim opens the book, the script executes in their browser wi...

6.3CVSS5.7AI score0.00136EPSS
Exploits0References2
CVE
CVE
added 2026/05/08 10:51 p.m.19 views

CVE-2026-42451

Grimmory (self-hosted digital library) has a stored XSS vulnerability in its browser-based EPUB reader affecting versions prior to 2.3.1. An attacker can embed arbitrary JavaScript in a crafted EPUB, which executes in the victim’s browser with the Grimmory session context, enabling session token ...

6.3CVSS5.7AI score0.00136EPSS
Exploits0References2
OSV
OSV
added 2026/05/08 10:51 p.m.2 views

CVE-2026-42451 Grimmory: Stored XSS via Malicious EPUB Enables Session Token Theft

Grimmory is a self-hosted digital library. Prior to version 2.3.1, a stored cross-site scripting XSS vulnerability in Grimmory's browser-based EPUB reader allows an attacker to embed arbitrary JavaScript in a crafted EPUB file. When a victim opens the book, the script executes in their browser wi...

6.3CVSS5.8AI score0.00136EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.16 views

PT-2026-39217

Name of the Vulnerable Software and Affected Versions Grimmory versions prior to 2.3.1 Description A stored cross-site scripting XSS issue in the browser-based EPUB reader allows an attacker to embed arbitrary JavaScript within a crafted EPUB file. When a user opens the affected book, the script...

6.3CVSS5.8AI score0.00136EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/07 12:0 a.m.8 views

CVE-2025-67202

Sidekiq-cron thru 2.3.1, an open-source scheduling add-on for Sidekiq, is vulnerable to a cross-site scripting xss vulnerability via crafted URL being rended from cron.erb...

5.6AI score0.00194EPSS
Exploits0References2
OSV
OSV
added 2026/05/05 9:51 p.m.7 views

GHSA-3H96-34P3-XM76 GraphQL-Ruby's Ruby lexer does not count comment tokens for the purposes of max_query_string_tokens

GraphQL-Ruby's maxquerystringtokens configuration didn't count comment tokens against the limit, allowing strings to be processed even after the configured maximum had actually been reached. In patched versions, the Ruby lexer does count these tokens. GraphQL-CParser is not affected by this...

5.3CVSS5.8AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 2:3 p.m.8 views

Security Bulletin: There is a vulnerability in picomatch-2.3.1.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-33671)

Summary There is a vulnerability in picomatch-2.3.1.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regula...

7.5CVSS6.1AI score0.00412EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/01 9:32 a.m.8 views

WordPress Custom PHP Settings plugin <= 2.3.1 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Custom PHP Settings versions = 2.3.1...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 6:2 a.m.7 views

Security Bulletin: Use-After-Free Vulnerability in c-ares read_answers() Function (v1.32.3–v1.34.4) affects watsonx.data

Summary CVE-2025-31498 - A use-after-free vulnerability exists in c-ares v1.32.3–v1.34.4 within the readanswers function. It can occur when processanswer re-enqueues queries under certain DNS conditions, potentially leading to crashes or unexpected behavior. This can affect watsonx.data...

8.3CVSS6.7AI score0.00577EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/04/09 12:31 p.m.20 views

EUVD-2026-20880

Mattermost Plugins versions =2.3.1 fail to limit the request body size on the /lifecycle webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00610...

3.7CVSS5.9AI score0.00311EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.7 views

SUSE CVE-2026-33344

Dagu is a workflow engine with a built-in Web user interface. From version 2.0.0 to before version 2.3.1, the fix for CVE-2026-27598 added ValidateDAGName to CreateNewDAG and rewrote generateFilePath to use filepath.Base. This patched the CREATE path. The remaining API endpoints - GET, DELETE,...

8.1CVSS5.8AI score0.00469EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/24 7:23 p.m.8 views

CVE-2026-33344

Dagu is a workflow engine with a built-in Web user interface. From version 2.0.0 to before version 2.3.1, the fix for CVE-2026-27598 added ValidateDAGName to CreateNewDAG and rewrote generateFilePath to use filepath.Base. This patched the CREATE path. The remaining API endpoints - GET, DELETE,...

8.1CVSS5.7AI score0.00571EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder