Lucene search
K

2028 matches found

Vulnrichment
Vulnrichment
added 2026/05/28 3:18 p.m.8 views

CVE-2026-47760 TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs

TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. This...

8.7CVSS6AI score0.00191EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 3:18 p.m.26 views

CVE-2026-47760

CVE-2026-47760 affects TinyMCE before 7.1.0, where an XSS flaw arises from improper SVG namespace scope handling in the sanitizer. The issue allows a crafted payload using nested SVG elements to bypass attribute sanitization and execute arbitrary JavaScript. Affected versions are 6.8.0 up to, but...

8.7CVSS6AI score0.00191EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.17 views

PT-2026-44389

Name of the Vulnerable Software and Affected Versions TinyMCE versions 6.8.0 through 7.0.x Description An XSS Cross-Site Scripting issue exists due to improper SVG namespace scope handling within the sanitizer. An attacker can use a crafted payload with nested elements to bypass attribute...

8.7CVSS6AI score0.00191EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/27 9:12 p.m.13 views

Synfony's HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]

Description Symfony's IsGranted'...', IsSignatureValid, and IsCsrfTokenValid... attributes allow you to define a methods: ... argument to only enforce these checks for the listed HTTP methods and skip them otherwise. E.g. an attribute defining methods: 'GET' would be ignored for a HEAD request. O...

5.8AI score0.00052EPSS
Exploits0References7Affected Software3
Vulnrichment
Vulnrichment
added 2026/05/27 3:12 p.m.20 views

CVE-2026-49054 WordPress The Post Grid plugin <= 7.9.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Mamunur Rashid The Post Grid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Post Grid: from n/a through 7.9.2...

4.3CVSS5.8AI score0.00213EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/26 7:53 a.m.6 views

WordPress JobCareer theme <= 7.3 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Denver Jackson in WordPress Theme JobCareer versions = 7.3...

5.8AI score0.0046EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/05/25 2:30 p.m.25 views

CVE-2026-9466

Tiandy Easy7 Integrated Management Platform 7.17.0 contains an API Endpoint vulnerability in /rest/user/updateUserPassword, where input manipulation can lead to weak password recovery. The issue is exploitable remotely and has publicly disclosed exploit activity. No remediation details are provid...

6.9CVSS5.7AI score0.00352EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.9 views

TOTOLINK A8000RU 操作系统命令注入漏洞

The TOTOLINK A8000RU is a wireless router from China's Gion Electronics TOTOLINK. The Totolink A8000RU version 7.1cu.643b20200521 suffers from an OS command injection vulnerability that originates from the parameter of the function setFirewallType in the Web Management Interface component file...

10CVSS7.3AI score0.01732EPSS
Exploits0References5
NVD
NVD
added 2026/05/21 10:16 p.m.12 views

CVE-2026-4929

Simple Hierarchical Select SHS for Drupal 7 contains cross-site scripting risk due to improper output escaping of term-derived text. Confirmed affected paths include field formatter output shsfieldformatterview and term-tree child-term data generation shstermgetchildren. Malicious taxonomy term...

5.4CVSS0.00205EPSS
Exploits1References3
Fedora
Fedora
added 2026/05/21 12:57 a.m.14 views

[SECURITY] Fedora 44 Update: kernel-7.0.9-204.fc44

The kernel meta package...

5.8AI score
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux - уязвимость в libreoffice

In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so that it does not match the denylist, resulting in ShellExecute attempting to launch an executable file...

9.3CVSS7.4AI score0.0417EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 12:0 a.m.11 views

CVE-2026-36827

A command injection vulnerability exists in Panabit PAP-XM320 up to and including V7.7. The web management interface invokes the backend helper /usr/sbin/pappiw and passes user-controlled parameters to it. The helper performs unsafe argument processing using eval, which allows command injection...

5.4CVSS6AI score0.00743EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/19 12:0 a.m.7 views

CVE-2026-36828

A command injection vulnerability exists in the /cgi-bin/tools/ajaxcmd endpoint of Panabit PAP-XM320 up to and including v7.7. The CGI component allows authenticated users to execute arbitrary shell commands with root privileges via the action=runcmd parameter...

8.8CVSS6AI score0.01667EPSS
Exploits0References3
CVE
CVE
added 2026/05/19 12:0 a.m.12 views

CVE-2026-36829

CVE-2026-36829 affects Panabit PAP-XM320 (up to v7.7). The embedded HTTP server authenticates via a cookie-based value checked against the filesystem, using a user-controlled cookie without proper sanitization. This leads to a directory traversal scenario and authentication bypass, enabling bypas...

9.8CVSS5.8AI score0.01268EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/19 12:0 a.m.15 views

EUVD-2026-30953

An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check based on a user-controlled cookie value without proper sanitization, allowing directory traversal and...

9.8CVSS5.8AI score0.01268EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.16 views

PT-2026-41949

Name of the Vulnerable Software and Affected Versions Panabit PAP-XM320 versions prior to 7.8 Description A command injection issue exists in the web management interface, which invokes the backend helper /usr/sbin/pappiw and passes user-controlled parameters to it. The helper uses the eval...

5.4CVSS6.1AI score0.00743EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.12 views

PT-2026-41951

Name of the Vulnerable Software and Affected Versions Panabit PAP-XM320 versions prior to 7.8 Description An authentication bypass exists in the embedded HTTP server. The server validates session cookies by performing a filesystem existence check based on a user-controlled cookie value. Due to a...

9.8CVSS5.8AI score0.01268EPSS
Exploits0References5
OSV
OSV
added 2026/05/18 1:43 p.m.14 views

CLEANSTART-2026-DI23929 Security fixes for CVE-2014-0138, CVE-2014-0139, CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9594, CVE-2017-1000099, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000257, CVE-2017-2629, CVE-2017-7407, CVE-2017-7468, CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, CVE-2018-0500, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000300, CVE-2018-1000301, CVE-2018-14618, CVE-2018-16839, CVE-2018-16840, CVE-2018-16842, CVE-2018-16890, CVE-2019-3822, CVE-2019-3823, CVE-2019-5435, CVE-2019-5436, CVE-2019-5481, CVE-2019-5482, CVE-2020-8169, CVE-2020-8177, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2021-22876, CVE-2021-22890, CVE-2021-22898, CVE-2021-22901, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, CVE-2021-22945, CVE-2021-22946, CVE-2021-22947, CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-30115, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208, CVE-2022-32221, CVE-2022-35252, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916, CVE-2022-43551, CVE-2022-43552, CVE-2023-23914, CVE-2023-23915, CVE-2023-23916, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27537, CVE-2023-27538, CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, CVE-2023-38039, CVE-2023-38545, CVE-2023-38546, CVE-2023-46218, CVE-2023-46219, CVE-2024-0853, CVE-2024-11053, CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8096, CVE-2024-9681, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-10148, CVE-2025-4947, CVE-2025-5025, CVE-2025-5399, CVE-2025-9086 applied in versions: 7.36.0-r0, 7.50.1-r0, 7.50.2-r0, 7.50.3-r0, 7.51.0-r0, 7.52.1-r0, 7.53.0-r0, 7.53.1-r2, 7.54.0-r0, 7.55.0-r0, 7.56.1-r0, 7.57.0-r0, 7.59.0-r0, 7.60.0-r0, 7.61.0-r0, 7.61.1-r0, 7.62.0-r0, 7.64.0-r0, 7.65.0-r0, 7.66.0-r0, 7.71.0-r0, 7.72.0-r0, 7.74.0-r0, 7.76.0-r0, 7.77.0-r0, 7.78.0-r0, 7.79.0-r0, 7.83.0-r0, 7.83.1-r0, 7.84.0-r0, 7.85.0-r0, 7.86.0-r0, 7.87.0-r0, 7.88.0-r0, 8.0.0-r0, 8.1.0-r0, 8.10.0-r0, 8.11.0-r0, 8.11.1-r0, 8.12.0-r0, 8.14.0-r0, 8.14.1-r0, 8.15.0-r0, 8.3.0-r0, 8.4.0-r0, 8.5.0-r0, 8.6.0-r0, 8.7.1-r0, 8.9.0-r0, 8.9.1-r0

Multiple security vulnerabilities affect the curl package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS7.2AI score0.78483EPSS
Exploits80References243
CVE
CVE
added 2026/05/17 10:0 p.m.33 views

CVE-2026-8765

The CVE-2026-8765 entry concerns Kilo-Org kilocode up to version 7.0.47. It affects the Bun.file function in packages/opencode/src/kilocode/review/worktree-diff.ts of the File Diff API Endpoint. The underlying issue is a path traversal vulnerability caused by manipulating the File argument, allow...

6.5CVSS5.5AI score0.0058EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/05/17 7:16 a.m.41 views

CVE-2026-8736

A security flaw has been discovered in Oinone Pamirs up to 7.2.0. This vulnerability affects the function request.getParameter of the file LocalFileClient.java of the component RestController. Performing a manipulation of the argument uniqueFileName results in path traversal. The attack may be...

4.3CVSS0.00216EPSS
Exploits0References4
Rows per page
Query Builder