Lucene search
K

5 matches found

Cvelist
Cvelist
added 2026/05/19 10:29 p.m.40 views

CVE-2026-8495 Date iCal - Critical - Information disclosure - SA-CONTRIB-2026-037

Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affects Date iCal: from 0.0.0 before 4.0.15...

0.00369EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress WhyDonate - FREE Donate button - Crowdfunding - Fundraising plugin <= 4.0.15 - Missing Authorization to Unauthenticated wp_wdplugin_style Rww Deletion vulnerability

WordPress WhyDonate - FREE Donate button - Crowdfunding - Fundraising plugin = 4.0.15 - Missing Authorization to Unauthenticated wpwdpluginstyle Rww Deletion vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Whydonate versions = 4.0.15...

5.3CVSS5.5AI score0.00332EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/12/29 10:12 p.m.3 views

EUVD-2025-205601

phpMyFAQ has Stored XSS in user list via admin-managed displayname...

5.4CVSS5.6AI score0.0023EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/02/16 12:0 a.m.7 views

PT-2025-7229 · What3Words · What3Words Address Field

Name of the Vulnerable Software and Affected Versions: what3words Address Field versions n/a through 4.0.15 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in the what3words Address Field. This means an attacker can perform unauthorized actions on ...

7.1CVSS9.1AI score0.00135EPSS
Exploits0References6
OSV
OSV
added 2014/03/14 4:55 p.m.5 views

UBUNTU-CVE-2013-2040

Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.8AI score0.01152EPSS
Exploits0References3
Rows per page
Query Builder