Lucene search
+L

131 matches found

cve
cve
added last week8 views

CVE-2026-6440

The CVE concerns the WordPress plugin GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference. A CSRF vulnerability exists in versions up to 1.1.8 due to missing nonce verification in reset_credential() for the wp_ajax_goodmeet_reset_google_meet_credential action. Although user...

4.3CVSS6AI score0.00168EPSS
Exploits0References8
attackerkb
attackerkb
added last week7 views

CVE-2026-12924

The Eventin – Event Calendar, Event Registration, Tickets & Booking AI Powered plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'etnfaqcontent' parameter in all versions up to, and including, 4.1.15 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS6.2AI score0.00206EPSS
Exploits0References9
snyk
snyk
added 2026/06/08 12:0 a.m.8 views

Cross-site Scripting (XSS)

Overview org.springframework:spring-webmvc is a package that provides Model-View-Controller MVC architecture and ready components that can be used to develop flexible and loosely coupled web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via...

6.9CVSS5.6AI score0.0014EPSS
Exploits0References2
redhat
redhat
added 2026/06/04 12:43 p.m.3 views

html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

A flaw was found in html/template. A trusted template author could craft a script tag with an empty or whitespace-only 'type' attribute. This vulnerability causes the template engine to incorrectly escape data passed into the script block, potentially leading to cross-site scripting XSS. An...

6.1CVSS6.2AI score0.00371EPSS
Exploits0References8
cnnvd
cnnvd
added 2026/06/04 12:0 a.m.8 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the lack of a bot mitigation mechanism in the /v1/account/register registration path, which may allow malicious automated syste...

9.1CVSS5.3AI score0.00243EPSS
Exploits0References1
nvd
nvd
added 2026/06/01 9:16 a.m.19 views

CVE-2026-8474

A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41, 4.8.0 to 4.8.15, 5.0.0 to 5.0.5 It is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim's machine. The risks include the theft of...

5.3CVSS0.00183EPSS
Exploits0References1
mscve
mscve
added 2026/05/27 8:3 a.m.19 views

Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna

...

10CVSS5.8AI score0.00478EPSS
Exploits0
ptsecurity
ptsecurity
added 2026/05/22 12:0 a.m.13 views

PT-2026-42720

Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website with a malicious default file path, and then conceal this form element...

8.2CVSS5.8AI score0.00276EPSS
Exploits0References2
nvd
nvd
added 2026/05/21 9:16 p.m.15 views

CVE-2026-8417

Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/doupdate/. The doupdate method in concrete/controllers/singlepage/dashboard/extend/update.php checks only canInstallPackages before executing upgradeCoreData and upgrade on the named...

8.8CVSS0.00122EPSS
Exploits0References1
osv
osv
added 2026/05/14 6:16 a.m.6 views

UBUNTU-CVE-2026-7481

GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to execute arbitrary JavaScript in other users' browsers due to improper input...

8.7CVSS6.1AI score0.00256EPSS
Exploits0References5
cvelist
cvelist
added 2026/05/11 8:34 p.m.35 views

CVE-2026-43877 WWBN AVideo: CSRF in userSavePhoto.php Allows Cross-Origin Overwrite of Any Logged-in User's Profile Photo with Arbitrary Bytes

WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/userSavePhoto.php is a legacy profile-photo endpoint that accepts a base64 POST parameter and writes the decoded bytes to videos/userPhoto/photo.png. Its only access control is User::isLogged. It does not...

5.4CVSS0.00121EPSS
Exploits0References2
snyk
snyk
added 2026/04/23 2:28 p.m.6 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the put function. An attacker can overwrite or create arbitrary files in the webroot by enticing a user to visit a malicious website, which then issues crafted PUT requests through the victim's browse...

7.1CVSS5.9AI score0.00165EPSS
Exploits1References2
cvelist
cvelist
added 2026/04/14 10:59 a.m.52 views

CVE-2026-2332 HTTP Request Smuggling via Chunked Extension Quoted-String Parsing

In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: https://w4ke.info/2025/06/18/funky-chunks.html https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty terminates chunk extension parsing...

7.4CVSS0.01127EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2026/04/02 12:0 a.m.9 views

PT-2026-29782

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the new cert name parameter to /manage/ca/certificate/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00092EPSS
Exploits0References3
github
github
added 2026/04/01 12:13 a.m.12 views

YesWiki has Persistent Blind XSS at "/?BazaR&vue=consulter"

Summary A stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected page, the JavaScript payload gets executed. Type: Stored an...

7.1CVSS6AI score0.00213EPSS
Exploits1References4Affected Software1
euvd
euvd
added 2026/03/21 6:30 a.m.5 views

EUVD-2026-14149

The Content Syndication Toolkit plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3 via the reduxp AJAX action in the bundled ReduxFramework library. The plugin registers a proxy endpoint wpajaxnoprivreduxp that is accessible to...

7.2CVSS5.9AI score0.00272EPSS
Exploits0References8
redhatcve
redhatcve
added 2026/03/09 8:2 a.m.5 views

CVE-2026-3710

A security vulnerability has been detected in code-projects Simple Flight Ticket Booking System 1.0. This impacts an unknown function of the file /Adminadd.php. The manipulation of the argument flightno/airplaneid/departure/dtime/arrival/atime/ec/ep/bc/bp leads to sql injection. Remote exploitati...

7.2CVSS5.7AI score0.00271EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/03/05 12:0 a.m.12 views

WordPress plugin Tooth Fairy 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.8AI score0.00519EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/02/19 8:27 a.m.2 views

CVE-2026-25386 WordPress Ally plugin <= 4.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Elementor Ally pojo-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ally: from n/a through = 4.0.2...

5.3CVSS5.5AI score0.00214EPSS
Exploits0References1
nvd
nvd
added 2026/02/02 11:16 p.m.5 views

CVE-2025-6596

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/portlets.Js, resources/skins.Vector.Legacy.Js/portlets.Js. This issue affects Vecto...

0.00386EPSS
Exploits0References1
Rows per page
Query Builder