Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1062 matches found

Cvelist
Cvelistadded 2026/03/21 12:46 p.m.23 views

CVE-2019-25556 TwistedBrush Pro Studio 24.06 Resize Image Denial of Service

TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a malicious string into the New Width or New Height field to trigger a buffer...

6.9CVSS0.0002EPSS
Exploits1References3
CVE
CVEadded 2026/03/21 12:46 p.m.5 views

CVE-2019-25556

CVE-2019-25556 concerns TwistedBrush Pro Studio 24.06. A denial-of-service vulnerability exists in the Resize Image function: supplying a maliciously long string in the New Width or New Height fields can trigger a buffer overflow and crash the application. The attack is local (no user interaction...

6.9CVSS6.1AI score0.0002EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/03/21 12:46 p.m.3 views

CVE-2019-25556

TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a malicious string into the New Width or New Height field to trigger a buffer...

6.9CVSS6.1AI score0.0002EPSS
Exploits1References3Affected Software1
EUVD
EUVDadded 2026/03/21 6:30 a.m.2 views

EUVD-2026-14156

The Wikilookup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Popup Width' setting in all versions up to, and including, 1.1.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.9AI score0.00039EPSS
Exploits0References4
EUVD
EUVDadded 2026/03/21 6:30 a.m.2 views

EUVD-2026-14001

The iVysilani Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' shortcode attribute in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6AI score0.00045EPSS
Exploits0References5
NVD
NVDadded 2026/03/21 4:17 a.m.1 views

CVE-2026-3354

The Wikilookup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Popup Width' setting in all versions up to, and including, 1.1.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00039EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/03/21 3:27 a.m.1 views

CVE-2026-3354 Wikilookup <= 1.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Popup Width' Setting

The Wikilookup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Popup Width' setting in all versions up to, and including, 1.1.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.9AI score0.00039EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/03/21 3:27 a.m.27 views

CVE-2026-3354 Wikilookup <= 1.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Popup Width' Setting

The Wikilookup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Popup Width' setting in all versions up to, and including, 1.1.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00039EPSS
Exploits0References3
CVE
CVEadded 2026/03/21 3:27 a.m.3 views

CVE-2026-3354

CVE-2026-3354 affects the Wikilookup plugin for WordPress. All versions up to 1.1.5 are vulnerable to Stored Cross-Site Scripting via the 'Popup Width' setting due to insufficient input sanitization and output escaping. Exploitation requires an authenticated attacker with Administrator-level acce...

4.4CVSS5.9AI score0.00039EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/03/21 3:27 a.m.5 views

CVE-2026-3354

The Wikilookup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Popup Width' setting in all versions up to, and including, 1.1.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.9AI score0.00039EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/03/21 3:26 a.m.0 views

CVE-2026-1851 iVysilani Shortcode <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'width' Shortcode Attribute

The iVysilani Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' shortcode attribute in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6AI score0.00045EPSS
Exploits0References4
CVE
CVEadded 2026/03/21 3:26 a.m.3 views

CVE-2026-1851

The CVE-2026-1851 entry relates to the iVysilani Shortcode plugin for WordPress. All versions up to and including 3.0 are vulnerable to Stored Cross‑Site Scripting via the width shortcode attribute due to insufficient input sanitization and output escaping. Authenticated attackers with Contributo...

6.4CVSS6AI score0.00045EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/03/21 3:26 a.m.1 views

CVE-2026-1851

The iVysilani Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' shortcode attribute in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6AI score0.00045EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/03/21 3:26 a.m.20 views

CVE-2026-1851 iVysilani Shortcode <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'width' Shortcode Attribute

The iVysilani Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' shortcode attribute in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00045EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/03/21 12:0 a.m.1 views

PT-2026-26854

The Wikilookup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Popup Width' setting in all versions up to, and including, 1.1.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.9AI score0.00039EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/03/21 12:0 a.m.1 views

PT-2026-26903

Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a large string of characters into the New Width or New Height field to trigger a buffer...

6.9CVSS6.1AI score0.00017EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2026/03/21 12:0 a.m.1 views

PT-2026-26818

The iVysilani Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' shortcode attribute in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6AI score0.00045EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/03/21 12:0 a.m.3 views

PT-2026-26901

TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a malicious string into the New Width or New Height field to trigger a buffer...

6.9CVSS6.1AI score0.0002EPSS
Exploits1References4
CNNVD
CNNVDadded 2026/03/21 12:0 a.m.2 views

Pixarra TwistedBrush Pro Studio 缓冲区错误漏洞

Pixarra TwistedBrush Pro Studio is a digital painting software developed by the American company Pixarra. Version 24.06 of Pixarra TwistedBrush Pro Studio has a buffer overflow vulnerability. This vulnerability arises from the excessive length of the buffer entered during the image size adjustmen...

6.9CVSS6AI score0.0002EPSS
Exploits1References3
CNNVD
CNNVDadded 2026/03/18 12:0 a.m.5 views

DiceBear 安全漏洞

DiceBear is an open-source library for generating random avatars. Versions of DiceBear prior to 9.4.0 contained a security vulnerability. This vulnerability stemmed from the ensureSize function, which read the width and height properties from the input SVG to determine the output canvas size. Thi...

7.5CVSS5.8AI score0.00063EPSS
Exploits0References3
Rows per page
Query Builder