Vulnérabilités
Aggrégat CVE / GHSA / KEV / OSV — filtrage par étiquette et catégorie.
| ID | Titre | |
|---|---|---|
| CVE-2026-42775 |
|
Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.7.2 versions.
Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.7.2 versions.
|
| CVE-2026-42688 |
|
Subscriber Cross Site Scripting (XSS) in Modula Image Gallery <= 2.14.23 versions.
Subscriber Cross Site Scripting (XSS) in Modula Image Gallery <= 2.14.23 versions.
|
| CVE-2026-45437 |
|
XSS (Cross-Site Scripting) dans CVE-2026-45437 (CVE-2026-45437)
XSS dans CVE-2026-45437 (CVE-2026-45437). Risque d'opérations non autorisées ou de divulgation.
|
| CVE-2026-40770 |
|
Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5.3 versions.
Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5.3 versions.
|
| CVE-2026-40787 |
|
Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions.
Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions.
|
| CVE-2026-40791 |
|
Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions.
Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions.
|
| CVE-2026-41556 |
|
Subscriber Cross Site Scripting (XSS) in ProfilePress <= 4.16.13 versions.
Subscriber Cross Site Scripting (XSS) in ProfilePress <= 4.16.13 versions.
|
| CVE-2026-39540 |
|
Subscriber Cross Site Scripting (XSS) in Shipment Tracker for Woocommerce <= 1.5.3.2 versions.
Subscriber Cross Site Scripting (XSS) in Shipment Tracker for Woocommerce <= 1.5.3.2 versions.
|
| CVE-2026-40732 |
|
Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram <= 3.5 versions.
Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram <= 3.5 versions.
|
| CVE-2026-39463 |
|
Unauthenticated Cross Site Scripting (XSS) in ManageWP Worker <= 4.9.31 versions.
Unauthenticated Cross Site Scripting (XSS) in ManageWP Worker <= 4.9.31 versions.
|
| CVE-2026-39491 |
|
Subscriber Cross Site Scripting (XSS) in JupiterX Core <= 4.14.1 versions.
Subscriber Cross Site Scripting (XSS) in JupiterX Core <= 4.14.1 versions.
|
| CVE-2026-39449 |
|
Unauthenticated Cross Site Scripting (XSS) in Contact Form to Any API <= 3.0.3 versions.
Unauthenticated Cross Site Scripting (XSS) in Contact Form to Any API <= 3.0.3 versions.
|
| CVE-2026-39447 |
|
Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.10.6 versions.
Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.10.6 versions.
|
| CVE-2026-39507 |
|
Unauthenticated Cross Site Scripting (XSS) in Social Slider Feed <= 2.3.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Social Slider Feed <= 2.3.2 versions.
|
| CVE-2026-39451 |
|
Unauthenticated Cross Site Scripting (XSS) in WP Google Review Slider <= 18.0 versions.
Unauthenticated Cross Site Scripting (XSS) in WP Google Review Slider <= 18.0 versions.
|
| CVE-2026-39514 |
|
Unauthenticated Cross Site Scripting (XSS) in Paid Member Subscriptions <= 2.17.3 versions.
Unauthenticated Cross Site Scripting (XSS) in Paid Member Subscriptions <= 2.17.3 versions.
|
| CVE-2026-23970 |
|
Unauthenticated Cross Site Scripting (XSS) in Redirection for Contact Form 7 <= 3.2.8 versions.
Unauthenticated Cross Site Scripting (XSS) in Redirection for Contact Form 7 <= 3.2.8 versions.
|
| CVE-2025-68851 |
|
Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit <= 2.3 versions.
Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit <= 2.3 versions.
|
| CVE-2026-34902 |
|
Unauthenticated Cross Site Scripting (XSS) in WooCommerce Product Table Lite <= 4.6.3 versions.
Unauthenticated Cross Site Scripting (XSS) in WooCommerce Product Table Lite <= 4.6.3 versions.
|
| CVE-2025-68840 |
|
Unauthenticated Cross Site Scripting (XSS) in iRobots.txt SEO <= 1.1.2 versions.
Unauthenticated Cross Site Scripting (XSS) in iRobots.txt SEO <= 1.1.2 versions.
|
| CVE-2025-68872 |
|
XSS (Cross-Site Scripting) dans CVE-2025-68872 (CVE-2025-68872)
XSS dans CVE-2025-68872 (CVE-2025-68872). Risque d'opérations non autorisées ou de divulgation.
|
| CVE-2026-39435 |
|
Unauthenticated Cross Site Scripting (XSS) in CformsII <= 15.1.3 versions.
Unauthenticated Cross Site Scripting (XSS) in CformsII <= 15.1.3 versions.
|
| CVE-2026-34900 |
|
Unauthenticated Cross Site Scripting (XSS) in GiveWP <= 4.14.2 versions.
Unauthenticated Cross Site Scripting (XSS) in GiveWP <= 4.14.2 versions.
|
| CVE-2026-50883 |
|
XSS (Cross-Site Scripting) dans CVE-2026-50883 (CVE-2026-50883)
XSS dans CVE-2026-50883 (CVE-2026-50883). L'exploitation peut entraîner la prise de contrôle totale du système.
|
| CVE-2026-50876 |
|
XSS (Cross-Site Scripting) dans CVE-2026-50876 (CVE-2026-50876)
XSS dans CVE-2026-50876 (CVE-2026-50876). Risque d'opérations non autorisées ou de divulgation.
|
| CVE-2026-37216 |
|
Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the interface /system/notice/add.
Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the interface /system/notice/add.
|
| CVE-2026-36521 |
|
XSS (Cross-Site Scripting) dans CVE-2026-36521 (CVE-2026-36521)
XSS dans CVE-2026-36521 (CVE-2026-36521). Risque d'opérations non autorisées ou de divulgation.
|
| CVE-2026-49294 |
|
XSS (Cross-Site Scripting) dans CVE-2026-49294 (CVE-2026-49294)
XSS dans CVE-2026-49294 (CVE-2026-49294). Risque d'opérations non autorisées ou de divulgation.
|
| CVE-2026-54265 |
|
XSS (Cross-Site Scripting) dans @angular/compiler (CVE-2026-54265)
XSS dans @angular/compiler (CVE-2026-54265). Risque d'opérations non autorisées ou de divulgation. Exploitable via ``innerHTML``.
|
| CVE-2026-50557 |
|
XSS (Cross-Site Scripting) dans @angular/core (CVE-2026-50557)
XSS dans @angular/core (CVE-2026-50557). Risque d'opérations non autorisées ou de divulgation.
|
| CVE-2026-50556 |
|
XSS (Cross-Site Scripting) dans @angular/platform-server (CVE-2026-50556)
XSS dans @angular/platform-server (CVE-2026-50556). Risque d'opérations non autorisées ou de divulgation. Exploitable via ``domino``.
|
| CVE-2026-50555 |
|
XSS (Cross-Site Scripting) dans @angular/platform-server (CVE-2026-50555)
XSS dans @angular/platform-server (CVE-2026-50555). Risque d'opérations non autorisées ou de divulgation. Exploitable via ``domino``.
|
| CVE-2026-52725 |
|
XSS (Cross-Site Scripting) dans @angular/core (CVE-2026-52725)
XSS dans @angular/core (CVE-2026-52725). Risque d'opérations non autorisées ou de divulgation. Exploitable via ``createComponent``. Atténuation : mise à jour vers `20.3.22` ou plus.
|
| CVE-2025-15659 |
|
Contributor Cross Site Scripting (XSS) in Elizaibots <= 1.0.2 versions.
Contributor Cross Site Scripting (XSS) in Elizaibots <= 1.0.2 versions.
|
| CVE-2025-15658 |
|
Administrator Cross Site Scripting (XSS) in WP Emmet <= 0.3.4 versions.
Administrator Cross Site Scripting (XSS) in WP Emmet <= 0.3.4 versions.
|
| CVE-2026-54267 |
|
XSS (Cross-Site Scripting) dans @angular/core (CVE-2026-54267)
XSS dans @angular/core (CVE-2026-54267). Risque d'opérations non autorisées ou de divulgation. Exploitable via ``HttpClient``.
|
| CVE-2016-20084 |
|
XSS (Cross-Site Scripting) dans wordpress (CVE-2016-20084)
XSS dans wordpress (CVE-2016-20084). Risque d'opérations non autorisées ou de divulgation.
|
| CVE-2016-20070 |
|
XSS (Cross-Site Scripting) dans wordpress (CVE-2016-20070)
XSS dans wordpress (CVE-2016-20070). Risque d'opérations non autorisées ou de divulgation.
|
| CVE-2016-20066 |
|
XSS (Cross-Site Scripting) dans wordpress (CVE-2016-20066)
XSS dans wordpress (CVE-2016-20066). Risque d'opérations non autorisées ou de divulgation.
|
| CVE-2026-12202 |
|
XSS (Cross-Site Scripting) dans CVE-2026-12202 (CVE-2026-12202)
XSS dans CVE-2026-12202 (CVE-2026-12202). Risque d'opérations non autorisées ou de divulgation.
|
| CVE-2026-12176 |
|
XSS (Cross-Site Scripting) dans CVE-2026-12176 (CVE-2026-12176)
XSS dans CVE-2026-12176 (CVE-2026-12176). Risque d'opérations non autorisées ou de divulgation.
|
| CVE-2026-5513 |
|
XSS (Cross-Site Scripting) dans wordpress (CVE-2026-5513)
XSS dans wordpress (CVE-2026-5513). Risque d'opérations non autorisées ou de divulgation.
|
| CVE-2026-3297 |
|
XSS (Cross-Site Scripting) dans wordpress (CVE-2026-3297)
XSS dans wordpress (CVE-2026-3297). Risque d'opérations non autorisées ou de divulgation.
|
| CVE-2026-9629 |
|
XSS (Cross-Site Scripting) dans wordpress (CVE-2026-9629)
XSS dans wordpress (CVE-2026-9629). Risque d'opérations non autorisées ou de divulgation.
|
| CVE-2026-9134 |
|
XSS (Cross-Site Scripting) dans wordpress (CVE-2026-9134)
XSS dans wordpress (CVE-2026-9134). Risque d'opérations non autorisées ou de divulgation.
|
| CVE-2026-9061 |
|
XSS (Cross-Site Scripting) dans wordpress (CVE-2026-9061)
XSS dans wordpress (CVE-2026-9061). Risque d'opérations non autorisées ou de divulgation. Exploitable via ``unfiltered_html``.
|
| CVE-2026-9109 |
|
XSS (Cross-Site Scripting) dans wordpress (CVE-2026-9109)
XSS dans wordpress (CVE-2026-9109). Risque d'opérations non autorisées ou de divulgation.
|
| CVE-2026-11443 |
|
XSS (Cross-Site Scripting) dans CVE-2026-11443 (CVE-2026-11443)
XSS dans CVE-2026-11443 (CVE-2026-11443). Risque d'opérations non autorisées ou de divulgation.
|
| CVE-2026-53608 |
|
XSS (Cross-Site Scripting) dans CVE-2026-53608 (CVE-2026-53608)
XSS dans CVE-2026-53608 (CVE-2026-53608). Des informations confidentielles peuvent être exposées. Exploitable via ``seoGoogleTrackingId``.
|
| CVE-2026-54395 |
|
XSS (Cross-Site Scripting) dans CVE-2026-54395 (CVE-2026-54395)
XSS dans CVE-2026-54395 (CVE-2026-54395). Risque d'opérations non autorisées ou de divulgation.
|