Lucene search
+L

888 matches found

Patchstack
Patchstack
added 2025/12/24 9:56 a.m.7 views

WordPress Gift Hunt plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LIM MINHYOEK in WordPress Plugin Gift Hunt versions = 2.0.2...

5.4CVSS5.8AI score0.00172EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.12 views

PT-2025-53247

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ecommerce Platforms Gift Hunt gift-hunt allows Stored XSS.This issue affects Gift Hunt: from n/a through = 2.0.2...

5.4CVSS6AI score0.00172EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/12/17 10:18 p.m.15 views

WordPress Live Composer – Free WordPress Website Builder plugin <= 2.0.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Page Builder: Live Composer versions = 2.0.2...

6.4CVSS5.3AI score0.00201EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/12/12 3:20 a.m.29 views

CVE-2025-14119

CVE-2025-14119 applies to App Landing Template Blocks for WPBakery Page Builder (Visual Composer) for WordPress. It describes a stored Cross-Site Scripting vulnerability via the atvc_video_play shortcode attributes, affecting all versions up to and including 2.0.2. The issue requires an authentic...

6.4CVSS4.6AI score0.00189EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.6 views

WordPress plugin App Landing Template Blocks for WPBakery (Visual Composer) Page Builder 跨站脚本漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

6.4CVSS5.6AI score0.00189EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/10 3:13 p.m.6 views

CVE-2025-62738

Missing Authorization vulnerability in mmattax Formstack Online Forms formstack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formstack Online Forms: from n/a through = 2.0.2...

5.3CVSS7AI score0.00222EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/10 9:17 a.m.9 views

WordPress Scroller plugin <= 2.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Scroller versions = 2.0.2...

5.4CVSS7AI score0.00245EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.8 views

All-Dynamics Digital Signage System 跨站请求伪造漏洞

All-Dynamics Digital Signage System is a fully dynamic digital signage system from All-Dynamics, Germany. A cross-site request forgery vulnerability exists in All-Dynamics Digital Signage System version 2.0.2, which stems from a lack of request validation and could lead to a cross-site request...

8.8CVSS6.7AI score0.00233EPSS
Exploits1References4
EUVD
EUVD
added 2025/12/09 6:30 p.m.6 views

EUVD-2025-202022

Missing Authorization vulnerability in mmattax Formstack Online Forms formstack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formstack Online Forms: from n/a through = 2.0.2...

6.5AI score0.00222EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/09 4:42 p.m.7 views

CVE-2022-46845 WordPress Slider a SlidersPack plugin <= 2.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Essential Plugin Slider a SlidersPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider a SlidersPack: from n/a before 2.3...

5.3CVSS6.6AI score0.00213EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/09 2:52 p.m.4 views

CVE-2025-62738 WordPress Formstack Online Forms plugin <= 2.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in mmattax Formstack Online Forms formstack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formstack Online Forms: from n/a through = 2.0.2...

5.3CVSS6.6AI score0.00222EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.6 views

WordPress plugin Formstack Online Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A security...

5.3CVSS6.4AI score0.00222EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.9 views

PT-2025-50007

Missing Authorization vulnerability in mmattax Formstack Online Forms formstack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formstack Online Forms: from n/a through = 2.0.2...

7AI score0.00222EPSS
Exploits0References2
CVE
CVE
added 2025/11/26 5:59 p.m.14 views

CVE-2025-20373

CVE-2025-20373 affects the Splunk Add-on for Palo Alto Networks (versions below 2.0.2). The issue is that client secrets are exposed in plaintext in the _internal index during the addition of new “Data Security Accounts.” Exploitation would require local access to log files or administrative acce...

2.7CVSS6.2AI score0.00201EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/11/17 11:23 p.m.10 views

WordPress Coil Web Monetization plugin <= 2.0.2 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Sandeep Kambhampati in WordPress Plugin Coil Web Monetization versions = 2.0.2...

4.3CVSS7AI score0.00152EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.5 views

Advantech DeviceOn/iEdge 路径遍历漏洞

Advantech DeviceOn/iEdge is an edge device remote management and operation and maintenance platform from Advantech, Taiwan, China. A path traversal vulnerability exists in Advantech DeviceOn/iEdge, which can be exploited by an attacker to read arbitrary files or bypass authentication...

9.8CVSS5.9AI score0.00695EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/28 8:47 p.m.2 views

CVE-2025-62796 PrivateBin persistent HTML injection in attachment filename enables redirect and defacement

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Versions 1.7.7 through 2.0.1 allow persistent HTML injection via the unsanitized attachment filename attachmentname when attachments are enabled. An attacker can modify attachmentname before encryption so that,...

5.8CVSS6.9AI score0.00277EPSS
Exploits0References3
CVE
CVE
added 2025/10/28 8:47 p.m.23 views

CVE-2025-62796

CVE-2025-62796 concerns PrivateBin where Versions 1.7.7–2.0.1 allow persistent HTML injection via the unsanitized attachment_name when attachments are enabled. An attacker can modify the filename before encryption, causing unescaped HTML to be inserted near the file size hint after decryption, en...

5.8CVSS6.9AI score0.00277EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/28 8:47 p.m.8 views

EUVD-2025-36556

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Versions 1.7.7 through 2.0.1 allow persistent HTML injection via the unsanitized attachment filename attachmentname when attachments are enabled. An attacker can modify attachmentname before encryption so that,...

5.8CVSS6.8AI score0.00277EPSS
Exploits0References4
OSV
OSV
added 2025/10/28 8:47 p.m.5 views

CVE-2025-62796 PrivateBin persistent HTML injection in attachment filename enables redirect and defacement

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Versions 1.7.7 through 2.0.1 allow persistent HTML injection via the unsanitized attachment filename attachmentname when attachments are enabled. An attacker can modify attachmentname before encryption so that,...

5.8CVSS7.3AI score0.00277EPSS
Exploits0References5
Rows per page
Query Builder