Lucene search
+L

432 matches found

OSV
OSV
added 2026/03/13 7:7 p.m.5 views

CVE-2026-30955 Gokapi vulnerable to DoS in E2E Metadata Parser

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An API endpoint accepts unbounded request bodies without any size limit. An authenticated user can cause an OOM kill and complete service disruption for all users. This vulnerability is...

6.5CVSS5.8AI score0.00248EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/13 7:7 p.m.3 views

CVE-2026-30943 Gokapi has Privilege Escalation in File Replace

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insufficient authorization check in the file replace API allows a user with only list visibility permission UserPermListOtherUploads to delete another user's file by abusing the...

4.1CVSS5.8AI score0.00179EPSS
Exploits0References2
OSV
OSV
added 2026/03/13 7:7 p.m.5 views

CVE-2026-30943 Gokapi has Privilege Escalation in File Replace

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insufficient authorization check in the file replace API allows a user with only list visibility permission UserPermListOtherUploads to delete another user's file by abusing the...

4.1CVSS5.8AI score0.00179EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/13 3:5 p.m.4 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the buildStreamAuthOptions function. An attacker can access sensitive workflow execution data, configurations, logs, and queue status by sending unauthenticated requests to Server-Sent...

8.7CVSS6AI score0.00778EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/13 11:42 a.m.3 views

CVE-2026-32459 WordPress UpsellWP plugin <= 2.2.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Blind SQL Injection.This issue affects UpsellWP: from n/a through = 2.2.4...

5.8AI score0.00222EPSS
Exploits0References1
CVE
CVE
added 2026/03/13 11:42 a.m.11 views

CVE-2026-32459

The CVE describes an SQL Injection vulnerability (blind) in the WordPress UpsellWP plugin (checkout-upsell-and-order-bumps) affecting versions up to 2.2.4. Root cause: improper neutralization of special elements used in SQL commands. Impact stated as Blind SQL Injection, but no exploitation detai...

8.5CVSS5.8AI score0.00222EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.5 views

PT-2026-25303

🟠 CVE-2026-32459 - High Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Blind SQL Injection.This issue af... https://t.co/cgG00hiU3x https://t.co/E6pmdn1Kzn...

8.5CVSS5.8AI score0.00222EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.8 views

Gokapi 资源管理错误漏洞

Gokapi is a lightweight, self-hosted alternative to Firefox sending messages developed by Marc Bulling. Prior to version 2.2.4 of Gokapi, there was a resource management vulnerability. This vulnerability stemmed from the API endpoint accepting unlimited request bodies, which could potentially cau...

6.5CVSS7.3AI score0.00248EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.10 views

PT-2026-25358

Name of the Vulnerable Software and Affected Versions Gokapi versions prior to 2.2.4 Description Gokapi is a self-hosted file sharing server. The chunked upload completion path for file requests does not validate the total file size against the per-request MaxSize limit. An attacker with a public...

9.9CVSS7AI score0.22162EPSS
Exploits70References136
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.8 views

Gokapi 安全漏洞

Gokapi is a lightweight, self-hosted alternative to Firefox sending by Marc Bulling. Versions of Gokapi prior to 2.2.4 contained a security vulnerability, where the path for multipart uploads did not verify the total file size. This vulnerability could allow attackers to upload extremely large...

4.3CVSS7.3AI score0.00253EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/06 11:14 p.m.6 views

CVE-2020-37147

ATutor 2.2.4 contains a SQL injection vulnerability in the admin user deletion page that allows authenticated attackers to manipulate database queries through the 'id' parameter. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'id' parameter of the admindelete.php...

7.1CVSS5.8AI score0.00282EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.13 views

PT-2026-6821

Name of the Vulnerable Software and Affected Versions ATutor version 2.2.4 Description ATutor 2.2.4 has a SQL injection issue in the admin user deletion page. Authenticated attackers can manipulate database queries through the id parameter. Exploitation involves injecting malicious SQL code into...

7.1CVSS5.7AI score0.00282EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 10:50 a.m.14 views

CVE-2022-37265

Prototype pollution vulnerability in stealjs steal 2.2.4 via the alias variable in babel.js...

9.8CVSS6.8AI score0.01143EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:49 a.m.5 views

CVE-2022-37266

Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js...

9.8CVSS7AI score0.01094EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:49 a.m.7 views

CVE-2022-37257

Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the requestedVersion variable in npm-convert.js...

9.8CVSS7AI score0.01094EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.6 views

PT-2025-45267

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows PHP Local File Inclusion.This issue affects Premmerce Product Search for WooCommerce: from n/a through ...

7.5CVSS7.1AI score0.0042EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/10/30 3:12 p.m.6 views

WordPress Smart Coupons for WooCommerce plugin <= 2.2.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Smart Coupons for WooCommerce versions = 2.2.3...

4.3CVSS6.7AI score0.00198EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/30 9:16 a.m.8 views

CVE-2025-64289

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Stored XSS.This issue affects Premmerce Product Search for WooCommerce: from n/a through = 2.2.5...

5.9CVSS5.9AI score0.00166EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/29 9:30 a.m.6 views

EUVD-2025-36606

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Stored XSS.This issue affects Premmerce Product Search for WooCommerce: from n/a through = 2.2.4...

5.9CVSS5.5AI score0.00166EPSS
Exploits0References2
NVD
NVD
added 2025/10/29 9:15 a.m.9 views

CVE-2025-64290

Cross-Site Request Forgery CSRF vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Cross Site Request Forgery.This issue affects Premmerce Product Search for WooCommerce: from n/a through = 2.2.4...

4.3CVSS0.00117EPSS
Exploits0References1
Rows per page
Query Builder