Lucene search
K

1396 matches found

CNNVD
CNNVD
added 2026/02/20 12:0 a.m.12 views

WordPress plugin amr cron manager 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

7.1CVSS5.6AI score0.00175EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.7 views

lily 资源管理错误漏洞

Lily is a programming language developed by FascinatedBox’s individual developers. Versions of Lily prior to 2.3 contained a resource management vulnerability, which stems from the reuse of resources after release, potentially leading to local memory corruption...

7.8CVSS5.8AI score0.00209EPSS
Exploits1References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/02 6:36 a.m.9 views

Security Bulletin: Arbitrary Code Execution in Logback-Core via Conditional Configuration Processing, affects watsonx.data

Summary QOS.CH logback-core up to and including version 1.5.18 is vulnerable to arbitrary code execution due to unsafe conditional configuration file processing. An attacker with existing privileges can exploit this by modifying an existing Logback configuration file or injecting a malicious...

7CVSS6.7AI score0.00181EPSS
Exploits0Affected Software1
Debian CVE
Debian CVE
added 2026/01/29 5:21 p.m.6 views

CVE-2026-24413

Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the %ProgramData%\icinga2\var folder on Windows. This resulted in the its contents - including the private key of the...

6.8CVSS5.3AI score0.00068EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/01/26 5:43 p.m.5 views

CVE-2020-36960

Forma LMS 2.3 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into user profile first and last name fields. Attackers can craft scripts like '' to execute arbitrary JavaScript when the profile is viewed by other users...

6.4CVSS6AI score0.00195EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/22 4:51 p.m.3 views

CVE-2025-49045 WordPress Super Interactive Maps plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in highwarden Super Interactive Maps super-interactive-maps allows Reflected XSS.This issue affects Super Interactive Maps: from n/a through = 2.3...

7.1CVSS5.9AI score0.00237EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.11 views

WordPress plugin super-interactive-maps has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. Versions of...

7.1CVSS5.7AI score0.00237EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/15 5:22 p.m.7 views

CVE-2026-22708

Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can still be executed without appearing in the allowlist and without requiring user approval. This allows an attacker via...

9.8CVSS7.4AI score0.00537EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/14 4:43 p.m.14 views

CVE-2026-22708 Cursor has a Terminal Tool Allowlist Bypass via Environment Variables

Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can still be executed without appearing in the allowlist and without requiring user approval. This allows an attacker via...

9.2CVSS7AI score0.00537EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:26 a.m.5 views

CVE-2023-4754

Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV...

5.5CVSS6.7AI score0.00267EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:26 a.m.8 views

CVE-2023-4679

A use after free vulnerability exists in GPAC version 2.3-DEV-revrelease, specifically in the gffilterpacketdel function in filtercore/filter.c at line 38. This vulnerability can lead to a double-free condition, which may cause the application to crash...

5.9CVSS6.7AI score0.00272EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:25 a.m.6 views

CVE-2023-4778

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV...

5.9CVSS6.7AI score0.00253EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:25 a.m.6 views

CVE-2023-4681

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV...

5.5CVSS6.7AI score0.00295EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:25 a.m.9 views

CVE-2023-4755

Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV...

5.5CVSS6.8AI score0.00267EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:25 a.m.6 views

CVE-2023-4720

Floating Point Comparison with Incorrect Operator in GitHub repository gpac/gpac prior to 2.3-DEV...

5.5CVSS6.8AI score0.00296EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:3 a.m.17 views

CVE-2024-39688

Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the datadir variable is concatenated with other folders and used to open a new file in the generateconfig function, which leads to a limited file write. The issue allows for writing /config/config.json file in arbitra...

6.5CVSS6.5AI score0.00501EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:33 a.m.18 views

CVE-2019-7872

An insecure direct object reference IDOR vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to insufficient authorizations checks. This can be abused by a user with admin privileges to add users to company accounts or modify existing us...

6.5CVSS6.6AI score0.00897EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/06 12:0 a.m.6 views

PT-2026-1535

Name of the Vulnerable Software and Affected Versions versions prior to 2.3 Description A memory corruption issue exists when handling sensor utility operations. The issue could potentially affect a large number of devices worldwide, though a specific number is not provided. The vulnerability lie...

6.7CVSS6.6AI score0.00054EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/06 12:0 a.m.5 views

PT-2026-1531

Name of the Vulnerable Software and Affected Versions versions prior to 2.3 Description A memory corruption issue exists when performing sensor register read operations. The issue could potentially allow for unexpected behavior or compromise of the system. Recommendations At the moment, there is ...

6.7CVSS6.5AI score0.00075EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/29 12:0 a.m.8 views

PT-2025-53714

Name of the Vulnerable Software and Affected Versions GreenCMS versions prior to 2.3 Description A flaw exists in GreenCMS up to version 2.3 within the File Handler component, specifically in the /DataController.class.php file. Manipulation of the sqlFiles/zipFiles argument can lead to path...

6.5CVSS6.2AI score0.00574EPSS
Exploits1References11
Rows per page
Query Builder