Lucene search
+L

369 matches found

OSV
OSV
added 2025/06/26 9:31 p.m.5 views

GHSA-8HCX-XVWW-6C6H Magento Security feature bypass

Magento versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access...

4.3CVSS6.7AI score0.0031EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/06/24 12:14 p.m.6 views

WordPress Homey theme <= 2.4.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Aiden in WordPress Theme Homey versions = 2.4.7...

9.3CVSS8.1AI score0.00275EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/06/10 4:15 p.m.3 views

CVE-2025-27207

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized re...

6.5CVSS5.8AI score0.00442EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.10 views

Adobe Commerce 访问控制错误漏洞

Adobe Commerce is a leading global digital commerce solution for merchants and brands from Adobe USA. An access control error vulnerability exists in Adobe Commerce that stems from an improper access control issue that could result in elevation of privilege. The following versions are affected:...

8.1CVSS6.4AI score0.0048EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:39 a.m.9 views

CVE-2024-7801

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Microchip TimeProvider 4100 Data plot modules allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...

6.5CVSS7.7AI score0.00843EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:19 a.m.11 views

CVE-2024-32782

Insertion of Sensitive Information Into Sent Data vulnerability in DevItems HT Mega ht-mega-for-elementor.This issue affects HT Mega: from n/a through = 2.4.7...

6.5CVSS5.9AI score0.00871EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/23 12:0 a.m.5 views

TinyFileManager 安全漏洞

TinyFileManager is a web-based file manager. It is used for storing, uploading, editing and managing files and folders online via a web browser. A security vulnerability exists in TinyFileManager version v2.4.7, which stems from a stored cross-site scripting vulnerability that could lead to the...

6.1CVSS5.9AI score0.00241EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/05/22 10:58 p.m.6 views

CVE-2022-3269

Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7...

9.8CVSS6.7AI score0.00727EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:23 p.m.6 views

CVE-2021-24758

The Email Log WordPress plugin before 2.4.7 does not properly validate, sanitise and escape the "orderby" and "order" GET parameters before using them in SQL statement in the admin dashboard, leading to SQL injections...

8.8CVSS7.1AI score0.01292EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:18 p.m.9 views

CVE-2020-21244

An issue was discovered in FrontAccounting 2.4.7. There is a Directory Traversal vulnerability that can empty folder via admin/instlang.php...

5.5CVSS6.9AI score0.01013EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 8:36 a.m.5 views

CVE-2019-15317

The give plugin before 2.4.7 for WordPress has XSS via a donor name...

5.4CVSS5.9AI score0.01194EPSS
Exploits1References1
OSV
OSV
added 2025/04/22 1:15 a.m.9 views

AZL-60894 CVE-2024-58250 affecting package ppp 2.4.7-36

The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges...

9.3CVSS5.7AI score0.00208EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/17 3:48 p.m.19 views

CVE-2025-24548 WordPress Autoglot – Automatic WordPress Translation plugin <=2.4.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Autoglot Autoglot – Automatic WordPress Translation autoglot allows Reflected XSS.This issue affects Autoglot – Automatic WordPress Translation: from n/a through = 2.4.7...

7.1CVSS0.00257EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/17 12:0 a.m.5 views

WordPress plugin Autoglot – Automatic WordPress Translation 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress plugin Autoglot - Automatic WordPress...

7.1CVSS6.1AI score0.00257EPSS
Exploits0References1
OSV
OSV
added 2025/04/08 9:15 p.m.5 views

CVE-2025-27189

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by a Cross-Site Request Forgery CSRF vulnerability that could be exploited to cause a denial-of-service condition. An attacker could trick a logged-in user into submitting a forged request to th...

4.3CVSS5.8AI score0.00968EPSS
Exploits0References1
OSV
OSV
added 2025/02/28 9:15 a.m.4 views

CVE-2024-8420

The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on site...

9.8CVSS7.3AI score0.00505EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/28 8:23 a.m.15 views

CVE-2024-8420 DHVC Form <= 2.4.7 - Unauthenticated Privilege Escalation

The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on site...

9.8CVSS0.00505EPSS
Exploits0References2
CVE
CVE
added 2025/02/28 8:23 a.m.68 views

CVE-2024-8420

The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to and including 2.4.7. The root cause is that the plugin allows a user to supply the 'role' field when registering, permitting unauthenticated attackers to register as an administrator on sites. Impact is...

9.8CVSS9.6AI score0.00505EPSS
In wildExploits0References2Affected Software1
Patchstack
Patchstack
added 2025/02/27 11:35 p.m.5 views

WordPress DHVC Form plugin <= 2.4.7 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Tonn in WordPress Plugin DHVC Form versions = 2.4.7...

9.8CVSS7AI score0.00505EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2025/02/11 6:31 p.m.5 views

Improper Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Improper Authorization. An attacker can bypass security measures and gain unauthorized access by exploiting this vulnerability. Remediation Upgrade magento/community-editio...

9.3CVSS7AI score0.16505EPSS
Exploits0References2
Rows per page
Query Builder