Lucene search
K

1368 matches found

EUVD
EUVD
added 2026/03/16 3:30 p.m.3 views

EUVD-2025-208695

Browser caching of LAPS passwords in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin passwords...

6CVSS5.8AI score0.00145EPSS
Exploits0References2
NVD
NVD
added 2026/03/16 2:17 p.m.5 views

CVE-2025-15552

Insufficient Session Expiration in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password...

7.8CVSS0.00109EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/16 10:44 a.m.5 views

CVE-2025-15552 Long Session Lifetime in Truesec LAPSWebUI

Insufficient Session Expiration in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password...

6CVSS5.8AI score0.00109EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/16 10:44 a.m.28 views

CVE-2025-15552 Long Session Lifetime in Truesec LAPSWebUI

Insufficient Session Expiration in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password...

6CVSS0.00109EPSS
Exploits0References1
OSV
OSV
added 2026/03/11 2:19 a.m.4 views

CVE-2026-21297 Adobe Commerce | Incorrect Authorization (CWE-863)

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures an...

4.3CVSS6AI score0.0035EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/11 2:19 a.m.4 views

EUVD-2026-11056

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a URL Redirection to Untrusted Site 'Open Redirect' vulnerability. An attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issu...

3.1CVSS5.8AI score0.00233EPSS
Exploits0References1
OSV
OSV
added 2026/02/26 10:4 p.m.5 views

CVE-2026-27838 wger: IDOR via user-unscoped cache keys on routine API actions exposes workout data

wger is a free, open-source workout and fitness manager. Five routine detail action endpoints check a cache before calling self.getobject. In versions up to and including 2.4, ache keys are scoped only by pk — no user ID is included. When a victim has previously accessed their routine via the API...

3.1CVSS5.9AI score0.00245EPSS
Exploits1References4
Patchstack
Patchstack
added 2026/02/26 10:36 a.m.7 views

WordPress Welldone theme <= 2.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Welldone versions = 2.4...

8.1CVSS5.9AI score0.00337EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/02/19 7:17 a.m.6 views

CVE-2026-1043

The PostmarkApp Email Integrator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 2.4. This is due to insufficient input sanitization and output escaping on the pmaapikey and pmasenderaddress parameters. This makes it...

4.4CVSS0.00244EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/19 4:36 a.m.34 views

CVE-2026-1043 PostmarkApp Email Integrator <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings

The PostmarkApp Email Integrator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 2.4. This is due to insufficient input sanitization and output escaping on the pmaapikey and pmasenderaddress parameters. This makes it...

4.4CVSS0.00244EPSS
Exploits0References5
OSV
OSV
added 2026/02/07 10:8 a.m.11 views

RHSA-2026:1497 Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update

Bulletin has no description...

7.5CVSS7.3AI score0.02143EPSS
Exploits2References32
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.23 views

Adobe Commerce - Authentication Bypass

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high...

9.1CVSS6.9AI score0.96742EPSS
Exploits9References2
EUVD
EUVD
added 2026/02/01 12:15 p.m.6 views

EUVD-2021-34761

Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the 'id' parameter to execute malicious SQL commands and compromise the database management system...

8.6CVSS6.1AI score0.00315EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/01/29 9:33 p.m.7 views

WordPress TS Poll - Survey, Versus Poll, Image Poll, Video Poll plugin < 2.4.0 - Admin+ SQL Injection vulnerability

WordPress TS Poll - Survey, Versus Poll, Image Poll, Video Poll plugin 2.4.0 - Admin+ SQL Injection vulnerability discovered by Chu Quoc Khanh in WordPress Plugin TS Poll versions 2.4.0...

7.2CVSS5.9AI score0.02277EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/29 2:28 p.m.4 views

CVE-2020-36997 BacklinkSpeed 2.4 - Buffer Overflow PoC (SEH)

BacklinkSpeed 2.4 contains a buffer overflow vulnerability that allows attackers to corrupt the Structured Exception Handler SEH chain through malicious file import. Attackers can craft a specially designed payload file to overwrite SEH addresses, potentially executing arbitrary code and gaining...

9.8CVSS6.2AI score0.00365EPSS
Exploits0References4
CVE
CVE
added 2026/01/29 2:28 p.m.10 views

CVE-2020-36997

CVE-2020-36997 affects BacklinkSpeed 2.4 and describes a buffer overflow that allows an attacker to corrupt the Structured Exception Handler (SEH) chain via a malicious file import. A specially crafted payload file can overwrite SEH addresses, potentially enabling arbitrary code execution and con...

9.8CVSS6.2AI score0.00365EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/23 9:16 p.m.8 views

CVE-2025-68899

Deserialization of Untrusted Data vulnerability in designthemes Vivagh vivagh allows Object Injection.This issue affects Vivagh: from n/a through = 2.4...

8.8CVSS5.4AI score0.0037EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/22 4:52 p.m.4 views

CVE-2025-68899 WordPress Vivagh theme <= 2.4 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in designthemes Vivagh vivagh allows Object Injection.This issue affects Vivagh: from n/a through = 2.4...

8.8CVSS5.9AI score0.0037EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.12 views

PT-2026-4101

Name of the Vulnerable Software and Affected Versions designthemes Vivagh versions through 2.4 Description The software contains a flaw due to deserialization of untrusted data, which allows for object injection. This could potentially allow an attacker to compromise the system. Recommendations A...

5.5AI score0.0037EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.9 views

MiracleLinux 8 : httpd:2.4 (AXSA:2024-7691:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7691:01 advisory. httpd: modhttp2: CONTINUATION frames DoS CVE-2024-27316 Tenable has extracted the preceding description block directly from the MiracleLinux security advisor...

7.5CVSS7.7AI score0.91327EPSS
Exploits2References2
Rows per page
Query Builder