Lucene search
K

1366 matches found

Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.9 views

PT-2026-2843

The Electric Studio Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5AI score0.00207EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.6 views

MiracleLinux 4 : spice-xpi-2.4-1.AXS4.2 (AXSA:2011-154:01)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2011-154:01 advisory. SPICE extension for mozilla allows the client to be used from a web browser. Security issues fixed with this release: CVE-2011-0012 CVE-2011-1179 No...

5.1CVSS7.3AI score0.03889EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/01/13 7:32 a.m.10 views

WordPress Vivagh theme <= 2.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Vivagh versions = 2.4...

8.8CVSS7.3AI score0.0037EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/01/13 12:0 a.m.3 views

OPENSUSE-SU-2026:10041-1 libsoup-2_4-1-2.74.3-14.1 on GA media

These are all security issues fixed in the libsoup-24-1-2.74.3-14.1 package on the GA media of openSUSE Tumbleweed...

8.6CVSS5.8AI score0.00557EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.3 views

MiracleLinux 7 : httpd-2.4.6-99.1.0.10.el7.AXS7 (AXSA:2025-10901:08)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10901:08 advisory. CVE-2024-47252: escape user-supplied data in modssl to prevent untrusted SSL/TLS clients from inserting escape characters into log files...

7.5CVSS7.3AI score0.00669EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 12:34 p.m.8 views

CVE-2023-31576

An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file...

8.8CVSS7.6AI score0.01062EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:35 a.m.7 views

CVE-2021-41920

webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sorcible, sorchamps, and sorordre HTTP POST parameters. This allows an attacker to access all the data in the database and obtain...

7.5CVSS8.2AI score0.01673EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:16 a.m.8 views

CVE-2019-2735

Vulnerability in the Oracle Hyperion Workspace component of Oracle Hyperion subcomponent: UI and Visualization. The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Workspace...

3.5CVSS4.4AI score0.00874EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:12 a.m.6 views

CVE-2019-11814

An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. There is persistent XSS via image names in titles, as demonstrated by a screenshot...

6.1CVSS5.8AI score0.00809EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:18 a.m.6 views

CVE-2025-23816

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in metaphorcreations Metaphor Widgets allows Stored XSS. This issue affects Metaphor Widgets: from n/a through 2.4...

6.5CVSS8.6AI score0.00357EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:17 a.m.5 views

CVE-2025-14122

The AD Sliding FAQ plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slidingfaq' shortcode in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

6.4CVSS5AI score0.00279EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:2 a.m.5 views

CVE-2023-25999

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in snstheme BodyCenter - Gym, Fitness WooCommerce WordPress Theme allows PHP Local File Inclusion. This issue affects BodyCenter - Gym, Fitness WooCommerce WordPress Theme: from n/a...

8.1CVSS7.9AI score0.00519EPSS
Exploits0References1
OSV
OSV
added 2026/01/09 12:0 a.m.7 views

CVE-2025-67004

Disputed An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary files via traversing directories back after back. It can Disclosure the source code or any other confidential information if weaponize accordingly. NOTE: A community member states that this is n...

6.5CVSS5.9AI score0.05559EPSS
Exploits1References5
CVE
CVE
added 2026/01/09 12:0 a.m.26 views

CVE-2025-67004

CouchCMS 2.4 has a reported information-disclosure vulnerability where an Admin can read arbitrary files via directory traversal. Affected component/condition: CouchCMS 2.4; impact is confidentiality (C:H) with no impact on integrity or availability per sources. Root cause is described as a direc...

6.5CVSS5.9AI score0.05559EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/09 12:0 a.m.5 views

CVE-2025-67004

Disputed An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary files via traversing directories back after back. It can Disclosure the source code or any other confidential information if weaponize accordingly. NOTE: A community member states that this is n...

5.9AI score0.05559EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.11 views

PT-2026-1868

Name of the Vulnerable Software and Affected Versions CouchCMS version 2.4 Description An information disclosure issue exists in CouchCMS version 2.4. An administrator user can potentially read arbitrary files by traversing directories. This could lead to the disclosure of source code or other...

6.5CVSS6.2AI score0.05559EPSS
Exploits1References6
NVD
NVD
added 2026/01/08 10:15 a.m.5 views

CVE-2025-67935

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Optimize optimizewp allows PHP Local File Inclusion.This issue affects Optimize: from n/a through 2.4...

8.1CVSS0.00434EPSS
Exploits0References1
CVE
CVE
added 2026/01/08 9:17 a.m.17 views

CVE-2025-67935

CVE-2025-67935 relates to the Mikado-Themes Optimize/optimizewp WordPress theme. The issue is Local File Inclusion via Improper Control of Filename for Include/Require in PHP, enabling an attacker to include local PHP files. Affected: Optimize theme versions before 2.4. Impact is consistent with ...

8.1CVSS6.7AI score0.00434EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.4 views

WordPress plugin Optimize 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

8.1CVSS6.7AI score0.00434EPSS
Exploits0References1
NVD
NVD
added 2026/01/07 12:16 p.m.5 views

CVE-2025-14904

The Newsletter Email Subscribe plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4. This is due to incorrect nonce validation on the nelssettingspage function. This makes it possible for unauthenticated attackers to update plugin settings via a...

4.3CVSS0.00102EPSS
Exploits0References2
Rows per page
Query Builder