Lucene search
+L

303 matches found

NVD
NVD
added 2025/08/20 8:15 a.m.7 views

CVE-2025-49891

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in uxper Uxper Booking uxper-booking allows Blind SQL Injection.This issue affects Uxper Booking: from n/a through = 1.3.3...

8.5CVSS0.00309EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/20 8:3 a.m.15 views

CVE-2025-49891 WordPress Uxper Booking Plugin <= 1.3.3 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in uxper Uxper Booking uxper-booking allows Blind SQL Injection.This issue affects Uxper Booking: from n/a through = 1.3.3...

8.5CVSS0.00309EPSS
Exploits0References1
CVE
CVE
added 2025/08/20 8:3 a.m.25 views

CVE-2025-49891

CVE-2025-49891 is a SQL Injection vulnerability in the WordPress plugin Uxper Booking (uxper-booking) , allowing Blind SQL Injection. It affects versions up to and including 1.3.3 . The issue stems from improper neutralization of input in SQL commands, with CVSS 3.1 vector indicating network atta...

8.5CVSS5.9AI score0.00309EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/20 8:3 a.m.6 views

CVE-2025-49891 WordPress Contact Info Widget plugin <= 2.6.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in riotweb Contact Info Widget allows Stored XSS. This issue affects Contact Info Widget: from n/a through 2.6.2...

5.9CVSS6.9AI score0.00309EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/08/17 1:11 a.m.6 views

WordPress Contact Info Widget plugin <= 2.6.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Que Thanh Tuan Blue Rock in WordPress Plugin Contact Info Widget versions = 2.6.2...

5.9CVSS5.8AI score0.00309EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-32802

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root...

6.1CVSS6.3AI score0.00195EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-32803

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through...

4CVSS4.9AI score0.00212EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2025/07/16 12:0 a.m.13 views

VulnCheck KEV: CVE-2025-30567

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WP01 WP01 wp01 allows Path Traversal.This issue affects WP01: from n/a through = 2.6.2...

7.5CVSS5.8AI score0.02628EPSS
In wildExploits0References62
Cvelist
Cvelist
added 2025/07/10 9:22 p.m.11 views

CVE-2025-24798 Meshtastic crashes via an unimplemented routing module reply

Meshtastic is an open source mesh networking solution. From 1.2.1 until 2.6.2, a packet sent to the routing module that contains wantresponse==true causes a crash. This can lead to a degradation of service for nodes within range of a malicious sender, or via MQTT if downlink is enabled. This...

4.3CVSS0.00375EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/07/10 12:0 a.m.5 views

Meshtastic device firmware 安全漏洞

Meshtastic device firmware is a Meshtastic open source firmware for Meshtastic devices running open source, off-grid, decentralized mesh networks. A security vulnerability exists in Meshtastic device firmware version 1.2.1 through versions prior to 2.6.2, which stems from a possible crash when th...

6.5CVSS6.6AI score0.00375EPSS
Exploits1References5
OSV
OSV
added 2025/05/28 6:15 p.m.1 views

DEBIAN-CVE-2025-32803

In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8...

4CVSS5.1AI score0.00212EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/28 12:0 a.m.10 views

PT-2025-23105

Name of the Vulnerable Software and Affected Versions Kea versions 2.4.0 through 2.4.1 Kea versions 2.6.0 through 2.6.2 Kea versions 2.7.0 through 2.7.8 Description Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common...

7.8CVSS6AI score0.00233EPSS
Exploits0References43
RedhatCVE
RedhatCVE
added 2025/05/23 10:0 a.m.7 views

CVE-2024-29101

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jegtheme Jeg Elementor Kit allows Stored XSS.This issue affects Jeg Elementor Kit: from n/a through 2.6.2...

6.5CVSS5.2AI score0.00394EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:21 a.m.7 views

CVE-2024-1326

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML Tag attributes in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and abo...

6.4CVSS7.4AI score0.00505EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:15 a.m.8 views

CVE-2024-54323

Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through = 2.6.2...

5.4CVSS7.2AI score0.00319EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:15 a.m.7 views

CVE-2023-47519

Cross-Site Request Forgery CSRF vulnerability in WC Product Table WooCommerce Product Table Lite.This issue affects WooCommerce Product Table Lite: from n/a through 2.6.2...

8.8CVSS8AI score0.00294EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:11 a.m.11 views

CVE-2023-32580

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPExperts Password Protected plugin = 2.6.2 versions...

5.9CVSS5.6AI score0.00396EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:3 a.m.9 views

CVE-2023-36517

Cross-Site Request Forgery CSRF vulnerability in Kevon Adonis WP Abstracts plugin = 2.6.2 versions...

8.8CVSS7.1AI score0.00256EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 8:37 p.m.4 views

CVE-2021-35522

A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers to achieve code execution, denial of services, and information disclosure via TCP/IP packets...

9.8CVSS7.3AI score0.03657EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/14 11:25 p.m.9 views

CVE-2025-24797 Meshtastic incorrectly hands malformed packets leads to controlled buffer overflow

Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not...

9.4CVSS8.4AI score0.00861EPSS
Exploits2References1
Rows per page
Query Builder