Lucene search
K

98 matches found

NVD
NVD
added 2026/06/17 1:20 p.m.15 views

CVE-2026-39438

Unauthenticated SQL Injection in ListingPro = 2.9.10 versions...

9.3CVSS0.00372EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 12:11 p.m.33 views

CVE-2026-9509 Uncaught exception vulnerability in Suprema's BioStar

An unhandled exception in Suprema BioStar 2 Server, versions 2.9.8, 2.9.10, and 2.9.11, that allows an unauthenticated remote attacker to cause a denial of service DoS by sending HTTP POST requests to the ‘/api/migration’ endpoint. This request triggers a failure that halts critical processes,...

8.7CVSS0.00351EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 12:11 p.m.30 views

CVE-2026-9509

CVE-2026-9509 affects Suprema BioStar 2 Server (versions 2.9.8, 2.9.10, 2.9.11). An unhandled exception triggered by unauthenticated HTTP POST requests to the /api/migration endpoint can cause a denial of service, halting critical processes and leaving the system offline until services or the ser...

8.7CVSS5.9AI score0.00351EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 5:32 p.m.14 views

CVE-2026-44183

CVE-2026-44183 affects Cleanuparr prior to 2.9.10. The vulnerability arises because TrustedNetworkAuthenticationHandler.ResolveClientIp uses the leftmost entry of the X-Forwarded-For header as the client IP, which is attacker-controlled since X-Forwarded-For is append-only. An unauthenticated rem...

9.8CVSS5.8AI score0.00222EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.10 views

PT-2026-40330

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNetworkAuthenticationHandler.ResolveClientIp parses the leftmost entry of the X-Forwarded-For header as the client IP. That entr...

9.8CVSS5.8AI score0.00222EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/04 12:0 a.m.8 views

VulnCheck KEV: CVE-2025-64377

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CridioStudio ListingPro listingpro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through 2.9.10...

8.1CVSS5.8AI score0.00344EPSS
In wildExploits0References2
Patchstack
Patchstack
added 2026/04/21 2:25 p.m.4 views

WordPress ListingPro plugin <= 2.9.10 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO in WordPress Plugin ListingPro versions = 2.9.10...

5.8AI score0.00372EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/19 7:32 a.m.4 views

CVE-2025-64378

Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through 2.9.10...

7.1CVSS7AI score0.00174EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/18 9:30 a.m.4 views

EUVD-2025-204056

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CridioStudio ListingPro listingpro allows Reflected XSS.This issue affects ListingPro: from n/a through 2.9.10...

7.1CVSS5.9AI score0.00149EPSS
Exploits0References2
NVD
NVD
added 2025/12/18 8:16 a.m.4 views

CVE-2025-64376

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CridioStudio ListingPro listingpro allows Reflected XSS.This issue affects ListingPro: from n/a through 2.9.10...

7.1CVSS0.00149EPSS
Exploits0References1
CVE
CVE
added 2025/12/18 7:22 a.m.34 views

CVE-2025-64377

CVE-2025-64377 is a Local File Inclusion vulnerability in the WordPress ListingPro theme for versions prior to 2.9.10, caused by improper filename control in include/require statements in PHP. The issue affects ListingPro: from n/a through

8.1CVSS6.7AI score0.00344EPSS
In wildExploits0References1
Vulnrichment
Vulnrichment
added 2025/12/18 7:22 a.m.2 views

CVE-2025-64378 WordPress ListingPro theme < 2.9.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through 2.9.10...

7.1CVSS6.6AI score0.00174EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/18 7:22 a.m.1 views

CVE-2025-64376 WordPress ListingPro theme < 2.9.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CridioStudio ListingPro listingpro allows Reflected XSS.This issue affects ListingPro: from n/a through 2.9.10...

7.1CVSS6AI score0.00149EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/18 7:22 a.m.25 views

CVE-2025-64377 WordPress ListingPro theme < 2.9.10 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CridioStudio ListingPro listingpro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through 2.9.10...

8.1CVSS0.00344EPSS
Exploits0References1
CVE
CVE
added 2025/12/18 7:22 a.m.15 views

CVE-2025-64378

CVE-2025-64378 describes a Missing Authorization vulnerability in the WordPress ListingPro theme (ListingPro) prior to version 2.9.10. The root cause is misconfigured access control security levels that allow exploitation without user interaction, leading to potential elevation of privileges or u...

7.1CVSS6.6AI score0.00174EPSS
Exploits0References1
CVE
CVE
added 2025/12/18 7:22 a.m.12 views

CVE-2025-64376

CVE-2025-64376 affects the WordPress ListingPro theme (and ListingPro listings) prior to version 2.9.10. The root cause is improper neutralization of input during web page generation, allowing Reflected XSS. The entry cites a CVSS v3.1 base score of 7.1 (HIGH) with network access, low attack comp...

7.1CVSS6AI score0.00149EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.3 views

WordPress plugin ListingPro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

8.1CVSS6.5AI score0.00344EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.6 views

PT-2025-52190

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CridioStudio ListingPro listingpro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through 2.9.10...

7.1AI score0.00344EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.17 views

WordPress plugin ListingPro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

7.1CVSS6.5AI score0.00174EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.6 views

PT-2025-52191

Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through 2.9.10...

7AI score0.00174EPSS
Exploits0References2
Rows per page
Query Builder