Lucene search
K

62 matches found

NVD
NVD
added 2026/03/11 5:18 a.m.5 views

CVE-2026-2413

The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user-supplied URL parameter in the getglobalremediations method, where it is directly concatenated...

7.5CVSS0.02289EPSS
Exploits1References4
Circl
Circl
added 2026/03/11 4:18 a.m.8 views

CVE-2026-2413

creationtimestamp| type| source ---|---|--- 2026-03-11 04:18:01+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-2413 2026-03-11 17:30:18+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-2413.yaml...

7.5CVSS6.8AI score0.02289EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.4 views

PT-2026-24548

Name of the Vulnerable Software and Affected Versions The Ally – Web Accessibility & Usability plugin for WordPress versions prior to 4.1.0 Description The Ally – Web Accessibility & Usability plugin for WordPress is susceptible to SQL Injection through the URL path. This occurs because of...

7.5CVSS5.8AI score0.02289EPSS
Exploits1References33
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2016-2413

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a handle pointer, which...

9.3CVSS7.6AI score0.00473EPSS
Exploits0References2
Circl
Circl
added 2025/09/02 4:49 p.m.10 views

CVE-2025-2413

creationtimestamp| type| source ---|---|--- 2025-09-02 16:49:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lxul5lrwhn2c...

8.6CVSS4.8AI score0.00325EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:20 a.m.8 views

CVE-2023-2413

A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/bookings/managebooking.php. The manipulation of the argument id leads to sql injection. The attack can be...

6.5CVSS8.1AI score0.0063EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:28 p.m.9 views

CVE-2022-2413

The Slide Anything WordPress plugin before 2.3.47 does not properly sanitize or escape the slide title before outputting it in the admin pages, allowing a logged in user with roles as low as Author to inject a javascript payload into the slide title even when the unfilteredhtml capability is...

5.4CVSS6.6AI score0.0053EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2024/09/12 12:0 a.m.19 views

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2024-2413)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.3CVSS6.8AI score0.27992EPSS
Exploits6References2
OpenVAS
OpenVAS
added 2024/07/24 12:0 a.m.12 views

openSUSE Security Advisory (SUSE-SU-2024:2413-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.9AI score0.04602EPSS
Exploits0References4
Circl
Circl
added 2024/03/13 4:26 a.m.4 views

CVE-2024-2413

creationtimestamp| type| source ---|---|--- 2024-03-13 04:26:51+00:00| seen| https://t.me/ctinow/206380 2024-03-13 04:31:28+00:00| seen| https://t.me/ctinow/206383 2025-04-15 15:54:58+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/11862...

9.8CVSS5.8AI score0.00574EPSS
Exploits0References3
CVE
CVE
added 2024/03/13 2:51 a.m.35 views

CVE-2024-2413

CVE-2024-2413 affects Intumit SmartRobot, which uses a fixed cryptographic key for authentication. This allows remote attackers to craft an authentication code by encrypting a string of the user’s name and a timestamp, enabling administrator privileges and potential arbitrary code execution on th...

9.8CVSS10AI score0.00574EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2024/01/27 9:41 a.m.5 views

CVE-2012-2413

creationtimestamp| type| source ---|---|--- 2024-01-27 09:41:20+00:00| seen| https://t.me/ctinow/174711...

4.3CVSS4.8AI score0.01206EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/01/16 3:49 p.m.29 views

CVE-2022-2413 Slide Anything < 2.3.47 - Author+ Cross Site Scripting in slide title

The Slide Anything WordPress plugin before 2.3.47 does not properly sanitize or escape the slide title before outputting it in the admin pages, allowing a logged in user with roles as low as Author to inject a javascript payload into the slide title even when the unfilteredhtml capability is...

5.6AI score0.0053EPSS
Exploits2References1
CVE
CVE
added 2024/01/16 3:49 p.m.67 views

CVE-2022-2413

The CVE-2022-2413 issue affects the Slide Anything WordPress plugin prior to 2.3.47. Root cause: the slide title is not properly sanitized/escaped before output in admin pages, enabling a logged-in user with roles as low as Author to inject JavaScript payloads. Impact: cross-site scripting in adm...

5.4CVSS5.4AI score0.0053EPSS
Exploits2References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/01/09 12:0 a.m.30 views

Amazon Linux 2 : python-pillow (ALAS-2024-2413)

The version of python-pillow installed on the remote host is prior to 2.0.0-23.gitd1c6db8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2413 advisory. Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the crafted image...

5.5CVSS6.7AI score0.01861EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2023/09/19 12:0 a.m.27 views

open-vm-tools security update

11.0.5-3.0.1 - fix spaces in vmware udev rule for scsi devices Orabug: 24461968 - Fix vmware udev rule in 99-vmware-scsi-timeout.rules file. Orabug: 22815019 - Increase timeout for scsi devices on VMWare guests by adding a udev rule. - Created a new file 99-vmware-scsi-timeout.rules - Modified sp...

7.5CVSS7.6AI score0.01193EPSS
Exploits0
Cvelist
Cvelist
added 2023/04/29 12:0 a.m.24 views

CVE-2023-2413 SourceCodester AC Repair and Services System manage_booking.php sql injection

A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/bookings/managebooking.php. The manipulation of the argument id leads to sql injection. The attack can be...

6.5CVSS7.1AI score0.0063EPSS
Exploits1References3
CVE
CVE
added 2023/04/29 12:0 a.m.40 views

CVE-2023-2413

CVE-2023-2413 affects SourceCodester AC Repair and Services System 1.0 . The flaw is in file /admin/bookings/manage_booking.php , where the application directly uses the id parameter in a SQL query, resulting in a SQL injection vulnerability. Reports indicate the issue is exploitable remotely and...

6.5CVSS6.8AI score0.0063EPSS
Exploits1References3Affected Software1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.26 views

Mageia: Security Advisory (MGASA-2014-0189)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.8AI score0.0751EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2021/07/21 12:0 a.m.15 views

SUSE: Security Advisory (SUSE-SU-2021:2413-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS7AI score0.01608EPSS
Exploits2References2
Rows per page
Query Builder