CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

82 matches found

Tenable Nessus•added 2026/01/20 12:0 a.m.•11 views

MiracleLinux 7 : httpd-2.4.6-97.2.0.1.el7.AXS7 (AXSA:2021-2543:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2543:02 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Bug Fixes: proxy rewrite to unix socket fails with...

9CVSS7.7AI score0.94432EPSS

Exploits5References2

EUVD•added 2026/01/14 5:28 a.m.•1 views

EUVD-2026-2543

The Gotham Block Extra Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS4.6AI score0.00039EPSS

Exploits0References3

RedhatCVE•added 2026/01/07 9:13 a.m.•2 views

CVE-2024-2543

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'geturieditor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of all posts...

4.3CVSS6.7AI score0.00365EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 10:32 p.m.•5 views

CVE-2022-2543

The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts...

6.1CVSS6.9AI score0.00519EPSS

Exploits2References1

NVD•added 2025/04/24 9:15 a.m.•11 views

CVE-2025-2543

The Advanced Accordion Gutenberg Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...

6.4CVSS0.00091EPSS

Exploits0References6

Circl•added 2025/04/24 9:12 a.m.•5 views

CVE-2025-2543

creationtimestamp| type| source ---|---|--- 2025-04-24 09:12:20+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13206 2025-04-24 13:03:54+00:00| seen| https://t.me/cvedetector/23666 2025-04-24 14:19:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lnkvnu3mu724...

6.4CVSS8.7AI score0.00091EPSS

Exploits0References3

Cvelist•added 2025/04/24 8:23 a.m.•13 views

CVE-2025-2543 Advanced Accordion Gutenberg Block <= 5.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4CVSS0.00091EPSS

Exploits0References6

Patchstack•added 2025/04/23 9:11 p.m.•3 views

WordPress Advanced Accordion Gutenberg Block plugin <= 5.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Avraham Shemesh in WordPress Plugin Advanced Accordion Gutenberg Block versions = 5.0.2...

6.4CVSS6.3AI score0.00091EPSS

Exploits0References1Affected Software1

Tenable Nessus•added 2025/03/04 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2016-2543

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The sndseqioctlremoveevents function in sound/core/seq/seqclientmgr.c in the Linux kernel before 4.4.1 does not verify FIFO assignment before proceeding with FI...

6.2CVSS6.7AI score0.00043EPSS

Exploits0References3

RedhatCVE•added 2025/02/05 2:19 p.m.•5 views

CVE-2020-2543

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...

7.5CVSS6.5AI score0.00926EPSS

Exploits0

Tenable Nessus•added 2024/07/18 12:0 a.m.•25 views

SUSE SLES15 / openSUSE 15 Security Update : nodejs20 (SUSE-SU-2024:2543-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2543-1 advisory. Update to 20.15.1: - CVE-2024-36138: Fixed CVE-2024-27980 fix bypass bsc1227560 - CVE-2024-22020: Fixed a bypass of...

8.1CVSS7AI score0.00369EPSS

Exploits0References18

Tenable Nessus•added 2024/05/15 12:0 a.m.•27 views

Amazon Linux 2 : cni-plugins (ALAS-2024-2543)

The version of cni-plugins installed on the remote host is prior to 1.2.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2543 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more...

5.3CVSS7AI score0.00123EPSS

Exploits0References4

Tenable Nessus•added 2024/05/11 12:0 a.m.•248 views

RHEL 7 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - kernel: out of bounds read in drivers/media/usb/dvb-usb/technisat-usb2.c CVE-2019-15505 - kernel: lack of...

8.9AI score0.18911EPSS

Exploits170References1025

Tenable Nessus•added 2024/04/27 12:0 a.m.•17 views

RHEL 7 : openstack-keystone (RHSA-2018:2543)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2543 advisory. The OpenStack Identity service keystone authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The...

5.3CVSS5.5AI score0.01139EPSS

Exploits0References4

Cvelist•added 2024/04/09 6:58 p.m.•10 views

CVE-2024-2543 Plugin Permalink <= 2.4.3.1 - Missing Authorization via get_uri_editor

4.3CVSS4.7AI score0.00365EPSS

Exploits1References3

CVE•added 2024/04/09 6:58 p.m.•48 views

CVE-2024-2543

The CVE-2024-2543 entry concerns the Permalink Manager Lite WordPress plugin. A missing capability check in get_uri_editor affects all versions up to 2.4.3.1, enabling unauthenticated attackers to view permalinks for all posts. Remediation: upgrade to 2.4.3.2 or later (patched in that version).

4.3CVSS9.1AI score0.00365EPSS

Exploits1References3Affected Software1

Patchstack•added 2024/03/21 12:0 a.m.•8 views

WordPress Permalink Manager Lite Plugin <= 2.4.3.1 is vulnerable to Broken Access Control

Software Permalink Manager Lite Type Plugin Vulnerable versions = 2.4.3.1 Fixed in 2.4.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2543 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 01746b8cad8b Credits Muhammad Zeeshan...

4.3CVSS6.9AI score0.00365EPSS

Exploits1References3Affected Software1

Tenable Nessus•added 2023/08/02 12:0 a.m.•20 views

EulerOS Virtualization 2.10.1 : libwebp (EulerOS-SA-2023-2543)

According to the versions of the libwebp package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode function and loop through to...

7.5CVSS7.2AI score0.00353EPSS

Exploits0References2

Circl•added 2022/09/05 4:12 p.m.•0 views

CVE-2022-2543

creationtimestamp| type| source ---|---|--- 2022-09-05 16:12:16+00:00| seen| https://t.me/cibsecurity/49290...

6.1CVSS6AI score0.00519EPSS

Exploits2References1