Lucene search
+L

379 matches found

Patchstack
Patchstack
added 2025/09/06 4:51 a.m.6 views

WordPress Traveler theme < 3.2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Traveler versions 3.2.3...

7.1CVSS6.1AI score0.00219EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2016-10515

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages. CVE-2016-10515 Note that...

6.1CVSS6.1AI score0.00678EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.6 views

Amazon Linux 2023 : openexr, openexr-devel, openexr-libs (ALAS2023-2025-1142)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1142 advisory. An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service DoS via the convert function of exrmultipart.cpp. CVE-2024-31047 Tenable has...

3.3CVSS4.9AI score0.00218EPSS
Exploits1References4
Patchstack
Patchstack
added 2025/07/08 12:30 p.m.8 views

WordPress WooCommerce Registration Fields Plugin - Custom Signup Fields plugin <= 3.2.3 - Cross Site Scripting (XSS) vulnerability

WordPress WooCommerce Registration Fields Plugin - Custom Signup Fields plugin = 3.2.3 - Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin WooCommerce Registration Fields Plugin - Custom Signup Fields versions = 3.2.3...

7.1CVSS6.1AI score0.00266EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/07/08 12:1 p.m.7 views

WordPress WooCommerce Registration Fields Plugin - Custom Signup Fields plugin <= 3.2.3 - Privilege Escalation vulnerability

WordPress WooCommerce Registration Fields Plugin - Custom Signup Fields plugin = 3.2.3 - Privilege Escalation vulnerability discovered by 0xd4rk5id3 in WordPress Plugin WooCommerce Registration Fields Plugin - Custom Signup Fields versions = 3.2.3...

8.8CVSS7AI score0.00356EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 9:19 a.m.4 views

CVE-2024-35234

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only...

6.1CVSS7.2AI score0.00333EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:15 a.m.6 views

CVE-2024-3031

The Fluid Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS5AI score0.00271EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:38 a.m.8 views

CVE-2024-31246

Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through = 3.2.3...

8.8CVSS7.2AI score0.00336EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:21 a.m.7 views

CVE-2023-24373

External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.3...

9.8CVSS6.9AI score0.00354EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:0 a.m.6 views

CVE-2023-1612

A vulnerability, which was classified as critical, was found in Rebuild up to 3.2.3. This affects an unknown part of the file /files/list-file. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It...

9.8CVSS7.8AI score0.00744EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:54 a.m.6 views

CVE-2023-0480

VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator's account. This is possible because the application is vulnerable to CSRF...

8.8CVSS8.6AI score0.00347EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:10 a.m.9 views

CVE-2023-24407

Missing Authorization vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.3...

8.8CVSS5.1AI score0.00487EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:24 p.m.5 views

CVE-2021-24955

The User Registration, Login Form, User Profile & Membership WordPress plugin before 3.2.3 does not escape the data parameter of the ppgetformsbybuildertype AJAX action before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS6.2AI score0.00968EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:10 a.m.7 views

CVE-2019-19935

Froala Editor before 3.2.3 allows XSS...

6.1CVSS6.8AI score0.01847EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:27 a.m.7 views

CVE-2017-18004

Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint...

5.4CVSS5.9AI score0.00636EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/05/19 4:27 p.m.12 views

WordPress Wishlist for WooCommerce plugin <= 3.2.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Wishlist for WooCommerce versions = 3.2.2...

6.5CVSS6AI score0.00215EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/04/18 1:49 p.m.6 views

OESA-2025-1435 cobbler security update

Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors,...

9.8CVSS7.2AI score0.03948EPSS
Exploits6References2
OSV
OSV
added 2025/04/11 1:44 p.m.4 views

OESA-2025-1412 cobbler security update

Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors,...

9.8CVSS7.2AI score0.03948EPSS
Exploits6References2
OSV
OSV
added 2025/04/11 1:44 p.m.4 views

OESA-2025-1411 cobbler security update

Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors,...

9.8CVSS7.2AI score0.03948EPSS
Exploits6References2
Patchstack
Patchstack
added 2025/03/31 1:59 p.m.6 views

WordPress IMPress for IDX Broker plugin <= 3.2.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin IMPress for IDX Broker versions = 3.2.3...

6.5CVSS6.1AI score0.00237EPSS
Exploits0Affected Software1
Rows per page
Query Builder