Lucene search
K

18 matches found

CVE
CVE
added 2026/06/26 4:15 p.m.16 views

CVE-2026-55677

Echo (Go framework) prior to 4.15.3 and 5.2.0 has a router vs static file handler decoding mismatch: the router uses the raw encoded path while StaticDirectoryHandler unescapes %2F to /, enabling bypass of route-level access controls to read static files without authorization. The vulnerability i...

7.5CVSS5.8AI score0.0043EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/26 4:15 p.m.6 views

CVE-2026-55677

Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches routes using the raw encoded path preserving %2F as-is, while StaticDirectoryHandler unescapes %2F to / before resolving filesystem paths. This allows an...

7.5CVSS5.8AI score0.0043EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/10 2:22 p.m.5 views

CVE-2025-67549

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bobbingwide oik oik allows DOM-Based XSS.This issue affects oik: from n/a through = 4.15.3...

6.5CVSS6.4AI score0.00161EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/09 6:30 p.m.6 views

EUVD-2025-202097

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bobbingwide oik oik allows DOM-Based XSS.This issue affects oik: from n/a through = 4.15.3...

5.9AI score0.00161EPSS
Exploits0References2
NVD
NVD
added 2025/12/09 4:18 p.m.5 views

CVE-2025-67549

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bobbingwide oik oik allows DOM-Based XSS.This issue affects oik: from n/a through = 4.15.3...

6.5CVSS0.00161EPSS
Exploits0References1
CVE
CVE
added 2025/12/09 2:14 p.m.8 views

CVE-2025-67549

CVE-2025-67549 affects the WordPress plugin oik up to version 4.15.3. Root cause: improper input neutralization during web page generation, enabling DOM-based XSS. Impact: DOM-based XSS with Low–Medium confidentiality, integrity, and availability effects (CVSS v3.1 base 6.5). Affected product: oik

6.5CVSS6AI score0.00161EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.5 views

WordPress plugin oik 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

6.5CVSS6AI score0.00161EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.5 views

PT-2025-49923

CVE-2025-67549 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bobbingwide oik oik allows DOM-Based XSS.This issue affects oik:… https://t.co/n89C6BHSeV...

6.5CVSS6.4AI score0.00161EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/08/14 11:50 a.m.7 views

WordPress oik Plugin <= 4.15.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin oik versions = 4.15.2...

7.1CVSS5.9AI score0.00219EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/05/07 10:41 p.m.27 views

CVE-2025-35939 Craft CMS stores user-provided content in session files

Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at...

6.9CVSS0.01119EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2025/02/05 12:0 a.m.9 views

WordPress ProfilePress Plugin < 4.15.3 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:properfraction:profilepress"; if description...

6.4CVSS6.9AI score0.00573EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/09/13 6:16 a.m.7 views

WordPress MStore API plugin <= 4.15.3 - Unauthorized User Registration vulnerability

Unauthorized User Registration vulnerability discovered by wesley wcraft in WordPress Plugin MStore API versions = 4.15.3...

7.3CVSS7AI score0.00382EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/09/13 12:0 a.m.5 views

WordPress plugin MStore API 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.3CVSS6.7AI score0.00382EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/09/13 12:0 a.m.17 views

WordPress MStore API Plugin <= 4.15.3 is vulnerable to Arbitrary File Upload

Software MStore API Type Plugin Vulnerable versions = 4.15.3 Fixed in 4.15.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-8242 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 5f5d39cca07a Credits stealthcopter Required privilege...

8.8CVSS6.8AI score0.00785EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/03/12 12:0 a.m.9 views

WordPress ProfilePress Plugin <= 4.15.2 is vulnerable to Cross Site Scripting (XSS)

Software ProfilePress Type Plugin Vulnerable versions = 4.15.2 Fixed in 4.15.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1535 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 06caa12c0913 Credits Arkadiusz Hydzik Required...

6.4CVSS5.7AI score0.00573EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/02/08 12:0 a.m.14 views

WordPress Matomo Analytics Plugin <= 4.15.3 is vulnerable to Cross Site Scripting (XSS)

Software Matomo Analytics Type Plugin Vulnerable versions = 4.15.3 Fixed in 5.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6923 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d69c8015e6ca Credits Felipe Restrepo...

6.1CVSS5.6AI score0.00499EPSS
Exploits0References3Affected Software1
OpenVAS
OpenVAS
added 2022/02/03 12:0 a.m.29 views

SUSE: Security Advisory (SUSE-SU-2022:0283-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9CVSS7AI score0.74042EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2016/05/17 12:0 a.m.24 views

Sierra Wireless AceManager Detection (HTTP)

HTTP based detection Sierra Wireless AceManager. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

5.8AI score
Exploits0References1
Rows per page
Query Builder