Lucene search
K

16 matches found

CVE
CVE
added 2026/03/26 2:25 a.m.15 views

CVE-2026-1986

The CVE concerns FloristPress for Woo – Florist plugin for WordPress. A Reflected Cross-Site Scripting vulnerability exists in all versions up to 7.8.2, caused by insufficient input sanitization and output escaping of the user-supplied noresults parameter. This can allow unauthenticated attackers...

6.1CVSS6AI score0.0027EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/25 11:58 a.m.5 views

Security Bulletin: A vulnerability in the jackson-core package affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the jackson-core package affect IBM® Db2® Big SQL 7.8 on IBM Cloud Pak for Data 5.1 and earlier. Vulnerability Details ID:WS-2022-0468 DESCRIPTION: The jackson-core package is vulnerable to a Denial of Service DoS attack. The methods in the classes listed below fail to...

5.9AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/23 11:59 a.m.6 views

Security Bulletin: A vulnerability in Axios affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in Axios 1.7.9 and earlier affect IBM® Db2® Big SQL 7.8 on IBM Cloud Pak for Data 5.1 Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than...

8.7CVSS5.7AI score0.00759EPSS
Exploits1Affected Software1
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.5 views

react-router 跨站脚本漏洞

react-router is a Remix open source declarative routing for React. A cross-site scripting vulnerability exists in react-router versions 7.0.0 through 7.8.2, which stems from a cross-site scripting vulnerability when generating script:ld+json tags in framework mode, which could lead to the executi...

7.6CVSS6AI score0.00448EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/30 7:11 a.m.4 views

CVE-2023-7320

The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.8.2, due to improper CORS handling on the Store API's REST endpoints allowing direct external access from any origin. This can allow unauthenticated attackers to extract...

5.3CVSS6AI score0.00303EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/07/14 9:10 p.m.5 views

WordPress Alone theme <= 7.8.3 - Missing Authorization to Unauthenticated Arbitrary File Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary File Deletion vulnerability discovered by Thái An in WordPress Theme Alone versions = 7.8.2...

9.1CVSS7AI score0.00533EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/07/04 12:15 p.m.3 views

CVE-2025-52718

Improper Control of Generation of Code 'Code Injection' vulnerability in Beplusthemes Alone alone allows Remote Code Inclusion.This issue affects Alone: from n/a through = 7.8.2...

7.2CVSS0.00196EPSS
Exploits0References1
CVE
CVE
added 2025/07/04 11:17 a.m.30 views

CVE-2025-52718

The CVE-2025-52718 entry concerns WordPress Alone (Bearsthemes Alone) with an improper control of generation of code, enabling remote code inclusion and arbitrary code execution. Affected: Alone theme versions n/a through 7.8.2. Root cause: Code generation control weaknesses allow injected code t...

7.2CVSS5.9AI score0.00196EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/07/01 12:0 a.m.7 views

WordPress Alone Theme <= 7.8.2 is vulnerable to Arbitrary Code Execution

Software Alone Type Theme Vulnerable versions = 7.8.2 Fixed in 7.8.5 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2025-52718 Patch priority High CVSS severity High 7.2 Developer Claim ownership PSID 95e1c49b307c Credits Trương Hữu Phúc truonghuuphuc Required privileg...

7.2CVSS7AI score0.00196EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/11/07 12:0 a.m.2 views

Squidex Cross-Site Scripting Vulnerability

squidex is a Headless CMS and Content Management Center. A cross-site scripting vulnerability exists in Squidex version 7.8.2, which stems from a lack of raw validation in the postMessage handler, leading to a cross-site scripting XSS vulnerability...

6.8CVSS6AI score0.00473EPSS
Exploits1References2
CNVD
CNVD
added 2019/08/15 12:0 a.m.3 views

McAfee Web Gateway Information Disclosure Vulnerability (CNVD-2020-17035)

McAfee Web Gateway MWG is a security gateway product from McAfee USA. The product provides threat protection, application control, and data loss prevention. An information disclosure vulnerability exists in McAfee MWG versions 7.8.2.x prior to 7.8.2.12, which can be exploited by an attacker to...

6.5CVSS6.1AI score0.01178EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/08/14 12:0 a.m.4 views

PT-2019-3137 · Mcafee · Mcafee Web Gateway

Name of the Vulnerable Software and Affected Versions: McAfee Web Gateway versions 7.8.2.x prior to 7.8.2.12 Description: The issue is related to the lack of protection for internal data in the McAfee Web Gateway. It allows a remote attacker to disclose protected information using a specially...

6.5CVSS4.6AI score0.01178EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2018/06/19 12:0 a.m.26 views

Open-Xchange (OX) App Suite Content Spoofing Vulnerability (Jun 2018)

Open-Xchange OX App Suite is prone to a content spoofing vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

6.5CVSS6.3AI score0.08387EPSS
Exploits5References3
CNVD
CNVD
added 2016/10/18 12:0 a.m.2 views

Open-Xchange AppSuite Information Disclosure Vulnerability (CNVD-2016-09926)

Open-Xchange AppSuite OX AppSuite is a suite of Web-based cloud desktop environments from Open-Xchange, Inc. in the United States. The environment allows users to manage email, tasks, files, etc. more intuitively. An information disclosure vulnerability exists in Open-Xchange AppSuite 7.8.2 and...

4.3CVSS6AI score0.00966EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2015/02/01 12:0 a.m.22 views

Debian: Security Advisory (DSA-3149-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.7AI score0.0308EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2012/08/25 10:0 a.m.15 views

CVE-2012-3416

Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOWADMINISTRATOR or ALLOWWRITE by connecting from a system with a spoofed reverse DNS hostname...

10CVSS6.9AI score0.05102EPSS
Exploits0
Rows per page
Query Builder