Lucene search
K

26 matches found

Circl
Circl
added 5 days ago9 views

CVE-2026-9235

creationtimestamp| type| source ---|---|--- 2026-07-09 12:12:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq7m7bwwnx2i...

4.3CVSS5.9AI score0.00196EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-9235 DHL eCommerce (Benelux) for WooCommerce <= 2.2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shipping Label Creation and Deletion via dhlpwc_label_create and dhlpwc_label_delete AJAX Actions

The DHL eCommerce Benelux for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check and missing nonce verification on the createlabel and deletelabel functions in versions up to, and including, 2.2.3. These functions are wir...

4.3CVSS0.00196EPSS
Exploits0References5
OSV
OSV
added 2026/06/04 7:49 p.m.8 views

ROOT-APP-NPM-CVE-2015-9235 CVE-2015-9235 in @rootio/jsonwebtoken - Patched by Root

Root has patched CVE-2015-9235 in the @rootio/jsonwebtoken package for Root:npm. Multiple fixed versions available...

9.8CVSS5.4AI score0.08655EPSS
Exploits3
CVE
CVE
added 2025/08/20 5:2 p.m.20 views

CVE-2025-9235

CVE-2025-9235 affects Scada-LTS up to 2.7.8.1, where manipulation of the Name parameter in the file compound_events.shtm causes cross-site scripting. The vulnerability can be exploited remotely, and an exploit/public PoC has been published. Root cause: improper handling of the Name argument in th...

5.4CVSS3.7AI score0.00256EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 5:35 p.m.9 views

CVE-2020-9235

Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230C432E9R5P1,Versions earlier than 10.1.0.231C10E3R3P2,Versions earlier than 10.1.0.231C185E3R5P1,Versions earlier than 10.1.0.231C636E3R3P1;Versions earlier than 10.1.0.212C432E10R3P4,Versions earlier than 10.1.0.213C636E3R4P3,Version...

5.5CVSS6.5AI score0.00242EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:24 a.m.7 views

CVE-2019-9235

In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122323053...

5CVSS6.1AI score0.00164EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 4:40 a.m.13 views

CVE-2024-9235

The Mapster WP Maps plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to an insufficient capability check on the mapsterwpmapssetoptionfromjs function in all versions up to, and including, 1.5.0. This makes it possible for...

8.8CVSS7.1AI score0.00482EPSS
Exploits0References1
Circl
Circl
added 2025/01/27 10:0 p.m.10 views

CVE-2015-9235

creationtimestamp| type| source ---|---|--- 2025-01-27 22:00:06+00:00| published-proof-of-concept| Telegram/IIMMVR0y14HHoe0fDF24Y-XgfvnmWXYVKaXhSDz5tV5TerE 2025-01-28 13:54:03+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/11760 2025-02-05 19:34:25+00:00| published-proof-of-concept...

9.8CVSS8.7AI score0.08655EPSS
Exploits3References2
Circl
Circl
added 2024/10/25 10:23 a.m.5 views

CVE-2024-9235

creationtimestamp| type| source ---|---|--- 2024-10-25 10:23:24+00:00| seen| https://t.me/cvedetector/8892 2026-07-05 11:07:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mpvgoc6fpw2a...

8.8CVSS5.9AI score0.00482EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/25 6:51 a.m.29 views

CVE-2024-9235 Mapster WP Maps <= 1.5.0 - Incorrect Authorization to Authenticated (Contributor+) Arbitrary Options Update

The Mapster WP Maps plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to an insufficient capability check on the mapsterwpmapssetoptionfromjs function in all versions up to, and including, 1.5.0. This makes it possible for...

8.8CVSS0.00482EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/10/24 12:0 a.m.13 views

WordPress Mapster WP Maps Plugin <= 1.5.0 is vulnerable to Settings Change

Software Mapster WP Maps Type Plugin Vulnerable versions = 1.5.0 Fixed in 1.6.0 OWASP Top 10 A3: Injection Classification Settings Change CVE CVE-2024-9235 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID b9bebd7cfde8 Credits Sean Murphy Required privilege Contributor...

8.8CVSS6.8AI score0.00482EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2020/09/03 6:4 p.m.51 views

CVE-2020-9235

CVE-2020-9235 affects Huawei HONOR 20 PRO devices with information disclosure due to a design-level input-control flaw in multiple firmware versions. Affected versions include various 10.x builds (e.g., 10.1.0.230/231/212/213/214/160/225, across several codenames), with exploitation leading to pa...

5.5CVSS5.3AI score0.00242EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/09/27 6:5 p.m.22 views

CVE-2019-9235

In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122323053...

5.5AI score0.00164EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2018/10/09 12:38 a.m.3 views

@irjudson/nitrogen-mongodb-providers (=0.3.7), ah-auth-plugin (=0.0.1) +101 more potentially affected by CVE-2015-9235 via jsonwebtoken (>=0.1.0 <=4.0.0)

jsonwebtoken NPM version =0.1.0, =0.0.2, =0.1.0, =0.0.7, =0.0.4, =1.0.0, =0.1.0, =0.0.1, =0.0.0, =0.0.2 and more Source cves: CVE-2015-9235 Source advisory: OSV:GHSA-C7HR-J4MJ-J2W6...

9.8CVSS7.2AI score0.08655EPSS
Exploits3
CVE
CVE
added 2018/05/29 8:0 p.m.98 views

CVE-2015-9235

CVE-2015-9235 affects the jsonwebtoken Node.js module (pre-4.2.2). The vulnerability allows bypass of token verification when a token signed with RS/ES (asymmetric) is presented but validated with a symmetric HS* algorithm due to weak validation of the JWT algorithm type. This leads to potential ...

9.8CVSS9.3AI score0.08655EPSS
Exploits3References4Affected Software1
0day.today
0day.today
added 2018/04/10 12:0 a.m.32 views

iScripts SonicBB 1.0 - Reflected Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: iScripts SonicBB 1.0 - Reflected Cross-Site Scripting Exploit Author: ManhNho Vendor Homepage: https://www.iscripts.com Demo Page: https://www.demo.iscripts.com/sonicbb/demo/ Version: 1.0 Tested on: Windows 10 Category: Webapps...

0.2AI score0.02606EPSS
Exploits5
Packet Storm
Packet Storm
added 2018/04/10 12:0 a.m.34 views

iScripts SonicBB 1.0 Cross Site Scripting

Exploit Title: iScripts SonicBB 1.0 - Reflected Cross-Site Scripting Date: 02/04/2018 Exploit Author: ManhNho Vendor Homepage: https://www.iscripts.com Demo Page: https://www.demo.iscripts.com/sonicbb/demo/ Version: 1.0 Tested on: Windows 10 Category: Webapps CVE: CVE-2018-9235 1. Description...

6.4AI score0.02606EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/04/09 12:0 a.m.31 views

iScripts SonicBB 1.0 - Reflected Cross-Site Scripting (PoC)

Exploit Title: iScripts SonicBB 1.0 - Reflected Cross-Site Scripting Date: 02/04/2018 Exploit Author: ManhNho Vendor Homepage: https://www.iscripts.com Demo Page: https://www.demo.iscripts.com/sonicbb/demo/ Version: 1.0 Tested on: Windows 10 Category: Webapps CVE: CVE-2018-9235 1. Description...

6.1CVSS6.3AI score0.02606EPSS
Exploits5
NVD
NVD
added 2018/04/04 7:29 a.m.22 views

CVE-2018-9235

iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php...

6.1CVSS6.1AI score0.02606EPSS
Exploits5References2
OSV
OSV
added 2018/04/04 7:29 a.m.6 views

CVE-2018-9235

iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php...

6.1CVSS5.8AI score0.02606EPSS
Exploits5References2
Rows per page
Query Builder