Lucene search
K

7 matches found

ATTACKERKB
ATTACKERKB
added 6 days ago16 views

CVE-2026-12415

The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravelinvoiceeditaccount AJAX action in versions up to, and including, 1.0.0. The handler is exposed via wpajaxnoprivpravelinvoiceeditaccount, accepts an attacker-controlled...

9.8CVSS5.8AI score0.00662EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/08/21 12:0 a.m.3 views

TitanHQ SpamTitan Email Security Gateway 安全漏洞

TitanHQ SpamTitan Email Security Gateway is an email security gateway from TitanHQ Ireland. A security vulnerability exists in TitanHQ SpamTitan Email Security Gateway versions 8.00.x prior to 8.00.101 and 8.01.x prior to 8.01.14, which stems from a vulnerability in quarantine.php that allows an...

9.1CVSS6.7AI score0.00529EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/02/05 10:59 p.m.8 views

CVE-2022-1514

Stored XSS via upload plugin functionality in zip format in GitHub repository neorazorx/facturascripts prior to 2022.06. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user's machine...

9CVSS5.6AI score0.00732EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/08/01 2:49 p.m.14 views

CVE-2018-20919

cPanel before 70.0.23 allows stored XSS via a WHM Create Account action SEC-373...

6AI score0.00647EPSS
Exploits0References1
CNVD
CNVD
added 2016/12/02 12:0 a.m.1 views

Arbitrary File Upload Vulnerability in NetSense SECWORLD VPN

NetSense SECWORLD VPN is a secure access gateway system. NetShen SECWORLD VPN has an arbitrary file upload vulnerability. The /admin/account/useraddaction.php page has no restrictions on file uploads, allowing an attacker to directly upload a webshell and gain server privileges...

7.4AI score
Exploits0
NVD
NVD
added 2010/07/22 5:40 a.m.31 views

CVE-2009-4939

Multiple cross-site scripting XSS vulnerabilities in index.php in AdPeeps 8.5d1 allow remote attackers to inject arbitrary web script or HTML via the 1 uid parameter, 2 uid parameter in a loginlookup action, 3 uid parameter in an adminlogin action, 4 campaignid parameter in a createcampaign actio...

4.3CVSS5.5AI score0.01931EPSS
Exploits1References8
Cvelist
Cvelist
added 2009/05/04 6:22 p.m.22 views

CVE-2008-6790

The admin module in MindDezign Photo Gallery 2.2 allows remote attackers to add administrative users and gain privileges via a modified username parameter in an edit account action to index.php...

6.8AI score0.01979EPSS
Exploits1References3
Rows per page
Query Builder