Lucene search
K

421 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-34219

Malicious code in bioql PyPI...

7.2CVSS7AI score0.00717EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2025/07/16 11:28 a.m.10 views

CVE-2025-48339

Missing Authorization vulnerability in activity-log.com Profiler - What Slowing Down Your WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Profiler - What Slowing Down Your WP: from n/a through 1.0.0...

6.5CVSS5.1AI score0.00203EPSS
Exploits0References3
CVE
CVE
added 2025/07/16 11:28 a.m.17 views

CVE-2025-48339

CVE-2025-48339 concerns the WordPress plugin Profiler – What Slowing Down Your WP, with a Missing Authorization (Broken Access Control) vulnerability. Affected versions are n/a through 1.0.0. Root cause is incorrectly configured access control security levels leading to unauthorized access. The C...

6.5CVSS5.1AI score0.00203EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/16 11:28 a.m.9 views

CVE-2025-48339 WordPress Profiler - What Slowing Down Your WP <= 1.0.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in activity-log.com Profiler - What Slowing Down Your WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Profiler - What Slowing Down Your WP: from n/a through 1.0.0...

6.5CVSS0.00203EPSS
Exploits0References1
Circl
Circl
added 2025/06/02 8:59 a.m.23 views

CVE-2025-0324

creationtimestamp| type| source ---|---|--- 2025-06-02 08:59:30+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqmfwa36fse2 2025-06-02 09:01:34+00:00| seen| Telegram/VQ0FQ5ZLin3xUorKYhfcFNtdNKkFwfxKkGrKdLfMt-CdeI0 2025-06-02...

9.4CVSS4.8AI score0.00338EPSS
Exploits0References2
Circl
Circl
added 2025/05/27 4:47 a.m.24 views

CVE-2025-48054

creationtimestamp| type| source ---|---|--- 2025-05-27 04:47:52+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/17604 2025-05-27 05:00:43+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lq4vsqoyz352 2025-05-27...

8.8CVSS4.8AI score0.00557EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 7:42 a.m.5 views

CVE-2024-37929

Missing Authorization vulnerability in solwin User Activity Log Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Activity Log Pro: from n/a through 2.3.4...

6.3CVSS5.1AI score0.00336EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:49 a.m.8 views

CVE-2023-37966

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Solwin Infotech User Activity Log user-activity-log allows SQL Injection.This issue affects User Activity Log: from n/a through 1.6.2...

9.8CVSS8.9AI score0.00546EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:30 a.m.10 views

CVE-2023-5167

The User Activity Log Pro WordPress plugin before 2.3.4 does not properly escape recorded User-Agents in the user activity logs dashboard, which may allow visitors to conduct Stored Cross-Site Scripting attacks...

5.4CVSS5.9AI score0.00394EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/23 4:30 a.m.9 views

CVE-2023-5133

This user-activity-log-pro WordPress plugin before 2.3.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic...

7.5CVSS6.6AI score0.0055EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/23 3:55 a.m.9 views

CVE-2023-3435

The User Activity Log WordPress plugin before 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks...

9.8CVSS7.6AI score0.00808EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:16 a.m.5 views

CVE-2023-2284

The WP Activity Log Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxswitchdb function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers with subscriber-level or higher to make...

4.3CVSS5.1AI score0.00386EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:23 p.m.4 views

CVE-2022-3941

A vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be initiated remotely...

5.3CVSS5.8AI score0.00685EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:29 a.m.7 views

CVE-2016-10890

The aryo-activity-log plugin before 2.3.2 for WordPress has XSS...

6.1CVSS7.1AI score0.01111EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/15 8:9 p.m.16 views

CVE-2023-6030 LogDash Activity Log < 1.1.4 - Unauthenticated SQLi

The LogDash Activity Log WordPress plugin before 1.1.4 hooks the wploginfailed function from src/Hooks/Users.php in order to log failed login attempts to the database but it doesn't escape the username when it perform some SQL request leading to a SQL injection vulnerability which can be exploite...

0.00748EPSS
Exploits1References1
CVE
CVE
added 2025/05/15 8:9 p.m.28 views

CVE-2023-6030

The CVE-2023-6030 entry relates to the WordPress plugin LogDash Activity Log (versions before 1.1.4). The vulnerability arises when the plugin logs failed logins in src/Hooks/Users.php via wp_login_failed without escaping the username in a SQL query, causing a SQL injection. The risk is described...

5.4CVSS7.8AI score0.00748EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.5 views

PT-2025-21372

Name of the Vulnerable Software and Affected Versions: LogDash Activity Log WordPress plugin versions prior to 1.1.4 Description: The issue concerns a SQL injection vulnerability. It occurs because the plugin does not properly escape the username when performing SQL requests, specifically when...

5.4CVSS5.8AI score0.00748EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.5 views

WordPress plugin LogDash Activity Log 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

5.4CVSS6.3AI score0.00748EPSS
Exploits1References1
Circl
Circl
added 2025/05/06 5:13 p.m.14 views

GHSA-9PCC-GVX5-R5WM

creationtimestamp| type| source ---|---|--- 2025-05-06 17:13:47+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114462007419812570 2025-05-06 18:21:38+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/15182 2025-05-06 19:30:34+00:00| published-proof-of-concept|...

4.8AI score
Exploits0References2
Circl
Circl
added 2025/05/03 5:17 p.m.25 views

CVE-2025-4238

creationtimestamp| type| source ---|---|--- 2025-05-03 17:17:57+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14700 2025-05-03 18:06:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lobwjls6gk2j 2025-05-03 19:00:35+00:00| published-proof-of-concept|...

9.8CVSS7.3AI score0.00612EPSS
Exploits1References4
Rows per page
Query Builder