Lucene search
K

848 matches found

Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.7 views

PT-2026-7529

Name of the Vulnerable Software and Affected Versions Media Streaming add-on versions prior to 500.1.1.6 Description An out-of-bounds read issue exists in Media Streaming add-on. An attacker with local network access can exploit this to obtain secret data. Recommendations Update to Media Streamin...

5.5CVSS5.4AI score0.00107EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/04 7:28 p.m.5 views

CVE-2026-24985

Missing Authorization vulnerability in approveme WP Forms Signature Contract Add-On wp-forms-signature-contract-add-on allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Forms Signature Contract Add-On: from n/a through = 1.8.2...

4.3CVSS5.3AI score0.00185EPSS
Exploits0References1
NVD
NVD
added 2026/02/03 3:16 p.m.30 views

CVE-2026-24985

Missing Authorization vulnerability in approveme WP Forms Signature Contract Add-On wp-forms-signature-contract-add-on allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Forms Signature Contract Add-On: from n/a through = 1.8.2...

4.3CVSS0.00185EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/03 2:8 p.m.5 views

EUVD-2026-5243

Missing Authorization vulnerability in approveme WP Forms Signature Contract Add-On wp-forms-signature-contract-add-on allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Forms Signature Contract Add-On: from n/a through = 1.8.2...

4.3CVSS5.3AI score0.00185EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/03 2:8 p.m.3 views

CVE-2026-24985 WordPress WP Forms Signature Contract Add-On plugin <= 1.8.2 - Broken Access Control to Notice Dismissal vulnerability

Missing Authorization vulnerability in approveme WP Forms Signature Contract Add-On wp-forms-signature-contract-add-on allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Forms Signature Contract Add-On: from n/a through = 1.8.2...

4.3CVSS5.3AI score0.00185EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 2:8 p.m.14 views

CVE-2026-24985

The CVE-2026-24985 entry describes a Missing Authorization/Broken Access Control vulnerability in the approveme WP Forms Signature Contract Add-On for WordPress, affecting versions up to and including 1.8.2. The issue stems from incorrectly configured access control security levels, enabling unau...

4.3CVSS5.3AI score0.00185EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.10 views

PT-2026-6233

Name of the Vulnerable Software and Affected Versions approveme WP Forms Signature Contract Add-On versions through 1.8.2 Description The WP Forms Signature Contract Add-On contains a flaw related to incorrectly configured access control security levels, potentially allowing unauthorized access...

4.3CVSS5.4AI score0.00185EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 4 : firefox-68.10.0-1.0.1.AXS4 (AXSA:2020-213:15)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-213:15 advisory. Mozilla: Information disclosure due to manipulated URL object CVE-2020-12418 Mozilla: Use-after-free in nsGlobalWindowInner CVE-2020-12419 Mozilla:...

9.3CVSS8.4AI score0.03034EPSS
Exploits1References5
CVE
CVE
added 2026/01/13 1:39 p.m.12 views

CVE-2025-9427

The CVE-2025-9427 entry describes an XSS vulnerability in the Lemonsoft WordPress add-on, caused by improper neutralization of input during web page generation. Affected component: Lemonsoft WordPress add-on (version 2025.7.1). Impact is cross-site scripting with potential confidentiality, integr...

8.4CVSS5.5AI score0.00321EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.5 views

WordPress plugin WordPress add-on 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

8.4CVSS5.7AI score0.00321EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:55 a.m.7 views

CVE-2020-12320

Uncontrolled search path in IntelR SCS Add-on for Microsoft SCCM before version 2.1.10 may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS7.2AI score0.00322EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:11 a.m.16 views

CVE-2022-26512

Uncontrolled search path element in the IntelR FPGA Add-on for IntelR oneAPI Base Toolkit before version 2022.2 may allow an authenticated user to potentially enable escalation of privilege via local access...

7.3CVSS7.1AI score0.00182EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:48 a.m.5 views

CVE-2025-23623

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mahesh Bisen Contact Form 7 – CCAvenue Add-on cf7-cc-avenue-add-on allows Reflected XSS.This issue affects Contact Form 7 – CCAvenue Add-on: from n/a through = 1.0...

7.1CVSS7.2AI score0.00303EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:47 a.m.7 views

CVE-2025-23655

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in crystalwebpro Contact Form 7 – Paystack Add-on cf7-paystack-add-on allows Reflected XSS.This issue affects Contact Form 7 – Paystack Add-on: from n/a through = 1.2.3...

7.1CVSS7.2AI score0.00297EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:10 a.m.10 views

CVE-2019-12739

lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php nameOfFile and directory parameters...

9CVSS7.5AI score0.02555EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.5 views

REDAXO 安全漏洞

REDAXO is a content management system of REDAXO open source. A security vulnerability exists in REDAXO versions prior to 5.20.2, which stems from a path traversal in the file export function of the Backup add-on, which could cause a user with backup privileges to read arbitrary files in the webro...

8.3CVSS6.3AI score0.00493EPSS
Exploits3References2
Cvelist
Cvelist
added 2026/01/06 7:22 a.m.34 views

CVE-2025-12067 Table Field Add-on for ACF and SCF <= 1.3.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table Cell Content

The Table Field Add-on for ACF and SCF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Cell Content in all versions up to, and including, 1.3.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00159EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/06 12:0 a.m.9 views

PT-2026-1419

Name of the Vulnerable Software and Affected Versions Table Field Add-on for ACF and SCF plugin for WordPress versions up to and including 1.3.30 Description The software is susceptible to Stored Cross-Site Scripting through the Table Cell Content due to inadequate input sanitization and output...

6.4CVSS5.3AI score0.00159EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/01/05 10:37 p.m.10 views

WordPress Table Field Add-on for ACF and SCF plugin <= 1.3.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table Cell Content vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Table Cell Content vulnerability discovered by shark3y in WordPress Plugin Table Field Add-on for ACF and SCF versions = 1.3.30...

6.4CVSS5.5AI score0.00159EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/12/31 5:15 p.m.6 views

CVE-2025-62099

Missing Authorization vulnerability in approveme Signature Add-On for Gravity Forms gravity-signature-forms-add-on allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Signature Add-On for Gravity Forms: from n/a through = 1.8.6...

4.3CVSS0.00198EPSS
Exploits0References1
Rows per page
Query Builder