Lucene search
K

11468 matches found

CNNVD
CNNVD
added 2025/10/26 12:0 a.m.5 views

WordPress plugin Directorist 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

8.1CVSS7.6AI score0.00831EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/25 9:32 a.m.5 views

EUVD-2025-35929

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to arbitrary file move due to insufficient file path validation in the addlistingaction AJAX action in all versions up to, and including, 8.4.8. This makes it possible for...

8.1CVSS7AI score0.00831EPSS
Exploits0References4
NVD
NVD
added 2025/10/25 7:15 a.m.9 views

CVE-2025-10488

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to arbitrary file move due to insufficient file path validation in the addlistingaction AJAX action in all versions up to, and including, 8.4.8. This makes it possible for...

8.1CVSS0.00831EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/25 6:49 a.m.8 views

CVE-2025-10488 Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.4.8 - Authenticated (Subscriber+) Arbitrary File Move

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to arbitrary file move due to insufficient file path validation in the addlistingaction AJAX action in all versions up to, and including, 8.4.8. This makes it possible for...

8.1CVSS7.1AI score0.00831EPSS
Exploits0References3
CVE
CVE
added 2025/10/25 6:49 a.m.27 views

CVE-2025-10488

CVE-2025-10488 — Directorist (WordPress)

8.1CVSS7.1AI score0.00831EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/10/25 12:14 a.m.3 views

SUSE CVE-2022-50568

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fhid: fix fhidg lifetime vs cdev The embedded struct cdev does not have its lifetime correctly tied to the enclosing struct fhidg, so there is a use-after-free if /dev/hidgN is held open while the gadget is deleted...

5.5CVSS6.5AI score0.002EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/10/25 12:0 a.m.10 views

PT-2025-43716

Name of the Vulnerable Software and Affected Versions Directorist versions up to and including 8.4.8 Description The Directorist plugin for WordPress is susceptible to arbitrary file move due to inadequate file path validation within the add listing action AJAX action. This allows unauthenticated...

8.1CVSS7.7AI score0.00831EPSS
Exploits0References14
EUVD
EUVD
added 2025/10/24 6:30 p.m.5 views

EUVD-2022-54547

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: fix list double add in uvcgvideopump A panic can occur if the endpoint becomes disabled and the uvcgvideopump adds the request back to the reqfree list after it has already been queued to the endpoint. The...

7.8CVSS5.1AI score0.00229EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/23 8:10 p.m.8 views

CVE-2025-57848 Container-native-virtualization: privilege escalation via excessive /etc/passwd permissions

A container privilege escalation flaw was found in certain Container-native Virtualization images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container,...

6.4CVSS0.00166EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/23 7:21 p.m.4 views

Malicious code in add-to-cart-web (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2025/10/23 7:21 p.m.4 views

MAL-2025-48789 Malicious code in add-to-cart-web (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2025/10/23 3:15 p.m.3 views

CVE-2025-56009

Cross site request forgery CSRF vulnerability in KeeneticOS before 4.3 at "/rci" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit...

5.3CVSS5.7AI score0.00169EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2025/10/23 12:10 a.m.3 views

SUSE CVE-2022-50566

In the Linux kernel, the following vulnerability has been resolved: mtd: Fix device name leak when register device failed in addmtddevice There is a kmemleak when register device failed: unreferenced object 0xffff888101aab550 size 8: comm "insmod", pid 3922, jiffies 4295277753 age 925.408s hex du...

4.7CVSS6.4AI score0.00229EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2025/10/23 12:10 a.m.2 views

SUSE CVE-2022-50578

In the Linux kernel, the following vulnerability has been resolved: class: fix possible memory leak in classregister If classaddgroups returns error, the 'cp-subsys' need be unregister, and the 'cp' need be freed. We can not call ksetunregister here, because the 'cls' will be freed in callback...

4.7CVSS6.9AI score0.00223EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/10/23 12:0 a.m.27 views

CVE-2025-56009

Cross site request forgery CSRF vulnerability in KeeneticOS before 4.3 at "/rci" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit...

0.00169EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/22 3:31 p.m.6 views

EUVD-2023-60014

In the Linux kernel, the following vulnerability has been resolved: drm/stm: ltdc: fix late dereference check In ltdccrtcsetcrcsource, struct drmcrtc was dereferenced in a containerof before the pointer check. This could cause a kernel panic. Fix this smatch warning: drivers/gpu/drm/stm/ltdc.c:11...

5.6AI score0.00189EPSS
Exploits0References4
OSV
OSV
added 2025/10/22 2:15 p.m.1 views

DEBIAN-CVE-2022-50578

In the Linux kernel, the following vulnerability has been resolved: class: fix possible memory leak in classregister If classaddgroups returns error, the 'cp-subsys' need be unregister, and the 'cp' need be freed. We can not call ksetunregister here, because the 'cls' will be freed in callback...

5.3AI score0.00223EPSS
Exploits0References1
NVD
NVD
added 2025/10/22 2:15 p.m.3 views

CVE-2022-50566

In the Linux kernel, the following vulnerability has been resolved: mtd: Fix device name leak when register device failed in addmtddevice There is a kmemleak when register device failed: unreferenced object 0xffff888101aab550 size 8: comm "insmod", pid 3922, jiffies 4295277753 age 925.408s hex du...

0.00229EPSS
Exploits0References9
OSV
OSV
added 2025/10/22 2:15 p.m.2 views

DEBIAN-CVE-2022-50566

In the Linux kernel, the following vulnerability has been resolved: mtd: Fix device name leak when register device failed in addmtddevice There is a kmemleak when register device failed: unreferenced object 0xffff888101aab550 size 8: comm "insmod", pid 3922, jiffies 4295277753 age 925.408s hex du...

5.3AI score0.00229EPSS
Exploits0References1
NVD
NVD
added 2025/10/22 2:15 p.m.3 views

CVE-2022-50559

In the Linux kernel, the following vulnerability has been resolved: clk: imx: scu: fix memleak on platformdeviceadd fails No error handling is performed when platformdeviceadd fails. Add error processing before return, and modified the return value...

0.00195EPSS
Exploits0References4
Rows per page
Query Builder