Lucene search
K

61 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-52164

Name of the Vulnerable Software and Affected Versions Drupal Advanced Content Feedback versions 0.0.0 through 2.8.0 Description Stored Cross-site Scripting XSS occurs when the module fails to sufficiently sanitize administrator-configured response messages. Specifically, the "Yes response", "No...

6AI score
Exploits0References3
CVE
CVE
added 2026/05/28 10:50 p.m.17 views

CVE-2026-6816

Concretely, CVE-2026-6816 affects Drupal TFA Basic Plugins (versions 7.x-1.0 through 7.x-1.2). The issue is an access bypass in which users with the administer users permission can view or generate recovery codes for other users, enabling information disclosure of recovery credentials. The root c...

5.1CVSS5.8AI score0.00321EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/13 9:25 a.m.12 views

CVE-2026-4063

CVE-2026-4063 affects the WordPress plugin Social Icons Widget & Block by WPZOOM. The Red Hat and CVE records, corroborated by the Wordfence vulnerability report, describe a missing capability check in the add_menu_item() function hooked to admin_menu in all versions up to 4.5.8. This allows auth...

4.3CVSS5.7AI score0.00207EPSS
Exploits0References5
Drupal
Drupal
added 2026/02/25 12:0 a.m.12 views

Responsive Favicons - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-019

This module adds the favicons generated by realfavicongenerator.net to your Drupal site. The module does not filter administrator-entered text, leading to a persistent Cross-site scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the...

4.8CVSS5.4AI score0.00185EPSS
Exploits0References2
OSV
OSV
added 2025/12/03 6:49 p.m.8 views

DRUPAL-CONTRIB-2025-123

This module enables you to deploy content from one Drupal website to another. The module provides some default configuration without sufficient access control. This vulnerability is mitigated by the fact that an administrator can add some default access control permission...

5.3CVSS6.8AI score0.00187EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/09 12:0 a.m.10 views

PT-2025-41422

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos Space versions prior to 24.1R4 Description An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' issue exists in Juniper Networks Junos Space. This allows an attacker to inject script tags...

6.1CVSS6.8AI score0.00207EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-14897

Malware in sbrugna...

6.8CVSS5.2AI score0.01903EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2021-14898

Malware in sbrugna...

6.8CVSS5.2AI score0.01903EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2021-14894

Malware in sbrugna...

7.2CVSS7AI score0.02016EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2021-14893

Malware in sbrugna...

7.2CVSS7AI score0.01961EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2021-14895

Malware in sbrugna...

6.8CVSS5.2AI score0.01903EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2021-14899

Malware in sbrugna...

6.8CVSS5.2AI score0.01903EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-7486

Malicious code in bioql PyPI...

4.8CVSS9.2AI score0.00234EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 2:4 a.m.13 views

CVE-2023-6924

The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in versions up to, and including, 1.8.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

4.8CVSS5.7AI score0.00461EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:40 a.m.10 views

CVE-2019-19903

An issue was discovered in Backdrop CMS 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying file type descriptions created by administrators. An attacker could potentially craft a specialized description, then have an administrator execute scripting when viewing the list o...

4.8CVSS6.6AI score0.00552EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/17 9:2 p.m.12 views

CVE-2024-6486

The ImageMagick Engine ImageMagick Engine WordPress plugin before 1.7.11 for WordPress is vulnerable to OS Command Injection via the "clipath" parameter. This allows authenticated attackers, with administrator-level permission to execute arbitrary OS commands on the server leading to remote code...

7.2CVSS8.2AI score0.02132EPSS
Exploits1References1
NVD
NVD
added 2025/05/15 8:15 p.m.9 views

CVE-2024-6486

The ImageMagick Engine ImageMagick Engine WordPress plugin before 1.7.11 for WordPress is vulnerable to OS Command Injection via the "clipath" parameter. This allows authenticated attackers, with administrator-level permission to execute arbitrary OS commands on the server leading to remote code...

7.2CVSS0.02132EPSS
Exploits1References1
CVE
CVE
added 2025/05/15 8:7 p.m.30 views

CVE-2024-6486

The CVE refers to the ImageMagick Engine WordPress plugin vulnerable to OS Command Injection via the cli_path parameter in versions prior to 1.7.11. Exploitation requires authenticated administrators, enabling them to execute arbitrary OS commands and potentially achieve remote code execution on ...

7.2CVSS8.4AI score0.02132EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/03/12 3:21 a.m.69 views

CVE-2025-2076

CVE-2025-2076 : The WordPress plugin binlayerpress

4.8CVSS4.4AI score0.00234EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 3:58 a.m.9 views

CVE-2024-27275

IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target...

7.8CVSS7.4AI score0.00155EPSS
Exploits0References1
Rows per page
Query Builder