Lucene search
K

31 matches found

EUVD
EUVD
added 2026/06/24 5:33 a.m.8 views

EUVD-2026-38679

The SignUp & SignIn plugin for WordPress is vulnerable to Authentication Bypass via Weak Password Reset Validation leading to Account Takeover in versions up to, and including, 1.0.0. This is due to the pravelchangepassword AJAX handler — registered via wpajaxnoprivpravelchangepassword and...

9.8CVSS5.9AI score0.00454EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a security vulnerability. This vulnerability arises from attackers with...

8.7CVSS5.8AI score0.00248EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/01 10:6 p.m.9 views

CI4MS: Blogs Posts (Categories) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Blogs Posts Categories Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS - Stored Cross-Site Scripting via Unsanitized Blog Post Content in Blog Management Categories Description The application fails to properly sanitize user-controlled input wh...

9.1CVSS6.2AI score0.00269EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/02 11:0 p.m.7 views

Craft Commerce has Stored XSS in Tax Zones (Name & Description) Leading to Potential Privilege Escalation

Summary A stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Name & Description fields in Tax Zones are not properly sanitized before being displayed in the admin panel. Proof of Concept Requirments -...

6.1CVSS5.7AI score0.00283EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2026/01/12 12:0 a.m.15 views

CVE-2025-67147

CVE-2025-67147 affects Gym-Management-System-PHP 1.0. Multiple SQL injection flaws exist in submit_contact.php (name, email, comment), secure_login.php (username, pass_key), and change_s_pwd.php (login_id, pwfield, login_key). Attackers can bypass authentication, run arbitrary SQL commands, modif...

9.8CVSS8.3AI score0.00345EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/05 4:47 p.m.4 views

CVE-2025-59467

A Cross-Site Scripting XSS vulnerability in the UCRM Argentina AFIP invoices Plugin v1.2.0 and earlier could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. This plugin is disabled by default. Affected Products: UCRM Argentina AFIP invoices Plugin...

7.5CVSS5.6AI score0.00215EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/11 6:30 p.m.3 views

EUVD-2025-202701

A Cross-Site Request Forgery CSRF in the /admin/admin.inc.php component of EasyImages 2.0 v2.8.6 and below allows attackers to escalate privileges to Administrator via user interaction with a malicious web page...

6.5AI score0.00171EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/11 12:0 a.m.3 views

CVE-2025-65472

A Cross-Site Request Forgery CSRF in the /admin/admin.inc.php component of EasyImages 2.0 v2.8.6 and below allows attackers to escalate privileges to Administrator via user interaction with a malicious web page...

6.6AI score0.00171EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/11 12:0 a.m.32 views

CVE-2025-65472

A Cross-Site Request Forgery CSRF in the /admin/admin.inc.php component of EasyImages 2.0 v2.8.6 and below allows attackers to escalate privileges to Administrator via user interaction with a malicious web page...

0.00171EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.11 views

PT-2025-50634

Name of the Vulnerable Software and Affected Versions EasyImages versions 2.8.6 and below Description A Cross-Site Request Forgery CSRF exists in the /admin/admin.inc.php component. This allows attackers to escalate privileges to Administrator by tricking a user into interacting with a malicious...

8.8CVSS6.8AI score0.00171EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-3563

Malicious code in bioql PyPI...

8.8CVSS8.3AI score0.00754EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-28093

Malicious code in bioql PyPI...

7.2CVSS7.1AI score0.00887EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-20446

Malicious code in bioql PyPI...

8.5CVSS6.4AI score0.00128EPSS
Exploits0References1
NVD
NVD
added 2025/07/08 11:15 a.m.6 views

CVE-2025-23365

A vulnerability has been identified in TIA Administrator All versions V3.0.6. The affected application allows low-privileged users to trigger installations by overwriting cache files and modifying the downloads path. This would allow an attacker to escalate privilege and exceute arbitrary code...

8.5CVSS0.00128EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2025/05/29 2:39 p.m.4 views

Security update for slurm_22_05

This update for slurm2205 fixes the following issues: CVE-2025-43904: an issue with permission handling for Coordinators within the accounting system allowed Coordinators to promote a user to Administrator bsc1243666. Patch Instructions: To install this SUSE update use the SUSE recommended...

8.5CVSS6.5AI score0.00244EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 10:53 a.m.16 views

BIT-GHOST-2022-47195

An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this...

9CVSS5.8AI score0.00682EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2024/01/11 12:0 a.m.10 views

The vulnerability of the MySQL software component used for managing power supply sources in Voltronic Power View. This allows a hacker to elevate their privileges to the level of an administrator.

The vulnerability of the MySQL component in the software for managing power sources in Voltronic Power ViewPower Pro lies in the use of rigidly encoded credentials. Exploiting this vulnerability could allow an attacker to elevate their privileges to the level of an administrator...

7.8CVSS7.2AI score0.00234EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2023/11/17 12:0 a.m.8 views

The vulnerability of the kubelet utility in the Kubernetes cluster management software allows a hacker to elevate their privileges to the level of an administrator.

The vulnerability of the kubelet utility in the Kubernetes cluster management software is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to elevate their privileges to the level of an administrator...

8.3CVSS7.4AI score0.03578EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2023/07/10 4:15 p.m.15 views

Design/Logic Flaw

An administrator is able to execute commands as root via the alerts management dialog...

5.8CVSS7.2AI score0.00775EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/02 12:0 a.m.13 views

Contact Form Builder by vcita < 4.10.2 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the email parameter in the plugin settings, which could allow users with roles as low as contributor to inject arbitrary web scripts targeting higher privileged users, such as administrators, into the plugin settings. PoC...

6.4CVSS5.9AI score0.0051EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder