Lucene search
K

13 matches found

NVD
NVD
added 2026/03/25 5:16 p.m.3 views

CVE-2026-24972

Missing Authorization vulnerability in Elated-Themes Elated Listing eltd-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elated Listing: from n/a through = 1.4...

6.5CVSS0.00269EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:52 p.m.3 views

CVE-2026-22360

Cross-Site Request Forgery CSRF vulnerability in AA-Team SearchAzon searchazon allows Cross Site Request Forgery.This issue affects SearchAzon: from n/a through = 1.4...

4.3CVSS5.2AI score0.00107EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/19 7:33 a.m.5 views

CVE-2025-58944

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Manufactory manufactory allows PHP Local File Inclusion.This issue affects Manufactory: from n/a through = 1.4...

8.1CVSS7.1AI score0.00445EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.9 views

PT-2025-44287

Name of the Vulnerable Software and Affected Versions Jenkins Start Windocks Containers Plugin versions 1.4 and earlier Description A cross-site request forgery CSRF issue exists in the Jenkins Start Windocks Containers Plugin. This flaw allows attackers to force connections to a URL chosen by th...

4.3CVSS6.5AI score0.0019EPSS
Exploits0References6
NVD
NVD
added 2025/10/03 12:15 p.m.5 views

CVE-2025-9372

The Ultimate Multi Design Video Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to inject...

5.5CVSS0.00201EPSS
Exploits0References2
NVD
NVD
added 2025/09/22 7:15 p.m.5 views

CVE-2025-57911

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Adverts adverts-click-tracker allows DOM-Based XSS.This issue affects Adverts: from n/a through = 1.4...

6.5CVSS0.0025EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/19 12:0 a.m.4 views

WordPress plugin Disable Auto Updates 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

4.3CVSS8.8AI score0.00154EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/09 12:0 a.m.8 views

PT-2024-34713 · Odihost · Odihost Easy Gallery

Name of the Vulnerable Software and Affected Versions: Odihost Easy Gallery versions 1.4 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendation...

8.5CVSS8AI score0.00384EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/02/02 12:0 a.m.5 views

PT-2024-15043

Name of the Vulnerable Software and Affected Versions CyberMath versions 1.4 through 1.4 Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This affects the CyberMath software. Recommendation...

6.1CVSS6.4AI score0.00331EPSS
Exploits0References8
vulnersOsv
vulnersOsv
added 2024/01/23 9:30 p.m.6 views

cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2024-22497 via com.jfinal:jfinal (>=1.4 <=5.0.0)

com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2024-22497 Source advisory: OSV:GHSA-QH2W-9M7W-HJG2...

6.1CVSS6.3AI score0.00435EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/12/05 3:30 p.m.6 views

cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-49378 via com.jfinal:jfinal (>=1.4 <=5.0.0)

com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-49378 Source advisory: OSV:GHSA-GW26-CCHC-8F2F...

8.8CVSS7.2AI score0.00391EPSS
Exploits1
OSV
OSV
added 2023/10/16 9:15 a.m.3 views

CVE-2023-43668

Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, some sensitive params checks will be bypassed, like "autoDeserizalize","allowLoadLocalInfile".... . Users are advised to upgrade to Apache InLong's 1.9.0 or...

9.8CVSS5.8AI score0.01009EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2015/02/17 12:0 a.m.6 views

PT-2015-5280 · Elastic · Elasticsearch

Name of the Vulnerable Software and Affected Versions: Elasticsearch versions 1.3.x through 1.3.7 Elasticsearch versions 1.4.x through 1.4.2 Description: The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell...

9.8CVSS9.4AI score0.99906EPSS
Exploits19References27
Rows per page
Query Builder