Lucene search
K

8 matches found

CVE
CVE
added 8 hours ago6 views

CVE-2026-24013

CVE-2026-24013 describes an authentication bypass in Apache IoTDB due to insufficient validation of the sessionId in certain Thrift RPC query handlers. An attacker can forge a sessionId and, without openSession authentication, obtain valid query results, enabling unauthorized reading of time-seri...

6AI score
Exploits0References1
NVD
NVD
added 2026/01/22 5:16 p.m.6 views

CVE-2025-69078

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Malta malta allows PHP Local File Inclusion.This issue affects Malta: from n/a through = 1.3.3...

8.1CVSS0.00512EPSS
Exploits0References1
NVD
NVD
added 2025/09/09 9:15 p.m.9 views

CVE-2025-59037

DuckDB is an analytical in-process SQL database management system. On 08 September 2025, the DuckDB distribution for Node.js on npm was compromised with malware along with several other packages. An attacker published new versions of four of DuckDB's packages that included malicious code to...

8.6CVSS0.00349EPSS
Exploits0References3
CVE
CVE
added 2025/06/06 12:54 p.m.47 views

CVE-2025-30629

CVE-2025-30629 is a CSRF vulnerability in Codehaveli Bitly URL Shortener (WordPress plugin) affecting versions up to 1.3.3. Public details confirm CSRF as the issue, with CVSS 3.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) base score 4.3 (Medium). Connected sources (Wordfence, Red Hat) list the vulner...

4.3CVSS5.9AI score0.0014EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/13 12:0 a.m.4 views

WordPress plugin Yottie Lite 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.9CVSS7.7AI score0.00202EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/20 12:0 a.m.6 views

PT-2024-33575 · Unknown · Ferma.Ru.Net

Name of the Vulnerable Software and Affected Versions: FERMA.Ru.Net versions 1.3.3 and earlier Description: The issue is related to an SQL Injection vulnerability, specifically a Blind SQL Injection, due to the improper neutralization of special elements used in an SQL command. This allows an...

8.8CVSS8.1AI score0.00432EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/09/30 12:0 a.m.6 views

PT-2024-32615 · Unknown · Move Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Move Addons for Elementor versions 1.3.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS in Move Addons for...

6.5CVSS5.8AI score0.00256EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2021/10/06 5:46 p.m.5 views

article-extract (>=0.1.2 <=0.1.3), bookscrape (>=0.0.1.dev1 <=0.0.2b7) +19 more potentially affected by CVE-2021-41125 via scrapy (>=1.3.3 <=1.8.0)

scrapy PYPI version =1.3.3, =0.1.2, =0.0.1.dev1, =1.2.1.20160901, =0.0.5, =0.0.20, =0.9.3, =0.0.1, =1.0.0, =1.0.0, =1.7.2, =1.1.0, =0.1.0, =0.2.3, =0.0.1, =0.1.5, =0.1.8 and more Source cves: CVE-2021-41125 Source advisory: OSV:GHSA-JWQP-28GF-P498...

6.5CVSS6.9AI score0.01196EPSS
Exploits0
Rows per page
Query Builder