Lucene search
K

2444 matches found

Vulnrichment
Vulnrichment
added 2025/06/06 11:49 a.m.7 views

CVE-2025-41365 Code injection vulnerability in IDF and ZLF

Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that...

5.1CVSS7AI score0.00319EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/06 11:49 a.m.4 views

CVE-2025-41364 Stored Cross-Site Scripting (XSS) vulnerability in IDF and ZLF

Stored Cross-Site Scripting XSS vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious JavaScript payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and...

5.1CVSS5.7AI score0.003EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/06 11:47 a.m.13 views

CVE-2025-41363 CORS vulnerability in IDF and ZLF

In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing CORS. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed with view permission...

5.3CVSS0.00282EPSS
Exploits0References1
CVE
CVE
added 2025/06/06 11:47 a.m.48 views

CVE-2025-41363

The CVE-2025-41363 issue affects IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. A cross-origin resource sharing (CORS) configuration error allows commands that require view permission to be executed after authenticating to the device. The documented exploitation path indicates authentication is nee...

5.3CVSS7.2AI score0.00282EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/06 12:0 a.m.8 views

PT-2025-24282 · Wolfbox · Wolfbox Level 2 Ev Charger

Name of the Vulnerable Software and Affected Versions: WOLFBOX Level 2 EV Charger affected versions not specified Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected WOLFBOX Level 2 EV Charger devices. Authentication is required for exploitation...

8CVSS8AI score0.0036EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/06/06 12:0 a.m.5 views

PT-2025-24084 · Idf +1 · Idf +1

Name of the Vulnerable Software and Affected Versions: IDF versions 0.10.0-0C03-03 ZLF versions 0.10.0-0C03-04 Description: A configuration error has been detected in cross-origin resource sharing CORS in the affected software. To exploit this issue, an attacker must authenticate to the device an...

5.1CVSS6.7AI score0.00305EPSS
Exploits0References4
Zero Day Initiative
Zero Day Initiative
added 2025/06/06 12:0 a.m.6 views

(0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installatons of WOLFBOX Level 2 EV Charger devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of command frames received by the MCU. When parsing...

8CVSS7.5AI score0.0036EPSS
Exploits0
Patchstack
Patchstack
added 2025/06/05 1:46 a.m.15 views

WordPress WP Security Master plugin <= 1.0.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Chu The Anh Blue Rock in WordPress Plugin WP Security Master versions = 1.0.2...

4.3CVSS6.6AI score0.00136EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/06/04 4:18 p.m.25 views

CVE-2025-20278 Cisco Unified Communications Products Command Injection Vulnerability

A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied...

6CVSS0.00156EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/04 4:18 p.m.16 views

CVE-2025-20277 Cisco Unified Contact Center Express Path Traversal Vulnerability

A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper...

3.4CVSS0.00147EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/04 7:24 a.m.16 views

CVE-2025-27444 Extension - rsjoomla.com - A reflected XSS vulnerability RSform!Pro component 3.0.0 - 3.3.13 for Joomla

A reflected XSS vulnerability in RSform!Pro component 3.0.0 - 3.3.13 for Joomla was discovered. The issue arises from the improper handling of the filterdateFrom GET parameter, which is reflected unescaped in the administrative backend interface. This allows an authenticated attacker with admin o...

0.00255EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/05/31 10:25 p.m.338 views

Exploit for Code Injection in Langflow

Authenticated CVE-2025-3248 Langflow Remote Code Execution Th...

9.8CVSS10AI score0.99972EPSS
Exploits33
Zero Day Initiative
Zero Day Initiative
added 2025/05/29 12:0 a.m.6 views

(Pwn2Own) Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of ALAC data. The issue results from the lack of proper validation of the...

8.8CVSS7.4AI score0.00326EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/26 5:14 a.m.15 views

CVE-2025-4223

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘loginurl’ parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for...

4.7CVSS6.2AI score0.00347EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/05/24 3:55 p.m.529 views

Exploit for Unrestricted Upload of File with Dangerous Type in Pluck-Cms Pluck

CVE-2023-50564 📌 Description This exploit allows an authe...

8.8CVSS9AI score0.29069EPSS
Exploits11
NVD
NVD
added 2025/05/24 5:15 a.m.12 views

CVE-2025-4223

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘loginurl’ parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for...

4.7CVSS0.00347EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 10:47 a.m.6 views

CVE-2024-9452

The Branding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inje...

6.4CVSS5.8AI score0.0028EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:7 a.m.8 views

CVE-2024-30570

An information leak in debuginfo.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required...

5.3CVSS6.5AI score0.01231EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:2 a.m.5 views

CVE-2024-29832

The currenturl parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the currenturl parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. No...

6.1CVSS7AI score0.00446EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:28 a.m.18 views

CVE-2024-12560

The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via the 'btnblockduplicatepost' function. This makes it possible for authenticated attackers, with Contributor-leve...

6.5CVSS6.6AI score0.00355EPSS
Exploits0References1
Rows per page
Query Builder