Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Positive Technologies
Positive Technologiesadded 2026/04/29 12:0 a.m.5 views

PT-2026-37140

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9 Description An issue exists in the 'add' mode of the 'modules/documents-files.php' endpoint where the name parameter is validated only as a string, allowing path traversal characters such as ../ to pass...

4.5CVSS5.9AI score0.0001EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2025/05/22 9:5 p.m.6 views

CVE-2021-24615

The Wechat Reward WordPress plugin through 1.7 does not sanitise or escape its QR settings, nor has any CSRF check in place, allowing attackers to make a logged in admin change the settings and perform Cross-Site Scripting attacks...

5.4CVSS6.3AI score0.00099EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/22 7:23 p.m.3 views

CVE-2021-24730

The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and authorisation checks in the lswsssaveattachmentdata AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and URL of arbitrary uploaded media...

4.3CVSS6.8AI score0.00095EPSS
Exploits2References1
RedhatCVE
RedhatCVEadded 2025/05/22 6:24 p.m.5 views

CVE-2021-24620

The WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin through 2.2.5 does not check for the uploaded Downloadable Digital product file, allowing any file, such as PHP to be uploaded by an administrator. Furthermore, as there is no CSRF in place, attackers could...

8.8CVSS6.9AI score0.00202EPSS
Exploits2References1
CNNVD
CNNVDadded 2024/12/16 12:0 a.m.1 views

Chunghwa Telecom topm-client 安全漏洞

Chunghwa Telecom topm-client is an application from Chunghwa Telecom Taiwan, China. A security vulnerability exists in Chunghwa Telecom topm-client versions 0.3.14 through 0.3.17, which stems from the presence of arbitrary file deletion and lack of CSRF protection, as well as an absolute path...

8.1CVSS6.9AI score0.01696EPSS
Exploits0References2
CNNVD
CNNVDadded 2022/02/28 12:0 a.m.1 views

WordPress plugin Logo Showcase with Slick Slider 访问控制错误漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. An access control error vulnerability exists in the WordPress...

4.3CVSS5.3AI score0.00095EPSS
Exploits2References2
OSV
OSVadded 2022/01/24 8:15 a.m.1 views

CVE-2021-25013

The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubelydeletesavedblock AJAX action, and does not ensure that the block to be deleted belong to the plugin, as a result, any authenticated users, such as subscriber can delete arbitrary posts...

6.5CVSS6.7AI score0.00118EPSS
Exploits2References1
CNNVD
CNNVDadded 2021/09/20 12:0 a.m.1 views

WordPress Plugin Timetable and Event Schedule 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.4CVSS5.6AI score0.00118EPSS
Exploits2References2
Rows per page
Query Builder