Lucene search
+L

265 matches found

Vulnrichment
Vulnrichment
added 2025/11/20 12:0 a.m.2 views

CVE-2025-64027

Snipe-IT v8.3.4 build 20218 contains a reflected cross-site scripting XSS vulnerability in the CSV Import workflow. When an invalid CSV file is uploaded, the application returns a progressmessage value that is rendered as raw HTML in the admin interface. An attacker can intercept and modify the...

5AI score0.0022EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2025/11/20 12:0 a.m.16 views

PT-2025-47606

Name of the Vulnerable Software and Affected Versions Snipe-IT version 8.3.4 build 20218 Description The software contains a reflected cross-site scripting XSS issue within the CSV Import workflow. When an invalid CSV file is uploaded, the application returns a progress message value that is...

6.1CVSS5.7AI score0.0022EPSS
Exploits2References10
Vulnrichment
Vulnrichment
added 2025/11/19 5:45 a.m.4 views

CVE-2025-13145 WP Import – Ultimate CSV XML Importer for WordPress <= 7.33.1 - Authenticated (Administrator+) PHP Object Injection via CSV Import

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.33.1. This is due to deserialization of untrusted data supplied via CSV file imports in the importsinglepostascsv function within...

7.2CVSS6.2AI score0.00502EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/19 5:45 a.m.11 views

CVE-2025-13145 WP Import – Ultimate CSV XML Importer for WordPress <= 7.33.1 - Authenticated (Administrator+) PHP Object Injection via CSV Import

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.33.1. This is due to deserialization of untrusted data supplied via CSV file imports in the importsinglepostascsv function within...

7.2CVSS0.00502EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.7 views

PT-2025-47438

Name of the Vulnerable Software and Affected Versions WP Import – Ultimate CSV XML Importer for WordPress versions prior to 7.33.1 Description The WP Import – Ultimate CSV XML Importer for WordPress plugin is susceptible to PHP Object Injection due to the deserialization of untrusted data from CS...

7.2CVSS6.9AI score0.00502EPSS
Exploits0References9
Patchstack
Patchstack
added 2025/11/18 11:41 p.m.11 views

WordPress WP Import – Ultimate CSV XML Importer for WordPress plugin <= 7.33.1 - Authenticated (Administrator+) PHP Object Injection via CSV Import vulnerability

Authenticated Administrator+ PHP Object Injection via CSV Import vulnerability discovered by WordFence in WordPress Plugin WP Ultimate CSV Importer versions = 7.33.1...

7.2CVSS7.3AI score0.00502EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2025/11/18 12:0 a.m.170 views

📄 Snipe-IT 8.3.4 Cross Site Scripting

Snipe-IT version 8.3.4 suffers from a cross site scripting vulnerability. Product Info Snipe-IT is a free and open-source IT asset management system FOSS built on Laravel. It provides hardware asset tracking, software license management, accessories, and consumables inventory features for IT...

7.1CVSS6.4AI score0.00303EPSS
Exploits2
CVE
CVE
added 2025/11/12 9:11 a.m.20 views

CVE-2025-64406

CVE-2025-64406 affects Apache OpenOffice up to 4.1.15. It is an out-of-bounds write vulnerability that could crash the program or corrupt memory when a crafted document is processed. Upgrading to OpenOffice 4.1.16 fixes the issue. CVSSv3.1 base score 4.3 (MEDIUM) with network attack vector, low c...

4.3CVSS6.5AI score0.00498EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/11/12 9:11 a.m.8 views

CVE-2025-64406 Apache OpenOffice: Possible memory corruption during CSV import

An out-of-bounds Write vulnerability in Apache OpenOffice could allow an attacker to craft a document that would crash the program, or otherwise corrupt other memory areas. This issue affects Apache OpenOffice: through 4.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the...

0.00498EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/02 6:43 a.m.10 views

CVE-2025-11755

The WP Delicious – Recipe Plugin for Food Bloggers formerly Delicious Recipes plugin for WordPress is vulnerable to arbitrary file uploads when importing recipes via CSV in all versions up to, and including, 1.9.0. This flaw allows an attacker with at least Contributor-level permissions to upload...

8.8CVSS7.3AI score0.00493EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/01 9:30 a.m.8 views

EUVD-2025-37427

The WP Delicious – Recipe Plugin for Food Bloggers formerly Delicious Recipes plugin for WordPress is vulnerable to arbitrary file uploads when importing recipes via CSV in all versions up to, and including, 1.9.0. This flaw allows an attacker with at least Contributor-level permissions to upload...

8.8CVSS6.7AI score0.00493EPSS
Exploits0References3
NVD
NVD
added 2025/11/01 7:15 a.m.10 views

CVE-2025-11755

The WP Delicious – Recipe Plugin for Food Bloggers formerly Delicious Recipes plugin for WordPress is vulnerable to arbitrary file uploads when importing recipes via CSV in all versions up to, and including, 1.9.0. This flaw allows an attacker with at least Contributor-level permissions to upload...

8.8CVSS0.00493EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/01 6:40 a.m.16 views

CVE-2025-11755 Delicious Recipes <= 1.9.0 - Authenticated (Contributor+) Arbitrary File Upload

The WP Delicious – Recipe Plugin for Food Bloggers formerly Delicious Recipes plugin for WordPress is vulnerable to arbitrary file uploads when importing recipes via CSV in all versions up to, and including, 1.9.0. This flaw allows an attacker with at least Contributor-level permissions to upload...

8.8CVSS0.00493EPSS
Exploits0References2
CVE
CVE
added 2025/11/01 6:40 a.m.28 views

CVE-2025-11755

The CVE-2025-11755 entry concerns the WP Delicious – Recipe Plugin for WordPress (formerly Delicious Recipes) with vulnerable CSV import handling up to version 1.9.0. Connected sources confirm an Authenticated (Contributor+) Arbitrary File Upload flaw: an attacker with low privileges can supply a...

8.8CVSS6.8AI score0.00493EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/01 12:0 a.m.6 views

WordPress plugin WP Delicious – Recipe Plugin for Food Bloggers 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

8.8CVSS7.8AI score0.00493EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2020-30798

Malware in sbrugna...

9.8CVSS6.2AI score0.04655EPSS
Exploits2References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-13830

Malware in sbrugna...

9.8CVSS5.9AI score0.00667EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.12 views

EUVD-2020-4390

Malware in sbrugna...

8.8CVSS8.7AI score0.01727EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-12671

Malware in sbrugna...

6.1CVSS6.3AI score0.00782EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2021-11724

Malware in sbrugna...

5.4CVSS5.6AI score0.00604EPSS
Exploits2References2
Rows per page
Query Builder