Lucene search
K

91 matches found

Vulnrichment
Vulnrichment
added 2025/10/21 12:0 a.m.3 views

CVE-2025-56799

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself...

6.9AI score0.01236EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/21 12:0 a.m.6 views

EUVD-2025-35237

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name...

6.5CVSS7AI score0.01236EPSS
Exploits2References2
CVE
CVE
added 2025/10/21 12:0 a.m.13 views

CVE-2025-56799

CVE-2025-56799 affects the Reolink Desktop Application (v8.18.12). The issue is an OS command injection in the cache-clearing scheduler, where a shell command is assembled using a folder path read from a config file without proper sanitization. This can allow an attacker to inject arbitrary comma...

6.5CVSS6.9AI score0.01236EPSS
Exploits2References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-13617

Malware in sbrugna...

5.9CVSS6AI score0.00979EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-2789

Malware in sbrugna...

5.3CVSS7.4AI score0.01004EPSS
Exploits0References15
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2009-4335

Malware in sbrugna...

6.8CVSS6.4AI score0.06087EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-11583

Malware in sbrugna...

5.3CVSS7.5AI score0.01459EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-12501

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00591EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-23604

Malicious code in bioql PyPI...

4.3CVSS6.1AI score0.00315EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-51731

Malicious code in bioql PyPI...

4.3CVSS9.1AI score0.00231EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2023-24070

Malicious code in bioql PyPI...

6.5CVSS6.7AI score0.00615EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-33299

Malicious code in bioql PyPI...

4.3CVSS8.6AI score0.00333EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 7:10 a.m.7 views

CVE-2024-13715

The zStore Manager Basic plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the zstoreclearcache function in all versions up to, and including, 3.311. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

4.3CVSS6.5AI score0.00231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:40 a.m.5 views

CVE-2023-0447

The My YouTube Channel plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the clearallcache function in versions up to, and including, 3.0.12.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to clear t...

4.3CVSS3.3AI score0.00591EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:2 a.m.8 views

CVE-2023-1868

The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when clearing the plugin cache via the yrcclearcache GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to clear the plugin's...

6.5CVSS5.4AI score0.00615EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:33 a.m.9 views

CVE-2023-1346

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clearpagecache function. This makes it possible for unauthenticated attackers to clear the...

4.3CVSS6.4AI score0.00315EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:31 a.m.4 views

CVE-2023-1925

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcclearcacheofallsitescallback function. This makes it possible for unauthenticated attackers to clear cache...

4.3CVSS5.2AI score0.00227EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/30 2:54 p.m.51 views

CVE-2025-32972 The lesscss script service allows cache clearing without programming right

XWiki is a generic wiki platform. In versions starting from 6.1-milestone-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the script API of the LESS compiler in XWiki is incorrectly checking for rights when calling the cache cleaning API, makin...

2.7CVSS0.00412EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/04/30 2:54 p.m.15 views

CVE-2025-32972 The lesscss script service allows cache clearing without programming right

XWiki is a generic wiki platform. In versions starting from 6.1-milestone-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the script API of the LESS compiler in XWiki is incorrectly checking for rights when calling the cache cleaning API, makin...

2.7CVSS6.9AI score0.00412EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/04/29 2:1 p.m.15 views

The lesscss script service allows cache clearing without programming right

Impact The script API of the LESS compiler in XWiki is incorrectly checking for rights when calling the cache cleaning API, making it possible to clean the cache without having programming right. The only impact of this is a slowdown in XWiki execution as the caches are re-filled. As this...

5.3CVSS6.8AI score0.00412EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder