Lucene search
K

83 matches found

EUVD
EUVD
added 2025/11/21 8:28 a.m.5 views

EUVD-2025-198384

The WP Company Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'social-networks' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS4.7AI score0.00162EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/12 3:46 a.m.10 views

CVE-2025-12651

The Live Photos on WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'videosrc', 'imgsrc', and 'class' parameters in the livephotosphoto shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on...

6.4CVSS4.9AI score0.00161EPSS
Exploits0References1
NVD
NVD
added 2025/11/11 4:15 a.m.12 views

CVE-2025-12651

The Live Photos on WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'videosrc', 'imgsrc', and 'class' parameters in the livephotosphoto shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on...

6.4CVSS0.00161EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/22 8:27 a.m.16 views

CVE-2025-11870 Simple Business Data <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Simple Business Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'simplebusinessdata' shortcode attributes in all versions up to, and including, 1.0.1. This is due to the plugin not properly sanitizing user input or escaping output when embedding the type attribute...

6.4CVSS0.00176EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.15 views

EUVD-2021-11644

Malware in sbrugna...

5.4CVSS5.6AI score0.00629EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/05/22 8:44 p.m.3 views

CVE-2021-39271

OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution RCE during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3...

8.8CVSS7.8AI score0.03679EPSS
Exploits3References1
RedHat Linux
RedHat Linux
added 2024/11/25 12:12 a.m.1 views

apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...

9.2CVSS7.9AI score0.03278EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/11/25 12:12 a.m.4 views

apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...

9.2CVSS7.9AI score0.03278EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/10/22 6:29 p.m.6 views

apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...

9.2CVSS7.9AI score0.03278EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/10/14 7:55 p.m.4 views

apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...

9.2CVSS7.9AI score0.03278EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/10/14 3:53 p.m.4 views

apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...

9.2CVSS7.9AI score0.03278EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/10/10 2:0 p.m.7 views

apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...

9.2CVSS7.9AI score0.03278EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/10/10 1:43 p.m.5 views

apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...

9.2CVSS7.9AI score0.03278EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/10/10 11:49 a.m.8 views

apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...

9.2CVSS7.9AI score0.03278EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/10/09 12:35 p.m.5 views

apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...

9.2CVSS7.9AI score0.03278EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/10/08 4:8 p.m.4 views

apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...

9.2CVSS7.9AI score0.03278EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/10/08 4:4 p.m.4 views

apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...

9.2CVSS7.9AI score0.03278EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/10/03 12:57 p.m.34 views

CVE-2024-47561

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute. Mitigation 1. Avoid parsin...

8.8CVSS7.6AI score0.03278EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/06/01 12:0 a.m.8 views

PT-2024-14942 · WordPress · The Master Slider

Name of the Vulnerable Software and Affected Versions: The Master Slider – Responsive Touch Slider plugin for WordPress versions up to, and including, 3.9.9 Description: The issue arises from insufficient input sanitization and output escaping on the user-supplied css class attribute in the...

6.4CVSS6.8AI score0.00323EPSS
Exploits0References7
F5 Networks
F5 Networks
added 2023/02/21 5:33 p.m.56 views

K34250741: BIND vulnerability CVE-2015-8000

Security Advisory Description db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via a malformed class attribute. CVE-2015-8000 Impact An attack may cause a denial-of-service DoS ...

5CVSS7.1AI score0.5469EPSS
Exploits0Affected Software21
Rows per page
Query Builder