Lucene search
+L

71 matches found

CNVD
CNVD
added 2025/08/20 12:0 a.m.3 views

WordPress Assistant for NextGEN Gallery plugin path traversal vulnerability

The WordPress Assistant for NextGEN Gallery plugin is a WordPress plugin that focuses on migrating the image uploading, processing and album management features of NextGEN Gallery from a website/browser to a desktop application running on a more powerful desktop system. The WordPress Assistant fo...

7.5CVSS6.8AI score0.00531EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/15 8:25 a.m.4 views

CVE-2025-7641 Assistant for NextGEN Gallery <= 1.0.9 - Unauthenticated Arbitrary Directory Deletion

The Assistant for NextGEN Gallery plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the /wp-json/nextgenassistant/v1.0.0/control REST endpoint in all versions up to, and including, 1.0.9. This makes it possible for unauthenticated...

7.5CVSS6.6AI score0.00531EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/15 12:0 a.m.4 views

WordPress plugin Assistant for NextGEN Gallery 路径遍历漏洞

The WordPress Assistant for NextGEN Gallery plugin is a WordPress plugin that focuses on migrating the image uploading, processing and album management features of NextGEN Gallery from a website/browser to a desktop application running on a more powerful desktop system. The WordPress Assistant fo...

7.5CVSS6.7AI score0.00531EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/08/15 12:0 a.m.14 views

PT-2025-33459 · Unknown +1 · Nextgen Gallery +1

Name of the Vulnerable Software and Affected Versions: Assistant for NextGEN Gallery plugin for WordPress versions up to and including 1.0.9 Description: The Assistant for NextGEN Gallery plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation i...

7.5CVSS6.6AI score0.00531EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/07/16 12:0 a.m.5 views

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations. WeGIA suffers from an SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter cargo in the /controle/control.php endpoint. An attacker can exploit this vulnerability to execute illeg...

9.8CVSS8.2AI score0.00462EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/07/01 12:0 a.m.8 views

PT-2025-27527 · Unknown · Ai-Inference-Server

Name of the Vulnerable Software and Affected Versions: ai-inference-server affected versions not specified Description: A flaw was found in the authentication enforcement mechanism of a model inference API. The issue affects the "/v1/" endpoints, where API key validation is expected but not...

5.3CVSS6.2AI score0.00268EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/03/13 12:0 a.m.5 views

PT-2025-11184 · Tenda · Tenda Rx3

Name of the Vulnerable Software and Affected Versions: Tenda RX3 US RX3V1.0br V16.03.13.11 multi TDE01 Description: The issue is related to a buffer overflow that can be triggered via the schedStartTime and schedEndTime parameters at the "/goform/saveParentControlInfo" API endpoint. This allows...

7.5CVSS6.6AI score0.00483EPSS
Exploits1References6
OSV
OSV
added 2024/03/06 11:21 a.m.32 views

BIT-GITLAB-2020-15525

GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint...

5.3CVSS5.1AI score0.01059EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/02/20 7:50 p.m.29 views

CVE-2024-26135 MeshCentral cross-site websocket hijacking (CSWSH) vulnerability

MeshCentral is a full computer management web site. Versions prior to 1.1.21 a cross-site websocket hijacking CSWSH vulnerability within the control.ashx endpoint. This component is the primary mechanism used within MeshCentral to perform administrative actions on the server. The vulnerability is...

8.3CVSS8.3AI score0.00464EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2016/05/02 12:0 a.m.36 views

CVE-2016-3138

The acmprobe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service NULL pointer dereference and system crash via a USB device without both a control and a data endpoint descriptor...

4.9CVSS6.7AI score0.00546EPSS
Exploits1References17
OSV
OSV
added 2016/05/02 12:0 a.m.12 views

UBUNTU-CVE-2016-3138

The acmprobe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service NULL pointer dereference and system crash via a USB device without both a control and a data endpoint descriptor...

4.6CVSS7.2AI score0.00546EPSS
Exploits1References18
Rows per page
Query Builder