Lucene search
K

266 matches found

Patchstack
Patchstack
added 2025/02/21 12:0 a.m.4 views

WordPress DB Tables Import/Export Plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin DB Tables Import/Export versions = 1.0.1...

7.1CVSS6.1AI score0.00224EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/06 2:24 a.m.5 views

CVE-2025-22539

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ka2 Custom DataBase Tables custom-database-tables allows Reflected XSS.This issue affects Custom DataBase Tables: from n/a through = 2.1.34...

7.1CVSS7.2AI score0.00308EPSS
Exploits0References1
NVD
NVD
added 2025/01/09 4:16 p.m.3 views

CVE-2025-22539

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ka2 Custom DataBase Tables custom-database-tables allows Reflected XSS.This issue affects Custom DataBase Tables: from n/a through = 2.1.34...

7.1CVSS0.00308EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/09 3:39 p.m.16 views

CVE-2025-22539 WordPress Custom DataBase Tables Plugin <= 2.1.34 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ka2 Custom DataBase Tables custom-database-tables allows Reflected XSS.This issue affects Custom DataBase Tables: from n/a through = 2.1.34...

7.1CVSS0.00308EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/09 3:39 p.m.4 views

CVE-2025-22539 WordPress Custom DataBase Tables Plugin <= 2.1.34 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ka2 Custom DataBase Tables allows Reflected XSS.This issue affects Custom DataBase Tables: from n/a through 2.1.34...

7.1CVSS7AI score0.00308EPSS
Exploits0References1
CVE
CVE
added 2025/01/09 3:39 p.m.49 views

CVE-2025-22539

CVE-2025-22539 affects the ka2 Custom DataBase Tables WordPress plugin. The connected document details a Reflected Cross-Site Scripting vulnerability caused by improper neutralization of input during web page generation. The issue affects Custom DataBase Tables versions from n/a up to 2.1.34. The...

7.1CVSS7.2AI score0.00308EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.4 views

WordPress plugin Custom DataBase Tables 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

7.1CVSS7.7AI score0.00308EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/01/07 12:50 p.m.2 views

WordPress Custom DataBase Tables Plugin <= 2.1.34 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 Patchstack Alliance in WordPress Plugin Custom DataBase Tables versions = 2.1.34...

7.1CVSS6.1AI score0.00308EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2024/11/12 12:0 a.m.5 views

UIOMatic 注入漏洞

UIOMatic is a tool by Tim Geyssens personal developer. It automatically generates an integrated crud UI for npoco poco based db tables. An injection vulnerability exists in UIOMatic version 5, which stems from the file /src/UIOMatic/wwwroot/backoffice/resources/uioMaticObject.r that can lead to S...

7.2CVSS5.8AI score0.00368EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/11/11 7:17 p.m.76 views

CVE-2024-51992 Method Exposure Vulnerability in Modals in orchid/platform

Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards. This vulnerability is a method exposure issue CWE-749: Exposed Dangerous Method or Function in the Orchid Platform’s asynchronous modal functionality, affecti...

4.1CVSS0.00322EPSS
Exploits0References1
CVE
CVE
added 2024/11/11 7:17 p.m.53 views

CVE-2024-51992

The CVE-2024-51992 issue affects Orchid Platform versions 8 through 14.42.x and stems from a method exposure vulnerability in the platform’s asynchronous modal functionality. The root cause is exposing dangerous methods within the Screen class, enabling an attacker to call arbitrary methods. Clai...

4.1CVSS4.4AI score0.00322EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/08/23 12:0 a.m.3 views

ZOHO ManageEngine ADAudit Plus 安全漏洞

ZOHO ManageEngine ADAudit Plus is ZOHO's solution for simplifying audits, proving compliance and detecting threats. A SQL injection vulnerability exists in ZOHO ManageEngine ADAudit Plus prior to version 8121, which can be exploited by an attacker to execute custom queries and access database tab...

8.8CVSS8.1AI score0.05172EPSS
Exploits0References2
NVD
NVD
added 2024/08/21 6:15 a.m.25 views

CVE-2024-7032

The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'moodeactivateAndClean' function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to deactivate the plugin an...

6.5CVSS0.00482EPSS
Exploits0References4
CVE
CVE
added 2024/08/21 5:30 a.m.58 views

CVE-2024-7032

CVE-2024-7032 affects the WordPress plugin Smart Online Order for Clover . The vulnerability is a missing authorization check in the function moo_deactivateAndClean , present in all versions up to and including 1.5.6, which could allow unauthenticated attackers to deactivate the plugin and drop a...

6.5CVSS6.3AI score0.00482EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/07/30 2:43 p.m.26 views

CVE-2024-41109 Pimcore vulnerable to disclosure of system and database information behind /admin firewall

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Navigating to /admin/index/statistics with a logged in Pimcore user exposes information about the Pimcore installation, PHP version, MYSQL version, installed bundles and all database tables and their row count in the...

6.3CVSS6.3AI score0.00483EPSS
Exploits1References6
CNNVD
CNNVD
added 2024/07/30 12:0 a.m.6 views

Pimcore 安全漏洞

Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates applications for Web content management, e-commerce frameworks and product information management. A security vulnerability exists in...

6.5CVSS6.3AI score0.00483EPSS
Exploits1References5
The Hacker News
The Hacker News
added 2024/06/26 8:37 a.m.33 views

New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites

Multiple content management system CMS platforms like WordPress, Magento, and OpenCart have been targeted by a new credit card web skimmer called Caesar Cipher Skimmer. A web skimmer refers to malware that is injected into e-commerce sites with the goal of stealing financial and payment...

7.4AI score
Exploits0
CVE
CVE
added 2024/05/13 3:11 p.m.113 views

CVE-2024-31459

CVE-2024-31459 affects Cacti prior to version 1.2.27 and describes a file inclusion in lib/plugin.php where data from plugin_hooks and plugin_config tables is concatenated into a file path for inclusion. When paired with SQL injection weaknesses, this can enable remote code execution. Connected a...

8CVSS8.2AI score0.02677EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2024/04/29 12:0 a.m.7 views

Beekeeper Studio 安全漏洞

Beekeeper Studio is a cross-platform, open source SQL editor and database manager from Beekeeper Studio, Inc. It is available for Linux, Mac and Windows. A security vulnerability exists in Beekeeper Studio version 4.1.13 and prior versions. A remote attacker can exploit this vulnerability to...

6.1CVSS8.1AI score0.00962EPSS
Exploits1References3
OSV
OSV
added 2024/03/06 11:3 a.m.30 views

BIT-PHPMYADMIN-2020-10803

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results in tblgetfield.php and libraries/classes/Display/Results.php. The attacker must be able to insert...

5.4CVSS6.5AI score0.01593EPSS
Exploits0References9
Rows per page
Query Builder