Lucene search
K

2609 matches found

EUVD
EUVD
added 2026/04/16 6:31 a.m.5 views

EUVD-2023-58146

In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...

4.3CVSS5.8AI score0.00317EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/16 5:29 a.m.3 views

CVE-2026-3599

The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter keys within 'productdata' of the /wp-json/InkXEProductDesignerLite/add-item-to-cart REST API endpoint in all versions up to, and including, 2.1.2. This is due to insufficient escaping on t...

7.5CVSS5.9AI score0.00489EPSS
Exploits0References8
NVD
NVD
added 2026/04/16 5:16 a.m.5 views

CVE-2023-5872

In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...

4.3CVSS0.00317EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/16 4:55 a.m.7 views

CVE-2023-5872

In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...

4.3CVSS5.8AI score0.00317EPSS
Exploits0References3
CVE
CVE
added 2026/04/16 4:55 a.m.11 views

CVE-2023-5872

Wago Smart Designer (versions up to 2.33.1) is vulnerable to an information disclosure vulnerability where a low-privileged remote attacker can enumerate projects and usernames by issuing iterative requests to a specific endpoint. This is documented in CVE-2023-5872 with a CVSS v3.1 base score of...

4.3CVSS5.8AI score0.00317EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/16 4:55 a.m.27 views

CVE-2023-5872 Wago: Vulnerability in Smart Designer Web-Application

In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...

4.3CVSS0.00317EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/16 4:55 a.m.4 views

CVE-2023-5872 Wago: Vulnerability in Smart Designer Web-Application

In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...

4.3CVSS5.8AI score0.00317EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.5 views

PT-2026-33255

In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...

4.3CVSS5.8AI score0.00317EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.9 views

WAGO Smart Designer 安全漏洞

WAGO Smart Designer is a engineering design software developed by the German company WAGO. Versions of WAGO Smart Designer 2.33.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the ability of certain endpoints to allow iterative requests, which may lead to the...

4.3CVSS5.8AI score0.00317EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 9:45 a.m.6 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and Dashboard operands are vulnerable to denial of service (CVE-2026-0994)

Summary Python module protobuf is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring and Dashboard operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...

8.2CVSS6.6AI score0.00613EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/14 11:36 a.m.9 views

WordPress Blog Designer - Post and Widget plugin <= 2.7.7 - Backdoor vulnerability

WordPress Blog Designer - Post and Widget plugin = 2.7.7 - Backdoor vulnerability discovered by ? in WordPress Plugin Blog Designer - Post and Widget versions = 2.7.7...

5.8AI score
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/13 10:6 a.m.7 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service (CVE-2026-34043)

Summary Node.js module serialize-javascript is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...

7.5CVSS5.7AI score0.00472EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/04/08 7:16 a.m.3 views

CVE-2026-3594

The Riaxe Product Customizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4 via the '/wp-json/InkXEProductDesignerLite/orders' REST API endpoint. The endpoint is registered with 'permissioncallback' set to 'returntrue', meaning no...

5.3CVSS0.00462EPSS
Exploits0References9
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/31 3:5 p.m.5 views

Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to loss of confidentiality (CVE-2025-68121)

Summary IBM App Connect Enterprise Certified Container operator and DesignerAuthoring, IntegrationRuntime and IntegrationServer operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in Golang module crypto/tls...

10CVSS6.7AI score0.00765EPSS
Exploits1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2026/03/31 12:0 a.m.10 views

VulnCheck KEV: CVE-2025-48281

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in mystyleplatform MyStyle Custom Product Designer mystyle-custom-product-designer allows Blind SQL Injection.This issue affects MyStyle Custom Product Designer: from n/a through = 3.21.1...

9.3CVSS5.9AI score0.01308EPSS
In wildExploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 11:3 p.m.5 views

CVE-2025-36422

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

4.3CVSS5.7AI score0.00139EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 5:3 p.m.4 views

CVE-2026-25371

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in King-Theme Lumise Product Designer lumise allows Blind SQL Injection.This issue affects Lumise Product Designer: from n/a through 2.0.9...

9.3CVSS5.9AI score0.00283EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/26 4:2 p.m.8 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to XSS (CVE-2026-33230), denial of service (CVE-2026-33231, GHSA-rf74-v2fm-23pw) and path traversal (CVE-2026-33236)

Summary Python module NLTK is used by IBM App Connect Enterprise Certified Container for mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to cross-site scripting CVE-2026-33230, denial of service CVE-2026-3323...

8.1CVSS5.8AI score0.00855EPSS
Exploits3Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.7 views

CVE-2026-21994

Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of Oracle Open Source Projects component: Desktop. The supported version that is affected is 0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

9.8CVSS5.8AI score0.00448EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/25 9:30 p.m.6 views

EUVD-2025-209025

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

4.3CVSS5.7AI score0.00139EPSS
Exploits0References2
Rows per page
Query Builder