Lucene search
K

165 matches found

OSV
OSV
added 2025/06/23 3:15 p.m.3 views

CVE-2025-52876

In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible...

5.4CVSS5.8AI score0.13581EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/23 12:0 a.m.4 views

JetBrains TeamCity 跨站脚本漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a cross-site...

5.4CVSS6.1AI score0.13581EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:47 a.m.8 views

CVE-2024-34427

Cross-Site Request Forgery CSRF vulnerability in Huseyin Berberoglu WP Favorite Posts.This issue affects WP Favorite Posts: from n/a through 1.6.8...

4.3CVSS5.1AI score0.00249EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:24 a.m.6 views

CVE-2013-5726

Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not require confirmation of 1 follow or 2 favorite actions, which allows remote attackers to automatically force the user to perform undesired actions, as demonstrated via the tweetbot:///follow/ URL...

6.8CVSS7.1AI score0.01062EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/04/24 8:23 a.m.17 views

CVE-2024-13307 Reales WP - Real Estate WordPress Theme <= 2.1.2 - Missing Authorization to Unauthenticated Attachment Deletion and Favorite Property Updates

The Reales WP - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'realesdeletefile', 'realesdeletefileplans', 'realesaddtofavourites', and 'realesremovefromfavourites' functions in all versions up...

5.3CVSS0.00241EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/24 8:23 a.m.7 views

CVE-2024-13307 Reales WP - Real Estate WordPress Theme <= 2.1.2 - Missing Authorization to Unauthenticated Attachment Deletion and Favorite Property Updates

The Reales WP - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'realesdeletefile', 'realesdeletefileplans', 'realesaddtofavourites', and 'realesremovefromfavourites' functions in all versions up...

5.3CVSS6.9AI score0.00241EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/04/23 8:47 p.m.4 views

WordPress Reales WP theme <= 2.1.2 - Missing Authorization to Unauthenticated Attachment Deletion and Favorite Property Updates vulnerability

Missing Authorization to Unauthenticated Attachment Deletion and Favorite Property Updates vulnerability discovered by Lucio Sá in WordPress Theme Reales WP versions = 2.1.2...

5.3CVSS7AI score0.00241EPSS
Exploits0References1Affected Software1
Wiz blog
Wiz blog
added 2025/04/09 3:33 p.m.5 views

Crying out Cloud: Our Favorite Stories of 2024

Check out our top podcast episode picks from the past year...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/06 2:28 a.m.5 views

CVE-2025-22778

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in damniel Lijit Search wp-lijit-wijit allows Reflected XSS.This issue affects Lijit Search: from n/a through = 1.1...

7.1CVSS7.2AI score0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:9 a.m.5 views

CVE-2024-32132

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Codeboxr Team CBX Bookmark & Favorite.This issue affects CBX Bookmark & Favorite: from n/a through 1.7.20...

7.6CVSS5.6AI score0.00515EPSS
Exploits0References1
NVD
NVD
added 2025/01/23 4:15 p.m.8 views

CVE-2025-23636

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dimitar A. My Favorite Car my-favorite-cars allows Reflected XSS.This issue affects My Favorite Car: from n/a through = 1.0...

7.1CVSS0.00246EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/01/23 4:15 p.m.8 views

CVE-2025-23636

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dimitar A. My Favorite Car my-favorite-cars allows Reflected XSS.This issue affects My Favorite Car: from n/a through = 1.0...

7.1CVSS7.2AI score0.00246EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/01/23 3:29 p.m.5 views

CVE-2025-23636 WordPress My Favorite Car plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dimitar A. My Favorite Car my-favorite-cars allows Reflected XSS.This issue affects My Favorite Car: from n/a through = 1.0...

7.1CVSS7.2AI score0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/23 3:29 p.m.12 views

CVE-2025-23636 WordPress My Favorite Car plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dimitar A. My Favorite Car my-favorite-cars allows Reflected XSS.This issue affects My Favorite Car: from n/a through = 1.0...

7.1CVSS0.00246EPSS
Exploits0References1
CVE
CVE
added 2025/01/23 3:29 p.m.54 views

CVE-2025-23636

CVE-2025-23636 is a reflected XSS vulnerability reported for the WordPress plugin “My Favorite Car” by Dimitar Atanasov. The description states an improper neutralization of input during web page generation, enabling reflected Cross-Site Scripting. Affected range is “My Favorite Car: from n/a thr...

7.1CVSS7.2AI score0.00246EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/23 12:0 a.m.7 views

PT-2025-4991 · Unknown · My Favorite Car

Name of the Vulnerable Software and Affected Versions: My Favorite Car versions n/a through 1.0 Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected Cross-site Scripting XSS. This enables an attacker to inject malicious scrip...

7.1CVSS9.2AI score0.00246EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/01/16 6:41 p.m.7 views

WordPress My Favorite Car plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin My Favorite Car versions = 1.0...

7.1CVSS6.1AI score0.00246EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2024/09/10 12:0 a.m.4 views

SAP NetWeaver Application Server 安全漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server for ABAP, which arises from an RFC-enabled function module that allows a low-privileged user to perform various actions, such as modifying the URLs and...

5.4CVSS6.6AI score0.00284EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/09/10 12:0 a.m.5 views

SAP NetWeaver Application Server 安全漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that stems from an RFC-enabled function module that allows a less-privileged user to perform a denial of service to any user and also to change or delet...

5.4CVSS6.4AI score0.00306EPSS
Exploits0References4
CISA KEV Catalog
CISA KEV Catalog
added 2024/08/23 12:0 a.m.358 views

Versa Director Dangerous File Type Upload Vulnerability

The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to customize the user interface. The “Change Favicon” Favorite Icon enables the upload of a...

7.2CVSS6.9AI score0.04006EPSS
In wildExploits1
Rows per page
Query Builder