Lucene search
K

4 matches found

EUVD
EUVD
added 2026/05/26 9:1 p.m.15 views

EUVD-2026-32000

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the client and the IDP within the TI network can substitute a forged discovery document. The forged document redirects uripukidpenc and...

7.4CVSS5.8AI score0.00118EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/25 3:56 p.m.29 views

CVE-2026-27706 Plane Vulnerable to Full Read SSRF via Favicon Fetching in "Add Link" Feature

Plane is an an open-source project management tool. Prior to version 1.2.2, a Full Read Server-Side Request Forgery SSRF vulnerability has been identified in the "Add Link" feature. This flaw allows an authenticated attacker with general user privileges to send arbitrary GET requests to the...

7.7CVSS0.00213EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/09/22 7:40 p.m.6 views

WordPress AffiliateWP – External Referral Links Plugin <= 1.2.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin AffiliateWP – External Referral Links versions = 1.2.0...

5.9CVSS6AI score0.00276EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2023/11/21 12:0 a.m.19 views

WordPress Post Meta Data Manager Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Post Meta Data Manager Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5776 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID be22b4c7158e Credits Francesco...

8.8CVSS7AI score0.00292EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder