Lucene search
K

15 matches found

CVE
CVE
added 2026/06/01 4:37 p.m.31 views

CVE-2026-45154

Nextcloud Collectives vulnerability: from version 2.6.0 through before 4.3.0, if a collective page was deleted and the collective was shared view‑only, guests with access could directly retrieve the deleted pages from the trashbin. Root cause: improper access control. A fix is available in versio...

2.6CVSS5.7AI score0.00189EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-39998

Name of the Vulnerable Software and Affected Versions multiparty versions 4.2.3 and earlier Description A denial of service occurs due to an uncaught exception during the parsing of multipart/form-data requests. When a request contains a Content-Disposition header with a filename parameter...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References8
NVD
NVD
added 2026/05/07 12:16 p.m.58 views

CVE-2026-41643

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP where a malformed BGP UPDATE message can trigger a runtime error: index out of range panic. This occurs during th...

7.5CVSS0.00503EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/05/04 5:0 a.m.11 views

CVE-2026-7734

A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefixsid.go of the component SRv6 L3 Service. Such manipulation of the argument data leads to denial of service. The attack may be performed from...

7.5CVSS5.6AI score0.00464EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/05/04 12:0 a.m.6 views

CVE-2026-37461

An out-of-bounds read in the ParseIP6Extended function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

7.5CVSS5.8AI score0.00335EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 10:35 a.m.12 views

CVE-2017-18880

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the titlelink field of a Slack attachment...

6.1CVSS6AI score0.00685EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.6 views

WordPress plugin Jobify 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

7.1CVSS6AI score0.0018EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/04 12:0 a.m.6 views

Xibo CMS 安全漏洞

Xibo CMS is an open source content management system from Xibo Digital Signage. A security vulnerability exists in Xibo CMS 4.3.0 and prior versions, which stems from a mishandled Twig filter in the Module Templates feature in the CMS Developer menu, which could lead to remote code execution...

7.2CVSS7.8AI score0.00884EPSS
Exploits2References6
RedhatCVE
RedhatCVE
added 2025/05/23 9:38 a.m.6 views

CVE-2024-24023

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/bookContent/list...

9.8CVSS9.6AI score0.00622EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:43 a.m.4 views

CVE-2023-5201

The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.3.0 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. This requires the php shortcode setting to be...

9.9CVSS6.1AI score0.01429EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:9 a.m.7 views

CVE-2019-19547

Symantec Endpoint Detection and Response SEDR, prior to 4.3.0, may be susceptible to a cross site scripting XSS issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially...

6.1CVSS5.2AI score0.01379EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/03/29 12:0 a.m.8 views

PT-2023-15436 · Unknown · Quantumcloud Ai Chatbot Plugin

Name of the Vulnerable Software and Affected Versions: QuantumCloud AI ChatBot plugin versions prior to 4.3.0 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For versions prior to 4.3.0,...

5.9CVSS4.9AI score0.00421EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/11/15 3:17 p.m.6 views

libtiff: heap buffer overflow in extractImageSection

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other...

7.1CVSS7.6AI score0.01542EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2021/08/18 3:15 p.m.5 views

CVE-2021-38710

Static Persistent XSS Vulnerability exists in version 4.3.0 of Yclas when using the install/view/form.php script. An attacker can store XSS in the database through the vulnerable SITENAME parameter...

6.1CVSS6.4AI score0.00636EPSS
Exploits0References2
CNVD
CNVD
added 2017/08/19 12:0 a.m.2 views

WordPress PressForward plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.PressForward plugin is one of the workflow editing plugin. A cross-site scripting vulnerability exists in the...

6.1CVSS5.8AI score0.00757EPSS
Exploits1References1
Rows per page
Query Builder