Lucene search
+L

854 matches found

CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Dell ECS 安全漏洞

Dell ECS is an enterprise-level object storage solution from the American company Dell. Versions 3.8.1.0 to 3.8.1.7 of Dell ECS, as well as versions prior to 4.3.0.0 of Dell ObjectScale, have security vulnerabilities. These vulnerabilities stem from a certification bypass in Geo replication, whic...

5.6CVSS5.9AI score0.00235EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/05 11:59 a.m.9 views

WordPress Geo Mashup plugin <= 1.13.19 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Leonid Semenenko lsemenenko in WordPress Plugin Geo Mashup versions = 1.13.19...

6.5CVSS5.9AI score0.00367EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/05 10:33 a.m.14 views

WordPress Geo Mashup plugin <= 1.13.18 - Unauthenticated Time-Based SQL Injection vulnerability

Unauthenticated Time-Based SQL Injection vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin Geo Mashup versions = 1.13.18...

7.5CVSS5.9AI score0.00311EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/05 10:27 a.m.14 views

WordPress Geo Mashup plugin <= 1.13.18 - Unauthenticated Time-Based SQL Injection vulnerability

Unauthenticated Time-Based SQL Injection vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin Geo Mashup versions = 1.13.18...

7.5CVSS5.9AI score0.00328EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/05 10:25 a.m.10 views

WordPress Geo Mashup plugin <= 1.13.18 - Unauthenticated Time-Based SQL Injection vulnerability

Unauthenticated Time-Based SQL Injection vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin Geo Mashup versions = 1.13.18...

7.5CVSS5.9AI score0.00304EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.7 views

CVE-2026-6457

The Geo Mashup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geomashupnullfields' parameter in all versions up to, and including, 1.13.19 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

6.5CVSS5.9AI score0.00367EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.15 views

CVE-2026-4061

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'mapposttype' parameter in all versions up to, and including, 1.13.18. This is due to the SearchResults hook explicitly calling stripslashesdeep$POST which removes WordPress magic quotes protection, followed by...

7.5CVSS5.9AI score0.00311EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.11 views

CVE-2026-4062

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'objectids' and 'excludeobjectids' parameters in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existin...

7.5CVSS6AI score0.00328EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.16 views

CVE-2026-4060

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. The escsql functi...

7.5CVSS6AI score0.00304EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/04 12:43 a.m.2 views

CVE-2026-42367

A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker can visit a webpage to trigger this vulnerability...

6.5CVSS5.8AI score0.00271EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/04 12:42 a.m.9 views

EUVD-2026-26857

Multiple reflected cross-site scripting xss vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerabili...

7.4CVSS5.9AI score0.00196EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/04 12:39 a.m.11 views

CVE-2026-7161

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...

9.3CVSS5.8AI score0.00214EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/05/02 12:16 p.m.30 views

CVE-2026-4061

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'mapposttype' parameter in all versions up to, and including, 1.13.18. This is due to the SearchResults hook explicitly calling stripslashesdeep$POST which removes WordPress magic quotes protection, followed by...

7.5CVSS0.00311EPSS
Exploits0References5
NVD
NVD
added 2026/05/02 12:16 p.m.46 views

CVE-2026-4062

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'objectids' and 'excludeobjectids' parameters in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existin...

7.5CVSS0.00328EPSS
Exploits0References5
NVD
NVD
added 2026/05/02 12:16 p.m.29 views

CVE-2026-4060

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. The escsql functi...

7.5CVSS0.00304EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/05/02 11:16 a.m.76 views

CVE-2026-4062 Geo Mashup <= 1.13.18 - Unauthenticated Time-Based SQL Injection via 'object_ids' Parameter

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'objectids' and 'excludeobjectids' parameters in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existin...

7.5CVSS0.00328EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/02 11:16 a.m.7 views

CVE-2026-4061 Geo Mashup <= 1.13.18 - Unauthenticated Time-Based SQL Injection via 'map_post_type' Parameter

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'mapposttype' parameter in all versions up to, and including, 1.13.18. This is due to the SearchResults hook explicitly calling stripslashesdeep$POST which removes WordPress magic quotes protection, followed by...

7.5CVSS5.9AI score0.00311EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/02 11:16 a.m.5 views

CVE-2026-4061

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'mapposttype' parameter in all versions up to, and including, 1.13.18. This is due to the SearchResults hook explicitly calling stripslashesdeep$POST which removes WordPress magic quotes protection, followed by...

7.5CVSS5.9AI score0.00311EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/02 11:16 a.m.5 views

CVE-2026-4062 Geo Mashup <= 1.13.18 - Unauthenticated Time-Based SQL Injection via 'object_ids' Parameter

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'objectids' and 'excludeobjectids' parameters in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existin...

7.5CVSS6AI score0.00328EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/02 11:16 a.m.24 views

EUVD-2026-26779

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'mapposttype' parameter in all versions up to, and including, 1.13.18. This is due to the SearchResults hook explicitly calling stripslashesdeep$POST which removes WordPress magic quotes protection, followed by...

7.5CVSS5.9AI score0.00311EPSS
Exploits0References5
Rows per page
Query Builder