Lucene search
K

2402 matches found

CVE
CVE
added 2025/06/10 5:39 p.m.50 views

CVE-2025-36580

Dell Wyse Management Suite (WMS) before version 5.2 is affected by CVE-2025-36580 due to improper input neutralization during web page generation, enabling cross-site scripting. The vulnerability affects WMS when handling web requests from remote attackers with high privileges; exploitation could...

6.1CVSS7.2AI score0.00249EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.4 views

PandoraFMS ITSM 安全漏洞

PandoraFMS ITSM is a desktop help software from ESPPandoraFMS, Inc. A security vulnerability exists in PandoraFMS ITSM version 5.0.105, which stems from improper neutralization of the special elements of the chromiumpath variable, and could lead to OS command injection...

7CVSS6.9AI score0.01511EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/09 3:54 p.m.14 views

CVE-2025-32305 WordPress FlatNews theme <= 5.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sneeit WordPress FlatNews Theme flatnews allows Reflected XSS.This issue affects WordPress FlatNews Theme: from n/a through = 5.8...

7.1CVSS0.00235EPSS
Exploits0References1
NVD
NVD
added 2025/06/08 9:15 p.m.17 views

CVE-2025-35005

Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFMAC command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command 'Argumen...

7.1CVSS0.01031EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/06/08 9:4 p.m.10 views

CVE-2025-32459 ON Semiconductor Quantenna router_command.sh (in the sync_time argument) Argument Injection

The Quantenna Wi-Fi chipset ships with a local control script, routercommand.sh in the synctime argument, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command 'Argument Injection'," and is estimated as a CVSS 7.7...

7.7CVSS0.00614EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/06/08 1:19 p.m.13 views

CVE-2025-30928

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in vicchi WP Biographia wp-biographia allows Stored XSS.This issue affects WP Biographia: from n/a through = 4.0.0...

5.9CVSS5.9AI score0.00212EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/08 1:18 p.m.5 views

CVE-2025-49326

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ruben Garcia GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through = 7.4.5...

7.6CVSS5.9AI score0.00288EPSS
Exploits0References1
NVD
NVD
added 2025/06/06 1:15 p.m.3 views

CVE-2025-49326

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ruben Garcia GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through = 7.4.5...

7.6CVSS0.00288EPSS
Exploits0References1
CVE
CVE
added 2025/06/06 8:13 a.m.51 views

CVE-2025-3322

CVE-2025-3322 describes improper neutralization of inputs used in an expression language that enables remote code execution with the highest privileges. Connected documents indicate the vulnerability is associated with B. Braun onlinesuite (OnlineSuite); a separate PT Security entry references Ap...

10CVSS8AI score0.00561EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/06 12:0 a.m.3 views

WordPress plugin WP Post Corrector SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

7.6CVSS7.8AI score0.00358EPSS
Exploits0References1
NVD
NVD
added 2025/05/27 8:15 a.m.9 views

CVE-2025-23393

A Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in spacewalk-java allows execution of arbitrary Javascript code on users machines.This issue affects Container suse/manager/5.0/x8664/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; SUSE Manager...

5.6CVSS0.00275EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/26 12:0 a.m.4 views

SUSE Manager Server 安全漏洞

SUSE Manager Server is an infrastructure management solution from SUSE Germany designed to simplify and secure the management of various Linux distributions. A security vulnerability exists in SUSE Manager Server versions prior to 5.0 that stems from improper neutralization and could lead to...

5.6CVSS5.7AI score0.0028EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/23 12:43 p.m.16 views

CVE-2025-46515 WordPress Category Widget plugin <= 2.0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in M A Vinoth Kumar Category Widget category-widget allows Reflected XSS.This issue affects Category Widget: from n/a through = 2.0.2...

7.1CVSS0.00228EPSS
Exploits0References1
CVE
CVE
added 2025/05/23 12:43 p.m.44 views

CVE-2025-47599

CVE-2025-47599: WordPress Facturante plugin

9.3CVSS7.3AI score0.00292EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/23 12:43 p.m.5 views

CVE-2025-47680 WordPress xili-tidy-tags plugin <= 1.12.06 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michel - xiligroup dev xili-tidy-tags allows Reflected XSS. This issue affects xili-tidy-tags: from n/a through 1.12.06...

7.1CVSS6.8AI score0.00191EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 11:58 a.m.3 views

CVE-2025-22822

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bishawjit-das wp custom countdown wp-custom-countdown allows Stored XSS.This issue affects wp custom countdown: from n/a through = 2.8...

6.5CVSS7.2AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 11:42 a.m.4 views

CVE-2025-22550

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Joe Rhoney AddFunc Mobile Detect addfunc-mobile-detect allows Stored XSS.This issue affects AddFunc Mobile Detect: from n/a through = 3.1...

6.5CVSS7.2AI score0.00324EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 11:34 a.m.4 views

CVE-2025-22524

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in formafzar فرم ساز فرم افزار formafzar allows Stored XSS.This issue affects فرم ساز فرم افزار: from n/a through = 2.0...

6.5CVSS7.2AI score0.00324EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:49 a.m.7 views

CVE-2024-43224

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Yuri Baranov YaMaps for WordPress allows Stored XSS.This issue affects YaMaps for WordPress: from n/a through 0.6.27...

6.5CVSS6.8AI score0.00245EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:40 a.m.17 views

CVE-2024-43225

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ThemeLooks Enter Addons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.7...

6.5CVSS6.8AI score0.00246EPSS
Exploits0
Rows per page
Query Builder