Lucene search
K

2403 matches found

CVE
CVE
added 2025/05/16 3:45 p.m.17 views

CVE-2025-31926

CVE-2025-31926 : LambertGroup Sticky Radio Player for WordPress (vulnerable up to 3.4) suffers an SQL Injection due to improper neutralization of input elements. According to the sources, the CVSS v3.1 base score is 8.5 (HIGH) with Network attack vector, LOW attack complexity, and LOW privileges ...

8.5CVSS7.3AI score0.00267EPSS
Exploits0References1
CVE
CVE
added 2025/05/16 3:45 p.m.27 views

CVE-2025-31928

CVE-2025-31928 affects LambertGroup’s WordPress plugin Multimedia Responsive Carousel with Image Video Audio Support (versions

8.5CVSS7.3AI score0.00267EPSS
Exploits0References1
CVE
CVE
added 2025/05/16 3:45 p.m.38 views

CVE-2025-48137

CVE-2025-48137 refers to a SQL Injection in the WordPress Interview plugin (Interview) affecting versions up to 1.01 due to improper neutralization of SQL elements. Public sources (NVD/PATCHSTACK/Red Hat/ Circl/CVE lists) confirm the issue and its CVE coverage; exploitation details are not provid...

8.5CVSS7.3AI score0.00272EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/05/16 12:0 a.m.4 views

WordPress plugin UberSlider SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

8.5CVSS8.9AI score0.00351EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/05/16 12:0 a.m.2 views

WordPress plugin Apollo SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

8.5CVSS8.9AI score0.00107EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/05/16 12:0 a.m.2 views

WordPress plugin Sticky HTML5 Music Player SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

8.5CVSS9AI score0.00267EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/15 10:54 p.m.9 views

Security Bulletin: Astronomer with IBM is vulnerable to arbitrary code execution due to the LangChain package (CVE-2023-38896).

Summary LangChain is used by Astronomer with IBM as part of LLM processing. Vulnerability Details CVEID:CVE-2023-38896 DESCRIPTION: LangChain could allow a remote attacker to execute arbitrary code on the system, caused by improper neutralization of user supplied-input by the frommathprompt and...

9.8CVSS7.6AI score0.01515EPSS
Exploits1Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/14 5:42 p.m.7 views

CVE-2025-46786 Zoom Workplace Apps - Cross-site Scripting

Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to impact app integrity via network access...

4.3CVSS5.9AI score0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/14 5:33 p.m.22 views

CVE-2025-30664 Zoom Workplace Apps - Cross-site Scripting

Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access...

6.6CVSS0.00236EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/14 5:33 p.m.7 views

CVE-2025-30664 Zoom Workplace Apps - Cross-site Scripting

Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access...

6.6CVSS6.3AI score0.00236EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/14 12:0 a.m.6 views

Zoom Workplace 注入漏洞

Zoom Workplace is a desktop application from Zoom USA. Zoom Workplace suffers from an injection vulnerability that stems from improper neutralization of a special element, which could affect application integrity...

6.1CVSS7AI score0.00251EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/14 12:0 a.m.2 views

Zoom Workplace 注入漏洞

Zoom Workplace is a desktop application from Zoom USA. Zoom Workplace suffers from an injection vulnerability that stems from improper neutralization of special elements, which could lead to elevation of privilege...

8.2CVSS7.1AI score0.00236EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.2 views

PT-2025-21122

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier Description: The issue is related to an improper neutralization of special elements used in an OS command, which could result in arbitrary code execution in the context of the current...

9.1CVSS6.3AI score0.33172EPSS
Exploits0References9
CVE
CVE
added 2025/05/12 4:12 p.m.46 views

CVE-2025-46749

CVE-2025-46749 is described across multiple feeds as an input/output sanitization issue that allows an authenticated user to inject scripting into fields, triggering client-side script execution. Connected sources reference Schweitzer Engineering Laboratories products (e.g., SEL-5033/SEL-5702/SEL...

4.3CVSS4.6AI score0.00219EPSS
Exploits0References1
CVE
CVE
added 2025/05/07 2:20 p.m.53 views

CVE-2025-47616

CVE-2025-47616 : Stored XSS in the WordPress plugin aBlocks (versions

6.5CVSS7.2AI score0.00209EPSS
Exploits0References1
CVE
CVE
added 2025/05/07 2:20 p.m.38 views

CVE-2025-47595

CVE-2025-47595 describes a stored XSS in WordPress plugin Color Your Bar (affected: n/a through 2.0) caused by improper input neutralization during web page generation. The vulnerability is categorized as Cross-site Scripting with a CVSSv3.1 base score of 5.9 (Medium) and is labeled as network-ex...

5.9CVSS7.2AI score0.00225EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/07 7:38 a.m.13 views

CVE-2025-0667 BOINC Server Stored XSS Injection in pm.php

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: through 1.4.7...

8.7CVSS0.00211EPSS
Exploits1References1
Veracode
Veracode
added 2025/05/02 1:47 p.m.10 views

Improper Neutralization Of Escape, Meta, Or Control Sequences

Apache Tomcat is vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences. The vulnerability is due to certain uncommon rewrite rule configurations, specially crafted requests to bypass these rules, which allows an attacker to circumvent security constraints enforced by them...

9.8CVSS7.1AI score0.0418EPSS
Exploits1References12Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/04/30 12:0 a.m.6 views

The vulnerability of the vaultwarden password management service lies in the improper elimination of certain elements in the output data, allowing a hacker to execute arbitrary code.

The vulnerability of the vaultwarden password management service is related to incorrect neutralization of certain elements in the output data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

9CVSS8.4AI score0.00996EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2025/04/28 9:30 p.m.5 views

Improper Neutralization

Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Neutralization in the RewriteValve class, which handles rewrite rules. If rewrite rules are configured to enforce security...

9.8CVSS6.9AI score0.0418EPSS
Exploits1References2
Rows per page
Query Builder