Lucene search
K

568 matches found

ATTACKERKB
ATTACKERKB
added 2026/01/28 8:26 a.m.5 views

CVE-2026-1400

The AI Engine – The Chatbot and AI Framework for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the resthelpersupdatemediametadata function in all versions up to, and including, 3.3.2. This makes it possible for authenticated attacker...

7.2CVSS6.5AI score0.00667EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/01/27 4:1 p.m.4 views

CVE-2025-69420

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...

7.5CVSS7.5AI score0.00768EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2026/01/27 12:0 a.m.4 views

CVE-2025-69420

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...

7.5CVSS6.8AI score0.00768EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/01/24 7:26 a.m.7 views

CVE-2025-13374

The Kalrav AI Agent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the kalravuploadfile AJAX action in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site...

9.8CVSS6.5AI score0.01056EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/01/24 12:0 a.m.9 views

WordPress plugin Alex User Counter has a vulnerability related to cross-site request forgeing.

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.7AI score0.00158EPSS
Exploits0References4
OSV
OSV
added 2026/01/23 5:16 p.m.3 views

CVE-2025-67230

Improper permissions in the handler for the Custom URL Scheme in ToDesktop Builder v0.33.0 allows attackers with renderer-context access to invoke external protocol handlers without sufficient validation...

7.1CVSS5.8AI score0.0022EPSS
Exploits0References2
CVE
CVE
added 2026/01/23 3:31 a.m.12 views

CVE-2025-15351

CVE-2025-15351 affects Anritsu VectorStar. A flaw in CHX file parsing enables deserialization of untrusted data, allowing remote code execution. The issue arises from insufficient validation during CHX data handling, with exploitation requiring user interaction (visiting a malicious page or openi...

7.8CVSS6.4AI score0.00344EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2026/01/19 12:0 a.m.3 views

WordPress Stopwords for comments plugin cross-site request forgery vulnerability

The WordPress Stopwords for comments plugin is a pre-screening tool designed to help webmasters filter out user comments that contain certain banned words i.e. "stopwords". comments. The WordPress Stopwords for comments plugin suffers from a cross-site request forgery vulnerability that stems fro...

4.3CVSS5.8AI score0.00102EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/16 1:53 p.m.12 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the LivewireFilemanagerComponent.php process due to missing file type and MIME validation. An attacker can execute arbitrary code by uploading a malicious PHP file and accessing it via the /storage/ URL. This...

9.8CVSS6.6AI score0.00571EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.6 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001358)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001358 advisory. An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfsrootnode when mounting a crafted btrfs image, because of...

7.1CVSS6.6AI score0.0259EPSS
Exploits1References4
NVD
NVD
added 2026/01/15 10:16 p.m.10 views

CVE-2011-10041

Uploadify WordPress plugin versions up to and including 1.0 contain an arbitrary file upload vulnerability in processupload.php due to missing file type validation. An unauthenticated remote attacker can upload arbitrary files to the affected WordPress site, which may allow remote code execution ...

9.3CVSS0.008EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/15 9:44 p.m.3 views

CVE-2011-10041 Uploadify <= 1.0 Unauthenticated Arbitrary File Upload

Uploadify WordPress plugin versions up to and including 1.0 contain an arbitrary file upload vulnerability in processupload.php due to missing file type validation. An unauthenticated remote attacker can upload arbitrary files to the affected WordPress site, which may allow remote code execution ...

9.3CVSS6.6AI score0.008EPSS
Exploits0References5
NVD
NVD
added 2026/01/13 9:15 p.m.11 views

CVE-2026-22870

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, GuardDog's safeextract function does not validate decompressed file sizes when extracting ZIP archives wheels, eggs, allowing attackers to cause denial of service through zip bombs. A malicious package can consume gigabyt...

7.5CVSS0.00431EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/13 1:13 a.m.25 views

CVE-2026-0496 Multiple vulnerabilities in SAP Fiori App (Intercompany Balance Reconciliation)

SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to upload any file including script files without proper file format validation. This has low impact on confidentiality, integrity and availability of the application...

6.6CVSS0.00191EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/08 2:21 a.m.4 views

CVE-2019-25296 WP Cost Estimation <= 9.642 - Missing Authorization to Arbitrary File Upload/Delete

The WP Cost Estimation plugin for WordPress is vulnerable to arbitrary file uploads and deletion due to missing file type validation in the lfbuploadform and lfbremoveFile AJAX actions in versions up to, and including, 9.642. This makes it possible for unauthenticated attackers to upload arbitrar...

9.8CVSS7.2AI score0.00597EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/07 4:24 a.m.13 views

CVE-2025-9611 Microsoft Playwright MCP Server < 0.0.40 DNS Rebinding via Missing Origin Header Validation

Microsoft Playwright MCP Server versions prior to 0.0.40 fails to validate the Origin header on incoming connections. This allows an attacker to perform a DNS rebinding attack via a victim’s web browser and send unauthorized requests to a locally running MCP server, resulting in unintended...

7.2CVSS6.3AI score0.01148EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.4 views

WordPress plugin NS IE Compatibility Fixer 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site reques...

4.3CVSS6.4AI score0.00132EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/12/24 7:28 p.m.35 views

CVE-2019-25247 Beward N100 H.264 VGA IP Camera M2.1.6 CSRF Add Admin Vulnerability

Beward N100 H.264 VGA IP Camera M2.1.6 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft a malicious web page with a hidden form to add an admin user by tricking a logged-in user into...

5.3CVSS0.00138EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.33 views

SOCA Access Control System 安全漏洞

SOCA Access Control System is an access control system from China's Sunchem SOCA. A security vulnerability exists in SOCA Access Control System version 180612, which stems from a lack of request validation and could lead to cross-site request forgery attacks...

5.3CVSS6.6AI score0.00191EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2025/12/22 12:0 a.m.168 views

📄 Adobe DNG SDK Missing Validation Heap Buffer Overflow

A heap buffer overflow vulnerability exists in Adobe's DNG SDK versions 1.7.1 and below due to improper handling of raw images with two color planes fSrcPlanes = 2...

7.1CVSS7.1AI score0.00153EPSS
Exploits5
Rows per page
Query Builder