Lucene search
+L

159 matches found

RedhatCVE
RedhatCVE
added 2025/03/05 1:7 a.m.14 views

CVE-2025-25967

Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery CSRF. This flaw enables attackers to trick authenticated users into performing unauthorized actions, such as account deletion or user creation, by embedding malicious requests in external content. The lack of CSRF protections...

8.8CVSS6.6AI score0.00528EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/03 1:30 p.m.4 views

CVE-2025-25133 WordPress WP Frontend Submit Plugin <= 1.1.0 - Reflected Cross-Site Scripting vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in newbiesup WP Frontend Submit wp-frontend-submit allows Reflected XSS.This issue affects WP Frontend Submit: from n/a through = 1.1.0...

7.1CVSS8.6AI score0.00276EPSS
Exploits0References1
CVE
CVE
added 2025/03/03 1:30 p.m.49 views

CVE-2025-23575

The CVE-2025-23575 entry concerns the WordPress DX Sales CRM plugin (versions

7.1CVSS5.9AI score0.00342EPSS
Exploits0References1
CVE
CVE
added 2025/03/03 12:0 a.m.73 views

CVE-2025-25967

CVE-2025-25967 affects Acora CMS 10.1.1, where a Cross-Site Request Forgery (CSRF) vulnerability allows an attacker to trick authenticated users into performing unauthorized actions by embedding malicious requests in external content. The lack of CSRF protections is the root cause. According to t...

8.8CVSS6.4AI score0.00528EPSS
Exploits0References1Affected Software1
Fedora
Fedora
added 2025/03/01 1:24 a.m.8 views

[SECURITY] Fedora 41 Update: xorg-x11-server-21.1.16-1.fc41

X.Org X11 X server...

7.8CVSS7.8AI score0.00485EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/02/18 5:1 a.m.2 views

Malicious code in archon3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f41e5d885f763c61c81992425c2af8b214f779099c56d091fa0c938e713b44b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References1
NVD
NVD
added 2025/02/12 4:15 p.m.28 views

CVE-2025-25351

PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the dateexpense parameter...

9.8CVSS0.00477EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/02/03 10:4 p.m.8 views

WordPress WP Email Newsletter plugin <= 1.1 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin WP Email Newsletter versions = 1.1...

5.4CVSS6.4AI score0.00682EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/01/22 2:29 p.m.49 views

CVE-2025-23495

CVE-2025-23495 is a reflected Cross-Site Scripting vulnerability in the NotFound WooCommerce Order Search plugin for WordPress. The description indicates Improper Neutralization of Input During Web Page Generation, enabling reflected XSS. Affected range: WooCommerce Order Search plugins from n/a ...

7.1CVSS7.2AI score0.00382EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/01/16 8:15 p.m.4 views

CVE-2025-23702

Cross-Site Request Forgery CSRF vulnerability in Schalk Burger Anonymize Links anonymize-links allows Stored XSS.This issue affects Anonymize Links: from n/a through = 1.1...

7.1CVSS7.2AI score0.00169EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/01/16 6:41 p.m.6 views

WordPress Cyber Slider plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Cyber Slider versions = 1.1...

7.1CVSS6.1AI score0.00357EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/01/16 6:41 p.m.5 views

WordPress BizLibrary plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin BizLibrary versions = 1.1...

7.1CVSS6.1AI score0.00241EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/01/14 6:48 a.m.4 views

WordPress SetMore Theme – Custom Post Types plugin <= 1.1 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin SetMore Theme – Custom Post Types versions = 1.1...

6.5CVSS5.8AI score0.00269EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/01/07 1:34 p.m.7 views

WordPress Tock Widget Plugin <= 1.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by 0xd4rk5id3 Patchstack Alliance in WordPress Plugin Tock Widget versions = 1.1...

7.1CVSS6.2AI score0.00187EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2024/12/27 12:0 a.m.4 views

Smarts Smart Agent 安全漏洞

Smarts Smart Agent is a powerful, flexible and extensible tool from Smarts for monitoring wireless network performance and services from the end user's perspective. A security vulnerability exists in Smarts Smart Agent version v1.1.0, which originates from the /youtubeInfo.php page containing a...

7.5CVSS6.2AI score0.01336EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/12/16 12:0 a.m.3 views

WordPress plugin MDC Comment Toolbar 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

7.1CVSS8.5AI score0.00194EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/12/12 4:15 p.m.5 views

WordPress Simple Booking – Widget plugin <= 1.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Simple Booking Widget versions = 1.1...

7.1CVSS6.2AI score0.00206EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/11/15 9:40 p.m.5 views

WordPress 404 Error Monitor plugin <= 1.1 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by Francesco Carlucci in WordPress Plugin 404 Error Monitor versions = 1.1...

5.3CVSS7AI score0.00277EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/11/12 12:0 a.m.5 views

SAP NetWeaver 安全漏洞

SAP NetWeaver is a set of integrated service-oriented application platforms from SAP, Germany. The platform provides a development and runtime environment for SAP applications. A security vulnerability exists in SAP NetWeaver version 1.1. The vulnerability stems from the fact that when a software...

4.7CVSS6.4AI score0.00127EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/11/08 12:16 p.m.4 views

WordPress Brand my Footer plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Brand my Footer versions = 1.1...

6.5CVSS6.1AI score0.00341EPSS
Exploits0Affected Software1
Rows per page
Query Builder