Lucene search
+L

221 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-33454

Malicious code in bioql PyPI...

8.8CVSS8.8AI score0.00516EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-28852

Malicious code in bioql PyPI...

4.8CVSS4AI score0.00249EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-45082

Malicious code in bioql PyPI...

8.8CVSS6.5AI score0.02971EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.15 views

EUVD-2021-34201

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.16408EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2025/09/17 11:25 a.m.2 views

CVE-2025-8999 Sydney <= 2.56 - Missing Authorization to Authenticated (Subscriber+) Limited Theme Options Update

The Sydney theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activatemodules' function in all versions up to, and including, 2.56. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate...

5.3CVSS4.8AI score0.00262EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/09/17 12:11 a.m.8 views

WordPress Sydney plugin <= 2.56 - Missing Authorization to Authenticated (Subscriber+) Limited Theme Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Theme Options Update vulnerability discovered by Dmitrii Ignatyev in WordPress Theme Sydney versions = 2.56...

5.3CVSS7AI score0.00262EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/08/26 1:15 a.m.5 views

CVE-2025-9430

A vulnerability was detected in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /admin/options/update. The manipulation of the argument input results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used...

4.8CVSS4.3AI score0.00249EPSS
Exploits1References4
NVD
NVD
added 2025/08/26 1:15 a.m.6 views

CVE-2025-9430

A vulnerability was detected in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /admin/options/update. The manipulation of the argument input results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used...

4.8CVSS0.00249EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/08/26 12:2 a.m.15 views

CVE-2025-9430 mtons mblog update cross site scripting

A vulnerability was detected in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /admin/options/update. The manipulation of the argument input results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used...

4.8CVSS0.00249EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/08/26 12:2 a.m.5 views

CVE-2025-9430 mtons mblog update cross site scripting

A vulnerability was detected in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /admin/options/update. The manipulation of the argument input results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used...

4.8CVSS3.4AI score0.00249EPSS
Exploits1References4
CVE
CVE
added 2025/08/26 12:2 a.m.20 views

CVE-2025-9430

CVE-2025-9430 is reported for mtons mblog up to 3.5.0. The issue arises from improper handling of input in the file "/admin/options/update", allowing cross-site scripting. The CVE entry notes that the attack can be launched remotely and that the exploit is public. Connected sources consistently i...

4.8CVSS3.6AI score0.00249EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.9 views

PT-2025-34722 · Mtons · Mtons Mblog

Name of the Vulnerable Software and Affected Versions: mtons mblog versions up to 3.5.0 Description: A vulnerability was detected in mtons mblog up to version 3.5.0. This issue affects some unknown processing of the file /admin/options/update. The manipulation of the argument input results in...

4.8CVSS3.4AI score0.00249EPSS
Exploits1References9
CNNVD
CNNVD
added 2025/08/26 12:0 a.m.5 views

mblog 安全漏洞

mblog is a blogging system by langhsu individual developer. A security vulnerability exists in mtons mblog 3.5.0 and earlier versions, which stems from a cross-site scripting attack due to misuse of the parameter input in the file /admin/options/update...

4.8CVSS3.8AI score0.00249EPSS
Exploits1References5
VulnCheck KEV
VulnCheck KEV
added 2025/08/20 12:0 a.m.7 views

VulnCheck KEV: CVE-2024-9193

The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.3-revision-0 via the whmpressdomainsearchajaxextendedresults function. This makes it possible for unauthenticated attackers to include and execute...

9.8CVSS6.4AI score0.03111EPSS
In wildExploits0References114
GithubExploit
GithubExploit
added 2025/06/12 8:27 a.m.101 views

Exploit for CVE-2025-5701

CVE-2025-5701 HyperComments = 1.2.2 - Unauthenticated Subscr...

9.8CVSS7.8AI score0.01779EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2025/05/23 7:24 a.m.10 views

CVE-2024-0790

The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8.1. This is due to missing or incorrect nonce validation on the wpbecreatenewterm, wpbeupdatetaxterm, and wpbedeletetaxterm...

5.4CVSS6.4AI score0.00312EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:39 a.m.9 views

CVE-2023-0889

Themeflection Numbers WordPress plugin before 2.0.1 does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. As a result, it could allow any authenticated users, such as subscriber, to update arbitrary blog options, suc...

6.5CVSS7AI score0.00301EPSS
Exploits2References1
CVE
CVE
added 2025/04/24 8:23 a.m.63 views

CVE-2025-3058

CVE-2025-3058 (Xelion Webchat, WordPress) affects the Xelion Webchat plugin for WordPress, up to and including version 9.1.0. The flaw is a missing capability check in the xwc_save_settings() function, enabling an authenticated attacker with Subscriber+ privileges to update arbitrary options. Doc...

8.8CVSS8.8AI score0.00417EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/04/10 7:2 a.m.34 views

CVE-2025-2719 Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) 1.2.8 - 1.4.0 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update

The Swatchly – WooCommerce Variation Swatches for Products product attributes: Image swatch, Color swatches, Label swatches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxdismiss function in versions 1.2.8 to 1.4.0. This makes ...

6.5CVSS0.00269EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/08 11:11 a.m.16 views

CVE-2025-2568 Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce 1.0.4 - 1.2.1 - Missing Authorization to Unauthenticated Limited Arbitrary Options Update

The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the 'vayublocksgettoggleswitchvaluescallback' and 'vayublockssavetoggleswitchcallback' function in versions 1.0.4 t...

5.3CVSS6.9AI score0.00362EPSS
Exploits0References6
Rows per page
Query Builder