Lucene search
K

189 matches found

Positive Technologies
Positive Technologies
added 2025/10/09 12:0 a.m.7 views

PT-2025-41355

Name of the Vulnerable Software and Affected Versions Lisfinity Core plugin for WordPress versions prior to 1.4.1 Description The Lisfinity Core plugin for WordPress is susceptible to privilege escalation. An authenticated attacker with Subscriber-level access or higher can modify passwords for a...

8.8CVSS6.5AI score0.00293EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/10/09 12:0 a.m.5 views

WordPress plugin Lisfinity Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

8.8CVSS6.4AI score0.00293EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2013-0032

Malware in sbrugna...

2.1CVSS6AI score0.0037EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-8192

Malware in sbrugna...

8.8CVSS8.8AI score0.00523EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-20875

Malware in sbrugna...

8.8CVSS8.8AI score0.00435EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-2115

Malware in sbrugna...

4.4CVSS4.7AI score0.00972EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-2183

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00561EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-0541

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01122EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-42679

Malicious code in bioql PyPI...

8.1CVSS6.6AI score0.00493EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-12129

Malicious code in bioql PyPI...

8.8CVSS9AI score0.00374EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-32289

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00168EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/03 11:17 a.m.10 views

CVE-2025-9213 TextBuilder 1.0.0 - 1.1.1 - Cross-Site Request Forgery to Privilege Escalation via Account Takeover

The TextBuilder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 1.0.0 to 1.1.1. This is due to missing or incorrect nonce validation on the 'handleToken' function. This makes it possible for unauthenticated attackers to update a user's authorization token via a forged...

8.8CVSS0.00168EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/08/28 1:33 p.m.14 views

NeuVector has an insecure password storage and is vulnerable to rainbow attack

Impact NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack offline attack where hashes of known passwords are precomputed. NeuVector generates a cryptographically secure, random 16-character salt and uses it with the PBKDF2...

5.3CVSS5.8AI score0.00162EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.19 views

PT-2025-35110

Name of the Vulnerable Software and Affected Versions: NeuVector versions 5.0.0 through 5.4.5 Description: NeuVector stores user passwords and API keys using a simple, unsalted hash, making it vulnerable to rainbow table attacks. The software generates a cryptographically secure, random...

9.9CVSS6.5AI score0.10543EPSS
Exploits21References46
RedhatCVE
RedhatCVE
added 2025/08/18 4:31 a.m.11 views

CVE-2025-3671

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 67.7.0 via the 'page' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrar...

8.8CVSS8.4AI score0.00693EPSS
Exploits0References1
NVD
NVD
added 2025/08/16 4:15 a.m.5 views

CVE-2025-3671

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 67.7.0 via the 'page' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrar...

8.8CVSS0.00693EPSS
Exploits0References2
CNVD
CNVD
added 2025/07/25 12:0 a.m.3 views

Church Donation System update_password_admin.php File SQL Injection Vulnerability

The Church Donation System is a system of church giving. The Church Donation System suffers from a SQL injection vulnerability that originates from the lack of validation of the parameter newpassword in the file /members/updatepasswordadmin.php against an externally entered SQL statement. An...

9.8CVSS8.2AI score0.00394EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/07/21 12:0 a.m.5 views

jshERP 授权问题漏洞

jshERP Huaxia ERP is a homegrown ERP system by the individual developer of China's Ji Sheng Hua. An authorization issue vulnerability exists in jshERP 3.5 and earlier versions, which stems from a weak password recovery due to incorrect operation of the file /jshERP-boot/user/updatePwd...

6.5CVSS4.8AI score0.00357EPSS
Exploits1References2
NVD
NVD
added 2025/07/20 1:15 a.m.5 views

CVE-2025-7859

A vulnerability classified as critical was found in code-projects Church Donation System 1.0. This vulnerability affects unknown code of the file /members/updatepasswordadmin.php. The manipulation of the argument newpassword leads to sql injection. The attack can be initiated remotely. The exploi...

9.8CVSS0.00394EPSS
Exploits1References5
CVE
CVE
added 2025/07/18 4:23 a.m.25 views

CVE-2025-3740

CVE-2025-3740 affects the WordPress plugin School Management System for Wordpress. It allows authenticated users with Subscriber+ privileges to perform Local File Inclusion via the page parameter, enabling arbitrary PHP file inclusion/execution and potentially password-change-based privilege esca...

8.8CVSS7.7AI score0.00675EPSS
Exploits0References2
Rows per page
Query Builder