Lucene search
+L

223 matches found

EUVD
EUVD
added 2025/12/05 5:31 a.m.5 views

EUVD-2025-201373

The Twitscription plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the admin.php PATHINFO in all versions up to, and including, 0.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS5.2AI score0.00219EPSS
Exploits0References5
CVE
CVE
added 2025/12/05 5:31 a.m.21 views

CVE-2025-13623

CVE-2025-13623 – Twitscription (WordPress) is a Reflected Cross-Site Scripting vulnerability in the Twitscription WordPress plugin. According to the details, it affects all versions up to and including 0.1.1 and arises from insufficient input sanitization and output escaping in the admin.php PATH...

6.1CVSS5.3AI score0.00219EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/05 5:31 a.m.37 views

CVE-2025-13623 Twitscription <= 0.1.1 - Reflected Cross-Site Scripting via admin.php PATH_INFO

The Twitscription plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the admin.php PATHINFO in all versions up to, and including, 0.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS0.00219EPSS
Exploits0References4
CVE
CVE
added 2025/12/05 5:31 a.m.17 views

CVE-2025-13622

CVE-2025-13622 — Jabbernotification (WordPress) Reflected XSS : The WordPress Jabbernotification plugin is vulnerable to a reflected Cross-Site Scripting attack via admin.php PATH_INFO in versions

6.1CVSS5.3AI score0.00219EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/05 5:31 a.m.38 views

CVE-2025-13622 Jabbernotification <= 0.99-RC2 - Reflected Cross-Site Scripting via admin.php PATH_INFO

The Jabbernotification plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the admin.php PATHINFO in all versions up to, and including, 0.99-RC2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

6.1CVSS0.00219EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/05 5:31 a.m.6 views

CVE-2025-13622 Jabbernotification <= 0.99-RC2 - Reflected Cross-Site Scripting via admin.php PATH_INFO

The Jabbernotification plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the admin.php PATHINFO in all versions up to, and including, 0.99-RC2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

6.1CVSS5.3AI score0.00219EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2025/11/17 12:0 a.m.8 views

Symfony Incorrect Authorization Vulnerability (GHSA-3rg7-wf37-54rm)

Symfony is prone to an incorrect authorization vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:sensiolabs:symfony"...

7.3CVSS6.7AI score0.01344EPSS
Exploits0References1
OSV
OSV
added 2025/11/12 10:15 p.m.4 views

DEBIAN-CVE-2025-64500

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification. Starting in version 2.0.0 and prior to version 5.4.50, 6.4.29, and 7.3.7, the Request class improperly...

7.3CVSS7.3AI score0.01344EPSS
Exploits0References1
OSV
OSV
added 2025/11/12 9:50 p.m.3 views

GHSA-3RG7-WF37-54RM Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass

Description The Request class improperly interprets some PATHINFO in a way that leads to representing some URLs with a path that doesn't start with a /. This can allow bypassing some access control rules that are built with this /-prefix assumption. Resolution The Request class now ensures that U...

7.3CVSS6.4AI score0.01344EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/11/12 9:40 p.m.4 views

CVE-2025-64500 Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification. Starting in version 2.0.0 and prior to version 5.4.50, 6.4.29, and 7.3.7, the Request class improperly...

7.3CVSS6.1AI score0.01344EPSS
Exploits0References5
EUVD
EUVD
added 2025/11/12 9:40 p.m.6 views

EUVD-2025-131928

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification. Starting in version 2.0.0 and prior to version 5.4.50, 6.4.29, and 7.3.7, the Request class improperly...

7.3CVSS6AI score0.01344EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/11/12 9:40 p.m.17 views

CVE-2025-64500 Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification. Starting in version 2.0.0 and prior to version 5.4.50, 6.4.29, and 7.3.7, the Request class improperly...

7.3CVSS0.01344EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/11/12 12:0 a.m.6 views

Symfony 安全漏洞

Symfony is a PHP framework for web and console applications and a set of reusable PHP components from Symfony, Inc. A security vulnerability exists in Symfony versions prior to 5.4.50, 6.4.29, and 7.3.7, which stems from improper parsing of PATHINFO and could lead to bypassing access control rule...

7.3CVSS6.4AI score0.01344EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/11/12 12:0 a.m.7 views

PT-2025-46712

Name of the Vulnerable Software and Affected Versions Symfony versions 2.0.0 through 5.4.49 Symfony versions 6.0.0 through 6.4.28 Symfony versions 7.0.0 through 7.3.6 Description Symfony’s HttpFoundation component’s Request class incorrectly parses the PATH INFO value. This can result in URLs bei...

7.5CVSS6.6AI score0.01344EPSS
Exploits0References38
GithubExploit
GithubExploit
added 2025/10/24 7:0 a.m.332 views

Exploit for Out-of-bounds Write in Php

PHuiP-FPizdaM What's this This is an exploit for a bug in...

9.8CVSS7.9AI score0.9947EPSS
Exploits56
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-10328

Malware in sbrugna...

6.1CVSS6.3AI score0.02625EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2017-0378

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XSS exists in the loginform function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATHINFO to main.php. CVE-2017-0378 Note that Nessus relies...

6.1CVSS6.4AI score0.01455EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/08/08 12:0 a.m.11 views

CVE-2020-9322

The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur via a JavaScript payload in a username during account registration. Reflected XSS can occur via the /users PATHINFO...

0.00255EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/08 12:0 a.m.8 views

CVE-2020-9322

The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur via a JavaScript payload in a username during account registration. Reflected XSS can occur via the /users PATHINFO...

5.4AI score0.00255EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2025-46701

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the...

7.3CVSS7AI score0.02736EPSS
Exploits1References3
Rows per page
Query Builder