Lucene search
K

77 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:27 p.m.7 views

CVE-2022-0514

Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5...

6.5CVSS6.8AI score0.00942EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:30 a.m.6 views

CVE-2019-5395

A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor versions: prior to 5.0.5.1...

8.8CVSS7.1AI score0.02301EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:11 a.m.12 views

CVE-2019-15650

The stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPress has insufficient restrictions on option changes such as disabling unattended theme updates because of a nonce check error...

4.3CVSS7AI score0.00885EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/26 7:14 a.m.10 views

CVE-2023-43378

A cross-site scripting XSS vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the commento11 parameter...

6.1CVSS5.7AI score0.00278EPSS
Exploits1References3
NVD
NVD
added 2025/04/22 6:15 p.m.7 views

CVE-2023-43378

A cross-site scripting XSS vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the commento11 parameter...

6.1CVSS0.00278EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/04/09 4:9 p.m.19 views

CVE-2025-32676 WordPress Verowa Connect plugin <= 3.0.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Picture-Planet GmbH Verowa Connect verowa-connect allows Blind SQL Injection.This issue affects Verowa Connect: from n/a through = 3.0.5...

7.6CVSS0.0045EPSS
Exploits0References1
CVE
CVE
added 2025/03/25 12:0 a.m.122 views

CVE-2025-27832

The CVE-2025-27832 issue affects Ghostscript prior to 10.05.0, specifically the NPDL device’s Compression buffer in contrib/japanese/gdevnpdl.c, which leads to a buffer/integer overflow. Public reports from multiple sources (e.g., ALAS/Amazon Linux advisories and Astra Linux bulletin) confirm the...

9.8CVSS7.4AI score0.00806EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.4 views

Xpdf 安全漏洞

Xpdf is a free PDF viewer and toolkit from Xpdf, Inc. that includes a text extractor, image converter, HTML converter, and more. A security vulnerability exists in Xpdf 4.05 and earlier versions, which stems from an integer overflow checking error in the PostScript function interpreter code,...

2.1CVSS4.6AI score0.00151EPSS
Exploits0References1
OSV
OSV
added 2025/02/24 11:15 p.m.8 views

AZL-57207 CVE-2025-27144 affecting package buildah 1.18.0-29

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

8.7CVSS6.7AI score0.00369EPSS
Exploits0References1
OSV
OSV
added 2025/02/24 11:15 p.m.5 views

AZL-57120 CVE-2025-27144 affecting package moby-containerd-cc for versions less than 1.7.7-9

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

8.7CVSS6.7AI score0.00369EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:50 p.m.9 views

CVE-2022-1711

Server-Side Request Forgery SSRF in GitHub repository jgraph/drawio prior to 18.0.5...

7.5CVSS6.8AI score0.05372EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:38 a.m.8 views

CVE-2024-37486

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 3.0.5...

7.6CVSS7.6AI score0.00745EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/01/16 8:15 p.m.4 views

CVE-2025-23664

Cross-Site Request Forgery CSRF vulnerability in Real Seguro Viagem Real Seguro Viagem seguro-viagem allows Stored XSS.This issue affects Real Seguro Viagem: from n/a through = 2.0.5...

7.1CVSS7.2AI score0.00184EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/01/16 6:41 p.m.4 views

WordPress MemeOne plugin <= 2.0.5 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin MemeOne versions = 2.0.5...

7.1CVSS6.2AI score0.00193EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/01/16 3:27 a.m.17 views

CVE-2024-10789 WP User Profile Avatar <= 1.0.5 - Cross-Site Request Forgery to Settings Update

The WP User Profile Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the wpupauseradmin function. This makes it possible for unauthenticated attackers to update the plugins...

4.3CVSS0.00166EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/12/11 8:17 p.m.4 views

WordPress افزونه پیامک ووکامرس Persian WooCommerce SMS plugin <= 7.0.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by minhtuanact Patchstack Alliance in WordPress Plugin Persian Woocommerce SMS versions = 7.0.5...

7.1CVSS6.1AI score0.0041EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/10/01 2:15 p.m.5 views

CVE-2024-46261

cutepng v1.05 was discovered to contain a heap buffer overflow via the cpmake32 function at cutepng.h...

7.8CVSS6AI score0.00425EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/04/24 12:0 a.m.6 views

PT-2024-29390

Name of the Vulnerable Software and Affected Versions Xpdf versions 4.05 and earlier Description The issue is an out-of-bounds array write triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers. Recommendation...

8.2CVSS6.7AI score0.00391EPSS
Exploits2References63
CNNVD
CNNVD
added 2024/04/24 12:0 a.m.28 views

Xpdf 缓冲区错误漏洞

Xpdf is a free PDF viewer and toolkit from Xpdf, Inc. that includes a text extractor, image converter, HTML converter, and more. A security vulnerability exists in Xpdf versions 4.05 and earlier, which stems from a vulnerability that allows an attacker to trigger an out-of-bounds array write...

5.5CVSS6.9AI score0.0018EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/03/26 12:0 a.m.5 views

PT-2024-22965

Name of the Vulnerable Software and Affected Versions Xpdf versions 4.05 and earlier Description The issue is an out-of-bounds array write in Xpdf, triggered by a negative object number in an indirect reference in the input PDF file. This occurs when the software processes a PDF file containing a...

8.2CVSS6.6AI score0.00391EPSS
Exploits2References25
Rows per page
Query Builder