Lucene search
K

242 matches found

CVE
CVE
added 2025/12/19 2:32 p.m.12 views

CVE-2025-14951

CVE-2025-14951 affects Code-Projects Scholars Tracking System 1.0. The vulnerability is in the /home.php file where manipulation of the post_content parameter enables SQL injection. It can be exploited remotely; public disclosures exist. The available connected documents corroborate impact and re...

9.8CVSS6.7AI score0.00326EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2025/12/19 2:32 p.m.32 views

CVE-2025-14951 code-projects Scholars Tracking System home.php sql injection

A security vulnerability has been detected in code-projects Scholars Tracking System 1.0. The impacted element is an unknown function of the file /home.php. Such manipulation of the argument postcontent leads to sql injection. The attack can be executed remotely. The exploit has been disclosed...

7.5CVSS0.00326EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.10 views

PT-2025-52449

A security vulnerability has been detected in code-projects Scholars Tracking System 1.0. The impacted element is an unknown function of the file /home.php. Such manipulation of the argument post content leads to sql injection. The attack can be executed remotely. The exploit has been disclosed...

7.5CVSS7.1AI score0.00326EPSS
Exploits1References6
NVD
NVD
added 2025/11/25 8:15 a.m.6 views

CVE-2025-12525

The Locker Content plugin for WordPress is vulnerable to Sensitive Information Exposure in version 1.0.0 via the 'lockercosubmitpost' AJAX endpoint. This makes it possible for unauthenticated attackers to extract content from posts that has been protected by the plugin...

5.3CVSS0.00256EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/25 7:28 a.m.18 views

CVE-2025-12525 Locker Content <= 1.0.0 - Unauthenticated Information Exposure

The Locker Content plugin for WordPress is vulnerable to Sensitive Information Exposure in version 1.0.0 via the 'lockercosubmitpost' AJAX endpoint. This makes it possible for unauthenticated attackers to extract content from posts that has been protected by the plugin...

5.3CVSS0.00256EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/25 7:28 a.m.4 views

EUVD-2025-199575

The Locker Content plugin for WordPress is vulnerable to Sensitive Information Exposure in version 1.0.0 via the 'lockercosubmitpost' AJAX endpoint. This makes it possible for unauthenticated attackers to extract content from posts that has been protected by the plugin...

5.3CVSS5.9AI score0.00256EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.9 views

PT-2025-47998

The Locker Content plugin for WordPress is vulnerable to Sensitive Information Exposure in version 1.0.0 via the 'lockerco submit post' AJAX endpoint. This makes it possible for unauthenticated attackers to extract content from posts that has been protected by the plugin...

5.3CVSS6.4AI score0.00256EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-11522

Malware in sbrugna...

5.4CVSS5.5AI score0.00637EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-7951

Malicious code in bioql PyPI...

5.9CVSS9AI score0.00327EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2023-44342

Malicious code in bioql PyPI...

4.3CVSS6AI score0.00468EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-7404

Malicious code in bioql PyPI...

5.3CVSS9.2AI score0.00389EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-50865

Malicious code in bioql PyPI...

4.3CVSS8.9AI score0.003EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-24864

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00199EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-2992

Malicious code in bioql PyPI...

2.6CVSS4.7AI score0.03914EPSS
Exploits2References16
Cvelist
Cvelist
added 2025/10/03 1:56 a.m.9 views

CVE-2025-11241 Yoast SEO Premium 25.7-25.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Yoast SEO Premium plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 25.7 to 25.9 due to a flawed regex used to remove an attribute in post content, which can be abused to inject arbitrary HTML attributes, including JavaScript event handlers. This vulnerability allo...

6.4CVSS0.00303EPSS
Exploits0References3
CVE
CVE
added 2025/10/03 1:56 a.m.22 views

CVE-2025-11241

The CVE CVE-2025-11241 (Yoast SEO Premium for WordPress) is a stored XSS vulnerability affecting plugin versions 25.7–25.9. It stems from a flawed regex used to strip an attribute in post content, enabling an attacker with Contributor or higher rights to inject arbitrary HTML attributes, includin...

6.4CVSS5.1AI score0.00303EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/08/21 7:27 p.m.5 views

CVE-2025-55735

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when creating a post, there's no validation of the content of the post stored in the variable "postContent". The vulnerability arises when displaying the content of the post using the | safe filter, that tells the engine to not escap...

5.4CVSS6.2AI score0.00192EPSS
Exploits1References1
NVD
NVD
added 2025/08/19 7:15 p.m.6 views

CVE-2025-55735

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when creating a post, there's no validation of the content of the post stored in the variable "postContent". The vulnerability arises when displaying the content of the post using the | safe filter, that tells the engine to not escap...

5.4CVSS0.00192EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/08/19 6:56 p.m.11 views

CVE-2025-55735 flaskBlog Stored XSS Vulnerability

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when creating a post, there's no validation of the content of the post stored in the variable "postContent". The vulnerability arises when displaying the content of the post using the | safe filter, that tells the engine to not escap...

5.3CVSS0.00192EPSS
Exploits1References1
OSV
OSV
added 2025/08/19 6:56 p.m.5 views

CVE-2025-55735 flaskBlog Stored XSS Vulnerability

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when creating a post, there's no validation of the content of the post stored in the variable "postContent". The vulnerability arises when displaying the content of the post using the | safe filter, that tells the engine to not escap...

5.3CVSS6.3AI score0.00192EPSS
Exploits1References3
Rows per page
Query Builder